From 0610ae2d21d08a1e13d42e672362fdd05c72f33a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 13:16:36 +0100 Subject: Fixed issues caused by (invalid) protocol renumbering. The problem has been solved and now protocols are in sync with its previous values in the stable version --- src/include/ndpi_protocol_ids.h | 459 ++++++++++++------------ src/lib/ndpi_content_match.c.inc | 624 ++++++++++++++++----------------- src/lib/ndpi_main.c | 30 +- src/lib/protocols/hangout.c | 16 +- src/lib/protocols/http.c | 10 +- src/lib/protocols/kakaotalk_voice.c | 10 +- src/lib/protocols/kxun.c | 12 +- src/lib/protocols/ssl.c | 4 +- tests/result/1kxun.pcap.out | 54 +-- tests/result/Instagram.pcap.out | 32 +- tests/result/drda_db2.pcap.out | 2 +- tests/result/git.pcap.out | 2 +- tests/result/hangout.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 8 +- tests/result/mpeg.pcap.out | 2 +- tests/result/ocs.pcap.out | 14 +- tests/result/pps.pcap.out | 112 +++--- tests/result/skype.pcap.out | 2 +- tests/result/skype_no_unknown.pcap.out | 2 +- tests/result/smpp_in_general.pcap.out | 2 +- tests/result/starcraft_battle.pcap.out | 16 +- tests/result/teredo.pcap.out | 10 +- tests/result/weibo.pcap.out | 30 +- 23 files changed, 741 insertions(+), 714 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 0bc70ff5d..e278ea260 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -36,241 +36,246 @@ #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MAIL_POP 2 +#define NDPI_PROTOCOL_MAIL_SMTP 3 +#define NDPI_PROTOCOL_MAIL_IMAP 4 +#define NDPI_PROTOCOL_DNS 5 +#define NDPI_PROTOCOL_IPP 6 +#define NDPI_PROTOCOL_HTTP 7 +#define NDPI_PROTOCOL_MDNS 8 +#define NDPI_PROTOCOL_NTP 9 +#define NDPI_PROTOCOL_NETBIOS 10 +#define NDPI_PROTOCOL_NFS 11 +#define NDPI_PROTOCOL_SSDP 12 +#define NDPI_PROTOCOL_BGP 13 +#define NDPI_PROTOCOL_SNMP 14 +#define NDPI_PROTOCOL_XDMCP 15 +#define NDPI_PROTOCOL_SMB 16 +#define NDPI_PROTOCOL_SYSLOG 17 +#define NDPI_PROTOCOL_DHCP 18 +#define NDPI_PROTOCOL_POSTGRES 19 +#define NDPI_PROTOCOL_MYSQL 20 +#define NDPI_PROTOCOL_HOTMAIL 21 +#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 +#define NDPI_PROTOCOL_MAIL_POPS 23 +#define NDPI_PROTOCOL_APPLEJUICE 24 +#define NDPI_PROTOCOL_DIRECTCONNECT 25 +#define NDPI_PROTOCOL_SOCRATES 26 +#define NDPI_PROTOCOL_COAP 27 +#define NDPI_PROTOCOL_VMWARE 28 +#define NDPI_PROTOCOL_MAIL_SMTPS 29 +#define NDPI_PROTOCOL_FILETOPIA 30 +#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ +#define NDPI_PROTOCOL_KONTIKI 32 +#define NDPI_PROTOCOL_OPENFT 33 +#define NDPI_PROTOCOL_FASTTRACK 34 +#define NDPI_PROTOCOL_GNUTELLA 35 +#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_BITTORRENT 37 +#define NDPI_PROTOCOL_EPP 38 +#define NDPI_CONTENT_AVI 39 +#define NDPI_CONTENT_FLASH 40 +#define NDPI_CONTENT_OGG 41 +#define NDPI_CONTENT_MPEG 42 +#define NDPI_CONTENT_QUICKTIME 43 +#define NDPI_CONTENT_REALMEDIA 44 +#define NDPI_CONTENT_WINDOWSMEDIA 45 +#define NDPI_CONTENT_MMS 46 +#define NDPI_PROTOCOL_XBOX 47 +#define NDPI_PROTOCOL_QQ 48 +#define NDPI_PROTOCOL_MOVE 49 +#define NDPI_PROTOCOL_RTSP 50 +#define NDPI_PROTOCOL_MAIL_IMAPS 51 +#define NDPI_PROTOCOL_ICECAST 52 +#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_PPSTREAM 54 +#define NDPI_PROTOCOL_ZATTOO 55 +#define NDPI_PROTOCOL_SHOUTCAST 56 +#define NDPI_PROTOCOL_SOPCAST 57 +#define NDPI_PROTOCOL_TVANTS 58 +#define NDPI_PROTOCOL_TVUPLAYER 59 +#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 +#define NDPI_PROTOCOL_QQLIVE 61 +#define NDPI_PROTOCOL_THUNDER 62 +#define NDPI_PROTOCOL_SOULSEEK 63 +#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype Ultrasurf?) - ntop.org */ +#define NDPI_PROTOCOL_IRC 65 +#define NDPI_PROTOCOL_AYIYA 66 +#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67 +#define NDPI_PROTOCOL_MSN 68 +#define NDPI_PROTOCOL_OSCAR 69 +#define NDPI_PROTOCOL_YAHOO 70 +#define NDPI_PROTOCOL_BATTLEFIELD 71 +#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_IP_VRRP 73 +#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_HALFLIFE2 75 +#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 +#define NDPI_PROTOCOL_TELNET 77 +#define NDPI_PROTOCOL_STUN 78 +#define NDPI_PROTOCOL_IP_IPSEC 79 +#define NDPI_PROTOCOL_IP_GRE 80 +#define NDPI_PROTOCOL_IP_ICMP 81 +#define NDPI_PROTOCOL_IP_IGMP 82 +#define NDPI_PROTOCOL_IP_EGP 83 +#define NDPI_PROTOCOL_IP_SCTP 84 +#define NDPI_PROTOCOL_IP_OSPF 85 +#define NDPI_PROTOCOL_IP_IP_IN_IP 86 +#define NDPI_PROTOCOL_RTP 87 +#define NDPI_PROTOCOL_RDP 88 +#define NDPI_PROTOCOL_VNC 89 +#define NDPI_PROTOCOL_PCANYWHERE 90 +#define NDPI_PROTOCOL_SSL 91 +#define NDPI_PROTOCOL_SSH 92 +#define NDPI_PROTOCOL_USENET 93 +#define NDPI_PROTOCOL_MGCP 94 +#define NDPI_PROTOCOL_IAX 95 +#define NDPI_PROTOCOL_TFTP 96 +#define NDPI_PROTOCOL_AFP 97 +#define NDPI_PROTOCOL_STEALTHNET 98 +#define NDPI_PROTOCOL_AIMINI 99 +#define NDPI_PROTOCOL_SIP 100 +#define NDPI_PROTOCOL_TRUPHONE 101 +#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_DHCPV6 103 +#define NDPI_PROTOCOL_ARMAGETRON 104 +#define NDPI_PROTOCOL_CROSSFIRE 105 +#define NDPI_PROTOCOL_DOFUS 106 +#define NDPI_PROTOCOL_FIESTA 107 +#define NDPI_PROTOCOL_FLORENSIA 108 +#define NDPI_PROTOCOL_GUILDWARS 109 +#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 +#define NDPI_PROTOCOL_KERBEROS 111 +#define NDPI_PROTOCOL_LDAP 112 +#define NDPI_PROTOCOL_MAPLESTORY 113 +#define NDPI_PROTOCOL_MSSQL_TDS 114 +#define NDPI_PROTOCOL_PPTP 115 +#define NDPI_PROTOCOL_WARCRAFT3 116 +#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 +#define NDPI_PROTOCOL_SLACK 118 +#define NDPI_PROTOCOL_FACEBOOK 119 +#define NDPI_PROTOCOL_TWITTER 120 +#define NDPI_PROTOCOL_DROPBOX 121 +#define NDPI_PROTOCOL_GMAIL 122 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_YOUTUBE 124 +#define NDPI_PROTOCOL_SKYPE 125 +#define NDPI_PROTOCOL_GOOGLE 126 +#define NDPI_PROTOCOL_DCERPC 127 +#define NDPI_PROTOCOL_NETFLOW 128 +#define NDPI_PROTOCOL_SFLOW 129 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_CITRIX 132 +#define NDPI_PROTOCOL_NETFLIX 133 +#define NDPI_PROTOCOL_LASTFM 134 +#define NDPI_PROTOCOL_WAZE 135 +#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 +#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 +#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 +#define NDPI_PROTOCOL_CITRIX_ONLINE 139 +#define NDPI_PROTOCOL_APPLE 140 +#define NDPI_PROTOCOL_WEBEX 141 +#define NDPI_PROTOCOL_WHATSAPP 142 +#define NDPI_PROTOCOL_APPLE_ICLOUD 143 +#define NDPI_PROTOCOL_VIBER 144 +#define NDPI_PROTOCOL_APPLE_ITUNES 145 +#define NDPI_PROTOCOL_RADIUS 146 +#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 +#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ +#define NDPI_PROTOCOL_TUENTI 149 +#define NDPI_PROTOCOL_LOTUS_NOTES 150 +#define NDPI_PROTOCOL_SAP 151 +#define NDPI_PROTOCOL_GTP 152 +#define NDPI_PROTOCOL_UPNP 153 +#define NDPI_PROTOCOL_LLMNR 154 +#define NDPI_PROTOCOL_REMOTE_SCAN 155 +#define NDPI_PROTOCOL_SPOTIFY 156 +#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ +#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ +#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ +#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ +#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ +#define NDPI_PROTOCOL_WHOIS_DAS 170 +#define NDPI_PROTOCOL_COLLECTD 171 +#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MS_LYNC 173 +#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_ZMQ 177 +#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ +#define NDPI_PROTOCOL_REDIS 182 +#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_VHUA 184 +#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ +#define NDPI_PROTOCOL_VEVO 186 +#define NDPI_PROTOCOL_PANDORA 187 +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 +#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype, Ultrasurf?) - ntop.org */ -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 +/* 191, 192 are free */ +#define NDPI_PROTOCOL_FREE_191 191 +#define NDPI_PROTOCOL_FREE_192 192 +#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ +#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ +#define NDPI_PROTOCOL_OPENDNS 197 +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_MQTT 208 +#define NDPI_PROTOCOL_RX 209 +#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ +#define NDPI_PROTOCOL_MICROSOFT 212 +#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ +#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_SERVICE_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_SOCRATES 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FILETOPIA 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_EPP 38 -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_MOVE 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_SERVICE_SLACK 118 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_CITRIX 132 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 -#define NDPI_PROTOCOL_CITRIX_ONLINE 139 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_SERVICE_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MS_LYNC 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 +/* 217 is free */ +#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OFFICE_365 219 +#define NDPI_PROTOCOL_CLOUDFLARE 220 +#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 +/* 222 - 225 */ +#define NDPI_PROTOCOL_FREE_222 222 +#define NDPI_PROTOCOL_FREE_223 223 +#define NDPI_PROTOCOL_FREE_224 224 +#define NDPI_PROTOCOL_FREE_225 225 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 -#define NDPI_CONTENT_WEBM 157 - -#define NDPI_SERVICE_FACEBOOK 119 -#define NDPI_SERVICE_TWITTER 120 -#define NDPI_SERVICE_GMAIL 122 -#define NDPI_SERVICE_GOOGLE_MAPS 123 -#define NDPI_SERVICE_YOUTUBE 124 -#define NDPI_SERVICE_VEVO 186 -#define NDPI_SERVICE_GOOGLE 126 -#define NDPI_SERVICE_NETFLIX 133 -#define NDPI_SERVICE_LASTFM 134 -#define NDPI_SERVICE_WAZE 135 -#define NDPI_SERVICE_APPLE 140 -#define NDPI_SERVICE_WHATSAPP 142 -#define NDPI_SERVICE_APPLE_ICLOUD 143 -#define NDPI_SERVICE_APPLE_ITUNES 145 -#define NDPI_SERVICE_TUENTI 149 -#define NDPI_SERVICE_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_SERVICE_MSN NDPI_PROTOCOL_MSN /* Tomasz Bujlow */ -#define NDPI_SERVICE_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_SERVICE_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_SERVICE_CNN 180 /* Tomasz Bujlow */ -#define NDPI_SERVICE_DROPBOX NDPI_PROTOCOL_DROPBOX /* Tomasz Bujlow */ -#define NDPI_SERVICE_SKYPE NDPI_PROTOCOL_SKYPE /* Tomasz Bujlow */ -#define NDPI_SERVICE_VIBER NDPI_PROTOCOL_VIBER -#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow */ -#define NDPI_SERVICE_PANDORA 187 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_GIT 191 -#define NDPI_PROTOCOL_DRDA 192 -#define NDPI_SERVICE_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_SERVICE_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_SERVICE_TWITCH 195 /* Edoardo Dominici */ -#define NDPI_SERVICE_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_SERVICE_OPENDNS 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_SERVICE_SNAPCHAT 199 -#define NDPI_SERVICE_DEEZER 200 -#define NDPI_SERVICE_INSTAGRAM 201 /* Andrea Buscarinu */ -#define NDPI_SERVICE_MICROSOFT 202 -#define NDPI_SERVICE_HOTSPOT_SHIELD 203 -#define NDPI_SERVICE_OCS 204 -#define NDPI_SERVICE_OFFICE_365 205 -#define NDPI_SERVICE_CLOUDFLARE 206 -#define NDPI_SERVICE_MS_ONE_DRIVE 207 -#define NDPI_PROTOCOL_MQTT 208 -#define NDPI_PROTOCOL_RX 209 -#define NDPI_SERVICE_SINA 210 -#define NDPI_PROTOCOL_STARCRAFT 211 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 212 -#define NDPI_PROTOCOL_HEP 213 /* Sipcapture.org QXIP BV */ -#define NDPI_SERVICE_HANGOUT 214 -#define NDPI_SERVICE_IFLIX 215 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_SERVICE_GITHUB 216 -#define NDPI_PROTOCOL_BJNP 217 -#define NDPI_SERVICE_1KXUN 218 -#define NDPI_SERVICE_IQIYI 219 -#define NDPI_PROTOCOL_SMPP 220 /* Damir Franusic */ +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SMPP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5598fc98c..dcc613779 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -52,30 +52,30 @@ static ndpi_network host_protocol_list[] = { */ - { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4100 /* 31.13.65.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4200 /* 31.13.66.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4300 /* 31.13.67.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4400 /* 31.13.68.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4500 /* 31.13.69.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4600 /* 31.13.70.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4700 /* 31.13.71.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4800 /* 31.13.72.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4900 /* 31.13.73.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4A00 /* 31.13.74.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4C00 /* 31.13.76.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4D00 /* 31.13.77.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4E00 /* 31.13.78.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D8000 /* 31.13.80.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D6000 /* 31.13.96.0/19 */, 19, NDPI_SERVICE_FACEBOOK }, - { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_SERVICE_FACEBOOK }, - { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_SERVICE_FACEBOOK }, - { 0x453FB800 /* 69.63.184.0/21 */, 21, NDPI_SERVICE_FACEBOOK }, - { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_SERVICE_FACEBOOK }, - { 0x45DC9800 /* 69.220.152.0/21 */, 21, NDPI_SERVICE_FACEBOOK }, - { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_SERVICE_FACEBOOK }, + { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4100 /* 31.13.65.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4200 /* 31.13.66.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4300 /* 31.13.67.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4400 /* 31.13.68.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4500 /* 31.13.69.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4600 /* 31.13.70.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4700 /* 31.13.71.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4800 /* 31.13.72.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4900 /* 31.13.73.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4A00 /* 31.13.74.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4C00 /* 31.13.76.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4D00 /* 31.13.77.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4E00 /* 31.13.78.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D8000 /* 31.13.80.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D6000 /* 31.13.96.0/19 */, 19, NDPI_PROTOCOL_FACEBOOK }, + { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x453FB800 /* 69.63.184.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x45DC9800 /* 69.220.152.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, /* @@ -104,35 +104,35 @@ static ndpi_network host_protocol_list[] = { 202.160.130.0/24 202.160.131.0/24 */ - { 0x67FC7000 /* 103.252.112.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0x67FC7200 /* 103.252.114.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0x68F42800 /* 104.244.40.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42900 /* 104.244.41.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42A00 /* 104.244.42.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42B00 /* 104.244.43.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42C00 /* 104.244.44.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42D00 /* 104.244.45.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42E00 /* 104.244.46.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42F00 /* 104.244.47.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0xB92D0500 /* 185.45.5.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_SERVICE_TWITTER }, - { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_SERVICE_TWITTER }, - { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_SERVICE_TWITTER }, - { 0xC7603800 /* 199.96.56.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC7603B00 /* 199.96.58.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC7603C00 /* 199.96.60.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC7603F00 /* 199.96.62.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0x68F28000 /* 202.160.128.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F28100 /* 202.160.129.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_SERVICE_TWITTER }, + { 0x67FC7000 /* 103.252.112.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x67FC7200 /* 103.252.114.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x68F42800 /* 104.244.40.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42900 /* 104.244.41.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42A00 /* 104.244.42.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42B00 /* 104.244.43.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42C00 /* 104.244.44.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42D00 /* 104.244.45.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42E00 /* 104.244.46.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42F00 /* 104.244.47.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xB92D0500 /* 185.45.5.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, + { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, + { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, + { 0xC7603800 /* 199.96.56.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603B00 /* 199.96.58.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603C00 /* 199.96.60.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603F00 /* 199.96.62.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x68F28000 /* 202.160.128.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F28100 /* 202.160.129.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, /* OpenDNS 208.67.216.0/21 */ - { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_SERVICE_OPENDNS }, + { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, /* Microsoft Corporation (MS One Drive) @@ -144,25 +144,25 @@ static ndpi_network host_protocol_list[] = { 131.253.18.0/24 65.54.191.0/24 */ - { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE }, + { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, /* Amazon-EU-AWS Elastic Compute Cloud, EC2 (also used by Netflix) 46.137.128.0/18 */ - { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_SERVICE_AMAZON }, + { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, /* Amazon-EU (also used by Netflix) 176.34.184.0/21 */ - { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_SERVICE_AMAZON }, + { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, /* Netflix @@ -171,9 +171,9 @@ static ndpi_network host_protocol_list[] = { 69.53.224.0/19 */ - { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_SERVICE_NETFLIX }, - { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_SERVICE_NETFLIX }, - { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_SERVICE_NETFLIX }, + { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, + { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_PROTOCOL_NETFLIX }, + { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, /* Cloudflare @@ -182,10 +182,10 @@ static ndpi_network host_protocol_list[] = { 162.158.0.0/15 141.101.125.0/24 CLOUDFLARE-EU CDN network */ - { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_SERVICE_CLOUDFLARE }, - { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_SERVICE_CLOUDFLARE }, - { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_SERVICE_CLOUDFLARE }, - { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_SERVICE_CLOUDFLARE }, + { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, /* OFFICE 365 @@ -201,23 +201,23 @@ static ndpi_network host_protocol_list[] = { 13.107.15.0/24 13.107.16.0/24 */ - { 0x0D6B0100 /* 13.107.1.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0300 /* 13.107.3.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0400 /* 13.107.4.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0500 /* 13.107.5.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0600 /* 13.107.6.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0700 /* 13.107.7.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0900 /* 13.107.9.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0C00 /* 13.107.12.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0D00 /* 13.107.13.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0F00 /* 13.107.15.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B1000 /* 13.107.16.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, + { 0x0D6B0100 /* 13.107.1.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0300 /* 13.107.3.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0400 /* 13.107.4.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0500 /* 13.107.5.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0600 /* 13.107.6.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0700 /* 13.107.7.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0900 /* 13.107.9.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0C00 /* 13.107.12.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0D00 /* 13.107.13.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0F00 /* 13.107.15.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B1000 /* 13.107.16.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, /* OCS GO (Orange Cinéma Séries) 178.248.208.0/21 */ - { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_SERVICE_OCS }, + { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_PROTOCOL_OCS }, /* IFLIX services -by www.vizuamatix.com R&D team @@ -231,15 +231,15 @@ static ndpi_network host_protocol_list[] = { 52.74.192.247/32 2.21.231.24/32 */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_SERVICE_IFLIX }, - { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_SERVICE_IFLIX }, - { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_SERVICE_IFLIX }, - { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_SERVICE_IFLIX }, - { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_SERVICE_IFLIX }, - { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_SERVICE_IFLIX }, - { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_SERVICE_IFLIX }, - { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_SERVICE_IFLIX }, - { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_SERVICE_IFLIX }, + { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, /* Citrix GotoMeeting (AS16815, AS21866) @@ -271,7 +271,7 @@ static ndpi_network host_protocol_list[] = { Apple (FaceTime, iMessage,...) 17.0.0.0/8 */ - { 0x11000000 /* 17.0.0.0 */, 8, NDPI_SERVICE_APPLE }, + { 0x11000000 /* 17.0.0.0 */, 8, NDPI_PROTOCOL_APPLE }, /* Dropbox @@ -325,10 +325,10 @@ static ndpi_network host_protocol_list[] = { 64.233.160.0/19 216.58.192.0/19 */ - { 0xADC20000 /* 173.194.0.0 */, 16, NDPI_SERVICE_GOOGLE }, - { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_SERVICE_GOOGLE }, - { 0x40E91600 /* 64.233.160.0 */, 19, NDPI_SERVICE_GOOGLE }, - { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_SERVICE_GOOGLE }, + { 0xADC20000 /* 173.194.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x40E91600 /* 64.233.160.0 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_PROTOCOL_GOOGLE }, /* Ubuntu One @@ -7305,79 +7305,79 @@ static ndpi_network host_protocol_list[] = { https://api.twitch.tv/kraken/ingests Edoardo Dominici edoaramis@gmail.com */ - { 0xB92ACC5D, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACC92, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACCA4, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACCCD, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACC30, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FE15, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FE19, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD305, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104616, 32, NDPI_SERVICE_TWITCH }, - { 0xC010461D, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104650, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104651, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FEA3, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FE87, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD85, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACDA4, 32, NDPI_SERVICE_TWITCH }, - { 0xC010419A, 32, NDPI_SERVICE_TWITCH }, - { 0xC01041AD, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104172, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD68, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD55, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104219, 32, NDPI_SERVICE_TWITCH }, - { 0xC010421A, 32, NDPI_SERVICE_TWITCH }, - { 0xC010421B, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD205, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACCB05, 32, NDPI_SERVICE_TWITCH }, - { 0xC010413C, 32, NDPI_SERVICE_TWITCH }, - { 0xC010413D, 32, NDPI_SERVICE_TWITCH }, - { 0xC010413E, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD105, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD005, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACCA05, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD06, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD14, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACCF3, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9C7, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9C9, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9CB, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBA4, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBA6, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBAA, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBB1, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBE8, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBE9, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBEA, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBEB, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFB, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFC, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFD, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFE, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FF4B, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FF4C, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F974, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F976, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F978, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F97D, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F985, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F986, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F987, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F98C, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9C5, 32, NDPI_SERVICE_TWITCH }, + { 0xB92ACC5D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACC92, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACCA4, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACCCD, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACC30, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FE15, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FE19, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD305, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104616, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010461D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104650, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104651, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FEA3, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FE87, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD85, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACDA4, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010419A, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC01041AD, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104172, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD68, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD55, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104219, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010421A, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010421B, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD205, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACCB05, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010413C, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010413D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010413E, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD105, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD005, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACCA05, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD06, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD14, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACCF3, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9C7, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9C9, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9CB, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBA4, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBA6, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBAA, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBB1, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBE8, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBE9, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBEA, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBEB, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFB, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFC, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFD, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFE, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FF4B, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FF4C, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F974, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F976, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F978, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F97D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F985, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F986, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F987, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F98C, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9C5, 32, NDPI_PROTOCOL_TWITCH }, /* AnchorFree (Hotspot Shield) AnchorFree Inc. AFNETWORK-1 (NET-74-115-0-0-1) 74.115.0.0 - 74.115.7.255 */ - { 0x4A730000, 21, NDPI_SERVICE_HOTSPOT_SHIELD }, + { 0x4A730000, 21, NDPI_PROTOCOL_HOTSPOT_SHIELD }, /* Github: https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ 192.30.252.0/22 */ - { 0xC01EFC00 /* 192.30.252.0/22 */, 22, NDPI_SERVICE_GITHUB }, + { 0xC01EFC00 /* 192.30.252.0/22 */, 22, NDPI_PROTOCOL_GITHUB }, /* Valve Corporation (Steam) @@ -7414,192 +7414,192 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "images-amazon.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon-adsystem.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".apple.com", "Apple", NDPI_SERVICE_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".mzstatic.com", "Apple", NDPI_SERVICE_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icloud.com", "AppleiCloud", NDPI_SERVICE_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes.apple.com", "AppleiTunes", NDPI_SERVICE_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.c", "CNN", NDPI_SERVICE_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.net", "CNN", NDPI_SERVICE_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".dropbox.com", "DropBox", NDPI_SERVICE_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { "log.getdropbox.com", "DropBox", NDPI_SERVICE_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { ".ebay.", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystatic.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaydesc.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayrtm.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystratus.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayimg.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "facebook.com", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ - { ".facebook.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".google.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gstatic.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googlesyndication.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ - { "googleads.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleusercontent.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleapis.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gmail.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { "mail.outlook.com", "Hotmail", NDPI_SERVICE_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { ".last.fm", "LastFM", NDPI_SERVICE_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_SERVICE_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "netflix.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".skype.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", /* no final . */ "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", "Tuenti", NDPI_SERVICE_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twitter.", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twimg.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { ".viber.com", "Viber", NDPI_SERVICE_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", "Viber", NDPI_SERVICE_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimedia.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mediawiki.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimediafoundation.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".whatsapp.", "WhatsApp", NDPI_SERVICE_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "yahooapis.", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "youtube.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", "Vevo", NDPI_SERVICE_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ + { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", /* no final . */ "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_SERVICE_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_SERVICE_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, - { "ttvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_SERVICE_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", "Sina(Weibo)", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".waze.com", "Waze", NDPI_SERVICE_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_SERVICE_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".visualstudio.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "bn1301.storage.live.com", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "update.microsoft.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".anchorfree.", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ocsdomain.com", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".iflix.com", "IFLIX", NDPI_SERVICE_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", "IFLIX", NDPI_SERVICE_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", "IFLIX", NDPI_SERVICE_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "crl.microsoft.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, #if 0 /* The lines below are not just for Office 365 so they cannot be used for this purpose */ - { ".verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcb.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcd.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".verisign.net", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".geotrust.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".entrust.net", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".public-trust.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".symcb.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".symcd.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".verisign.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".geotrust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".entrust.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".public-trust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, #endif /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net", "OpenDNS", NDPI_SERVICE_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", "OpenDNS", NDPI_SERVICE_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_SERVICE_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_SERVICE_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -7648,7 +7648,7 @@ ndpi_protocol_match content_match[] = { { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Windows-Update-Agent", NULL, NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 81fd68f29..28ae1ff13 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -671,6 +671,20 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp /* ******************************************************************** */ +static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *ports_a, + ndpi_port_range *ports_b, + u_int16_t *no_master, + u_int16_t proto_id) { + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, + no_master, + no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ +} + +/* ******************************************************************** */ + /* This function is used to map protocol name and default ports and it MUST be updated whenever a new protocol is added to NDPI. @@ -1063,7 +1077,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_HOTSPOT_SHIELD, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, no_master, no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1382,7 +1396,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_SERVICE_KAKAOTALK_VOICE, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, no_master, no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1558,7 +1572,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_SERVICE_HANGOUT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, no_master, no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1568,7 +1582,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_1KXUN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, no_master, no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ @@ -1579,6 +1593,14 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + /* To be removed as soon as we define new protocols */ + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_222); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_223); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_225); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index ca53a8814..4555c6c75 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -19,7 +19,7 @@ */ #include "ndpi_api.h" -#ifdef NDPI_SERVICE_HANGOUT +#ifdef NDPI_PROTOCOL_HANGOUT /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 @@ -48,7 +48,7 @@ static u_int8_t isHangoutTCPPort(u_int16_t port) { /* ******************************************* */ static u_int8_t google_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) { - return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_SERVICE_GOOGLE) ? 1 : 0); + return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_PROTOCOL_GOOGLE) ? 1 : 0); } /* ******************************************* */ @@ -78,14 +78,14 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, ((packet->udp != NULL) && (isHangoutUDPPort(ntohs(packet->udp->source)) || isHangoutUDPPort(ntohs(packet->udp->dest)))) || ((packet->tcp != NULL) && (isHangoutTCPPort(ntohs(packet->tcp->source)) || isHangoutTCPPort(ntohs(packet->tcp->dest))))) { - NDPI_LOG(NDPI_SERVICE_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "Found Hangout.\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_HANGOUT, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "Found Hangout.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_SERVICE_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "No Hangout.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_HANGOUT); + NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "No Hangout.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HANGOUT); } /* ***************************************************************** */ @@ -93,7 +93,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id, - NDPI_SERVICE_HANGOUT, + NDPI_PROTOCOL_HANGOUT, ndpi_search_hangout, NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -102,4 +102,4 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif /* NDPI_SERVICE_HANGOUT */ +#endif /* NDPI_PROTOCOL_HANGOUT */ diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 795a6e5b7..4b381f067 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -204,15 +204,15 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } else if(iqiyi_counter > 0) { NDPI_LOG(NDPI_SERVICE_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_IQIYI); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); } #endif -#ifdef NDPI_SERVICE_1KXUN +#ifdef NDPI_PROTOCOL_1KXUN /* 1KXUN */ if(kxun_counter > 0) { - NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_1KXUN); + NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); } #endif @@ -817,7 +817,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct x = 1; while(packet->line[x].len != 0) { if((memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_FACEBOOK); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); check_content_type_and_change_protocol(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 368532c5d..fbdc8eac6 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" -#ifdef NDPI_SERVICE_KAKAOTALK_VOICE +#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -48,21 +48,21 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */) || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); return; } } } - NDPI_LOG(NDPI_SERVICE_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_KAKAOTALK_VOICE); + NDPI_LOG(NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KAKAOTALK_VOICE); } void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, *id, - NDPI_SERVICE_KAKAOTALK_VOICE, + NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_search_kakaotalk_voice, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/kxun.c b/src/lib/protocols/kxun.c index 33939ed85..d78e77a1a 100644 --- a/src/lib/protocols/kxun.c +++ b/src/lib/protocols/kxun.c @@ -19,13 +19,13 @@ */ #include "ndpi_protocols.h" -#ifdef NDPI_SERVICE_1KXUN +#ifdef NDPI_PROTOCOL_1KXUN static void ndpi_int_kxun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_1KXUN, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_UNKNOWN); } @@ -46,7 +46,7 @@ void ndpi_search_kxun(struct ndpi_detection_module_struct packet->payload[1] == 0x0f && packet->payload[4] == 0xa0 && packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "found 1kxun over udp.\n"); ndpi_int_kxun_add_connection(ndpi_struct, flow); return; @@ -78,15 +78,15 @@ void ndpi_search_kxun(struct ndpi_detection_module_struct } } /* EXCLUDE 1KXUN */ - NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude 1kxun.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_1KXUN); + NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude 1kxun.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_1KXUN); } void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("1kxun", ndpi_struct, detection_bitmask, *id, - NDPI_SERVICE_1KXUN, + NDPI_PROTOCOL_1KXUN, ndpi_search_kxun, NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 2ab93b949..bc64a6695 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -363,7 +363,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_SERVICE_GMAIL) +#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; // struct ndpi_id_struct *src=flow->src; // struct ndpi_id_struct *dst=flow->dst; @@ -598,7 +598,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (packet->payload[4] == 0) && (packet->payload[2] <= 9) && (packet->payload[3] <= 9))) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); return; } else { /* No whatsapp, let's try SSL */ diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 4a715d515..2ef4bf437 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -16,22 +16,22 @@ Lync 2 132 1 1kxun 934 523997 27 1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes] - 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 218/1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] + 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 205/1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] 3 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:53938 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] 4 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:61548 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 5 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:58468 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] - 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 218/1kxun][2 pkts/164 bytes] + 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][SSL client: 1] 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][SSL client: 1] 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][SSL client: 1] 10 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:64568 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 11 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:61172 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] - 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 218/1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] + 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 205/1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] 13 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:50194 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 14 UDP 168.95.1.1:53 <-> 192.168.5.16:63372 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] 15 UDP 192.168.5.45:59461 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 16 UDP 192.168.5.45:59789 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 218/1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] + 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 205/1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] 18 UDP 192.168.5.48:49701 <-> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] 19 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:57148 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 20 UDP 192.168.3.95:51451 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] @@ -40,7 +40,7 @@ Lync 2 132 1 23 UDP 192.168.5.41:55593 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: kevin-pc] 24 UDP 192.168.101.33:55485 <-> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes] 25 UDP 192.168.3.236:56043 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] - 26 UDP 8.8.8.8:53 <-> 192.168.115.8:51024 [proto: 5.218/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] + 26 UDP 8.8.8.8:53 <-> 192.168.115.8:51024 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] 27 UDP 192.168.5.57:55809 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes] 28 UDP 192.168.5.50:57143 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] 29 UDP 192.168.5.37:57325 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] @@ -49,37 +49,37 @@ Lync 2 132 1 32 UDP 8.8.8.8:53 <-> 192.168.115.8:54420 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] 33 UDP 192.168.5.48:59797 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: kasper-mac] 34 UDP 192.168.5.47:60267 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes] - 35 UDP 192.168.10.110:60480 <-> 255.255.255.255:62976 [proto: 218/1kxun][5 pkts/1795 bytes] + 35 UDP 192.168.10.110:60480 <-> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes] 36 UDP 192.168.5.47:61603 <-> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes] 37 UDP 192.168.3.236:62069 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] - 38 UDP 192.168.125.30:62976 <-> 255.255.255.255:62976 [proto: 218/1kxun][2 pkts/718 bytes] - 39 UDP 192.168.10.7:62976 <-> 255.255.255.255:62976 [proto: 218/1kxun][2 pkts/718 bytes] + 38 UDP 192.168.125.30:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] + 39 UDP 192.168.10.7:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] 40 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:57143 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] - 41 UDP 192.168.140.140:62976 <-> 255.255.255.255:62976 [proto: 218/1kxun][1 pkts/359 bytes] - 42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.218/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] + 41 UDP 192.168.140.140:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes] + 42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] 43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 131/HTTP_Proxy][33 pkts/11721 bytes] - 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 218/1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] + 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 205/1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] 47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] - 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] - 49 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] - 50 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] - 51 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.218/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] + 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] + 49 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] + 50 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] + 51 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] 52 UDP [fe80::f65c:89ff:fe89:e607]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][1 pkts/98 bytes] 53 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:58779 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 54 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] - 55 UDP 59.120.208.218:50151 <-> 255.255.255.255:1947 [proto: 218/1kxun][2 pkts/164 bytes] + 55 UDP 59.120.208.218:50151 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] 56 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:49735 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] - 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 218/1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] - 58 UDP 168.95.1.1:53 <-> 192.168.115.8:52723 [proto: 5.218/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] + 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 205/1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] + 58 UDP 168.95.1.1:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][25 pkts/4950 bytes][Host: vv.video.qq.com] 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 <-> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][SSL client: 1] - 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 218/1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] - 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.218/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] + 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 205/1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] + 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] 66 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:63659 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] 67 UDP [fe80::406:55a8:6453:25dd]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][5 pkts/490 bytes] 68 UDP 192.168.5.50:49766 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] @@ -101,7 +101,7 @@ Lync 2 132 1 84 UDP 192.168.5.9:55484 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] 85 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:49766 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] 86 UDP 192.168.5.37:56366 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] - 87 UDP 8.8.8.8:53 <-> 192.168.115.8:52723 [proto: 5.218/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] + 87 UDP 8.8.8.8:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 88 UDP 192.168.101.33:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] 89 UDP 192.168.5.9:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] 90 UDP 192.168.5.44:58702 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] @@ -126,16 +126,16 @@ Lync 2 132 1 109 UDP 192.168.5.41:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] 110 UDP [fe80::beee:7bff:fe0c:b3de]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][4 pkts/392 bytes] 111 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:62756 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] - 112 UDP 59.120.208.212:32768 <-> 255.255.255.255:1947 [proto: 218/1kxun][1 pkts/82 bytes] + 112 UDP 59.120.208.212:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes] 113 UDP 192.168.5.64:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes] 114 TCP 192.168.5.16:53605 <-> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes] 115 TCP 192.168.5.16:53613 <-> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes] 116 UDP 192.168.5.16:123 <-> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes] - 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.218/HTTP.1kxun][14 pkts/2858 bytes][Host: jp.kankan.1kxun.mobi] - 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][43 pkts/31191 bytes][Host: pic.1kxun.com] - 119 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] - 120 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] - 121 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.218/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] + 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][14 pkts/2858 bytes][Host: jp.kankan.1kxun.mobi] + 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][43 pkts/31191 bytes][Host: pic.1kxun.com] + 119 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] + 120 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] + 121 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] 122 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:54888 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 15ea9b059..1cb6c8e76 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -7,36 +7,36 @@ Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] - 2 UDP 8.8.8.8:53 <-> 192.168.0.103:26540 [proto: 5.201/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] - 3 UDP 8.8.8.8:53 <-> 192.168.0.103:27124 [proto: 5.201/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] + 2 UDP 8.8.8.8:53 <-> 192.168.0.103:26540 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] + 3 UDP 8.8.8.8:53 <-> 192.168.0.103:27124 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] 4 TCP 31.13.93.52:443 <-> 192.168.0.103:33763 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] 5 TCP 31.13.93.52:443 <-> 192.168.0.103:33935 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] - 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.201/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] + 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 77.67.29.17:80 <-> 192.168.0.103:33976 [proto: 7/HTTP][34 pkts/29039 bytes] - 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.201/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] - 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.201/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] + 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] + 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] - 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.201/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] + 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] - 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.201/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.201/SSL.Instagram][17 pkts/2647 bytes][SSL client: telegraph-ash.instagram.com] + 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] + 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][SSL client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] - 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.201/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] + 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] 18 TCP 31.13.93.52:443 <-> 192.168.0.103:33936 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 192.168.0.103:40855 <-> 46.33.70.150:80 [proto: 7/HTTP][2 pkts/140 bytes] - 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.201/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] - 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.201/SSL.Instagram][17 pkts/6369 bytes][SSL client: igcdn-photos-h-a.akamaihd.net] - 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.201/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] + 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] + 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][SSL client: igcdn-photos-h-a.akamaihd.net] + 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] 26 TCP 192.168.0.103:41562 <-> 92.122.48.138:80 [proto: 7/HTTP][25 pkts/23525 bytes] - 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.201/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] + 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] - 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.201/SSL.Instagram][19 pkts/9340 bytes][SSL client: igcdn-photos-g-a.akamaihd.net] - 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.201/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com] - 31 TCP 192.168.0.103:58053 <-> 82.85.26.162:80 [proto: 7.201/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] + 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][SSL client: igcdn-photos-g-a.akamaihd.net] + 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com] + 31 TCP 192.168.0.103:58053 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] Undetected flows: diff --git a/tests/result/drda_db2.pcap.out b/tests/result/drda_db2.pcap.out index 2543776b2..ee222fcd6 100644 --- a/tests/result/drda_db2.pcap.out +++ b/tests/result/drda_db2.pcap.out @@ -1,3 +1,3 @@ DRDA 38 6691 1 - 1 TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 192/DRDA][38 pkts/6691 bytes] + 1 TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][38 pkts/6691 bytes] diff --git a/tests/result/git.pcap.out b/tests/result/git.pcap.out index 1df4f5da9..665dad5a8 100644 --- a/tests/result/git.pcap.out +++ b/tests/result/git.pcap.out @@ -1,3 +1,3 @@ Git 90 74005 1 - 1 TCP 5.153.231.21:9418 <-> 192.168.0.77:47991 [proto: 191/Git][90 pkts/74005 bytes] + 1 TCP 5.153.231.21:9418 <-> 192.168.0.77:47991 [proto: 226/Git][90 pkts/74005 bytes] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 817d11220..7dff4f8e5 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ GoogleHangout 19 2774 1 - 1 UDP 10.89.61.13:56406 <-> 74.125.134.127:19305 [proto: 214/GoogleHangout][19 pkts/2774 bytes] + 1 UDP 10.89.61.13:56406 <-> 74.125.134.127:19305 [proto: 201/GoogleHangout][19 pkts/2774 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 09198dcff..c63b74d0d 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.222/SSL.ntop][19 pkts/7014 bytes][SSL client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.222/SSL.ntop][17 pkts/6842 bytes][SSL client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.222/SSL.ntop][18 pkts/6928 bytes][SSL client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.222/SSL.ntop][26 pkts/15617 bytes][SSL client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][SSL client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][SSL client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][SSL client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][SSL client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:804::200e]:40526 [proto: 91/SSL][2 pkts/172 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:41776 [proto: 91/SSL][14 pkts/2213 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][SSL client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 7a09bd2d0..30cba198f 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 46.101.157.119:80 <-> 192.168.80.160:55804 [proto: 7.222/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] + 1 TCP 46.101.157.119:80 <-> 192.168.80.160:55804 [proto: 7.229/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 63711194d..525e41d58 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -5,21 +5,21 @@ SSL 32 4323 2 Google 27 3797 4 OCS 863 57552 7 - 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.204/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] - 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.204/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] + 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] + 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] - 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.204/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] + 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][SSL client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91/SSL][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] - 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.204/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] + 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] 10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] 11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] - 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.204/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws] + 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws] 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com] - 14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.204/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] - 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.204/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] + 14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] + 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] 16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com] 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index f09d8b09b..d87999458 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -6,78 +6,78 @@ UPnP 1 130 1 iQIYI 1490 1845116 56 1 TCP 192.168.115.8:50443 <-> 117.79.81.135:80 [proto: 7/HTTP][1 pkts/347 bytes] - 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.219/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] - 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 219/iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] - 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.219/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] + 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] + 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 206/iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] + 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] 5 TCP 192.168.5.15:65125 <-> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes] - 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 219/iQIYI][2 pkts/713 bytes][Host: api.magicansoft.com] + 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 206/iQIYI][2 pkts/713 bytes][Host: api.magicansoft.com] 7 TCP 192.168.115.8:50462 <-> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes] - 8 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][2 pkts/618 bytes][Host: msg.iqiyi.com] - 9 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1294 bytes][Host: msg.iqiyi.com] - 10 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] - 11 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] - 12 TCP 192.168.115.8:50504 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] + 8 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: msg.iqiyi.com] + 9 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1294 bytes][Host: msg.iqiyi.com] + 10 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] + 11 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] + 12 TCP 192.168.115.8:50504 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] 13 TCP 192.168.115.8:50506 <-> 202.108.14.219:80 [proto: 7/HTTP][1 pkts/199 bytes] 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][2 pkts/1093 bytes][Host: clients1.google.com] - 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] + 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] 16 UDP 192.168.5.63:39383 <-> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] - 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.219/HTTP.iQIYI][3 pkts/2346 bytes][Host: meta.video.qiyi.com] - 18 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 219/iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] - 19 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.219/HTTP.iQIYI][2 pkts/618 bytes][Host: static.qiyi.com] - 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.219/HTTP.iQIYI][2 pkts/691 bytes][Host: static.qiyi.com] - 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.219/HTTP.iQIYI][2 pkts/724 bytes][Host: static.qiyi.com] - 22 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.219/HTTP.iQIYI][529 pkts/692961 bytes][Host: preimage1.qiyipic.com] - 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.219/HTTP.iQIYI][542 pkts/710385 bytes][Host: preimage1.qiyipic.com] + 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2346 bytes][Host: meta.video.qiyi.com] + 18 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 206/iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] + 19 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: static.qiyi.com] + 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][2 pkts/691 bytes][Host: static.qiyi.com] + 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/724 bytes][Host: static.qiyi.com] + 22 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][529 pkts/692961 bytes][Host: preimage1.qiyipic.com] + 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][542 pkts/710385 bytes][Host: preimage1.qiyipic.com] 24 UDP 192.168.115.1:50945 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes] 25 UDP 192.168.5.50:52529 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes] - 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 219/iQIYI][2 pkts/1128 bytes][Host: s1.symcb.com] + 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 206/iQIYI][2 pkts/1128 bytes][Host: s1.symcb.com] 27 UDP 192.168.5.38:58897 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] - 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.219/HTTP.iQIYI][2 pkts/463 bytes][Host: msg.video.qiyi.com] + 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/463 bytes][Host: msg.video.qiyi.com] 29 UDP 192.168.5.28:60023 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] 30 UDP 192.168.5.38:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes] - 31 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.219/HTTP.iQIYI][5 pkts/4553 bytes][Host: cache.video.iqiyi.com] - 32 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.219/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] - 33 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.219/HTTP.iQIYI][3 pkts/720 bytes][Host: iplocation.geo.qiyi.com] - 34 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1296 bytes][Host: msg.iqiyi.com] - 35 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1380 bytes][Host: msg.iqiyi.com] - 36 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.219/HTTP.iQIYI][3 pkts/1632 bytes][Host: msg.iqiyi.com] - 37 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.219/HTTP.iQIYI][2 pkts/683 bytes][Host: pdata.video.qiyi.com] - 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 219/iQIYI][2 pkts/1451 bytes][Host: click.hm.baidu.com] - 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.219/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] - 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 219/iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] - 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 219/iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] + 31 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][5 pkts/4553 bytes][Host: cache.video.iqiyi.com] + 32 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] + 33 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][3 pkts/720 bytes][Host: iplocation.geo.qiyi.com] + 34 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1296 bytes][Host: msg.iqiyi.com] + 35 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1380 bytes][Host: msg.iqiyi.com] + 36 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1632 bytes][Host: msg.iqiyi.com] + 37 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/683 bytes][Host: pdata.video.qiyi.com] + 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 206/iQIYI][2 pkts/1451 bytes][Host: click.hm.baidu.com] + 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] + 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 206/iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] + 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 206/iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] 42 TCP 192.168.115.8:50295 <-> 202.108.14.219:80 [proto: 7/HTTP][2 pkts/398 bytes] - 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] - 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] - 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][4 pkts/2296 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1140 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1143 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/813 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/616 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] - 51 TCP 192.168.115.8:50487 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][1 pkts/683 bytes][Host: msg.71.am] - 52 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] - 53 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][6 pkts/3441 bytes][Host: msg.71.am] - 54 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][3 pkts/2092 bytes][Host: msg.71.am] - 55 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.219/HTTP.iQIYI][2 pkts/882 bytes][Host: msg.71.am] - 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1118 bytes][Host: msg.71.am] - 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 219/iQIYI][27 pkts/34298 bytes][Host: 223.26.106.66] - 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.219/HTTP.iQIYI][246 pkts/320033 bytes][Host: static.qiyi.com] - 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.219/HTTP.iQIYI][2 pkts/1275 bytes][Host: static.qiyi.com] - 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.219/HTTP.iQIYI][8 pkts/2912 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50781 <-> 223.26.106.20:80 [proto: 7.219/HTTP.iQIYI][1 pkts/303 bytes][Host: preimage1.qiyipic.com] + 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] + 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] + 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][4 pkts/2296 bytes][Host: msg.71.am] + 46 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1140 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1143 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/813 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/616 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] + 51 TCP 192.168.115.8:50487 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes][Host: msg.71.am] + 52 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] + 53 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][6 pkts/3441 bytes][Host: msg.71.am] + 54 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2092 bytes][Host: msg.71.am] + 55 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/882 bytes][Host: msg.71.am] + 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] + 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1118 bytes][Host: msg.71.am] + 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 206/iQIYI][27 pkts/34298 bytes][Host: 223.26.106.66] + 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][246 pkts/320033 bytes][Host: static.qiyi.com] + 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1275 bytes][Host: static.qiyi.com] + 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][8 pkts/2912 bytes][Host: static.qiyi.com] + 62 TCP 192.168.115.8:50781 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes][Host: preimage1.qiyipic.com] 63 UDP 192.168.5.41:50374 <-> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes] - 64 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.219/HTTP.iQIYI][2 pkts/893 bytes][Host: msg.video.qiyi.com] + 64 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/893 bytes][Host: msg.video.qiyi.com] 65 UDP 192.168.5.57:59648 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] 66 UDP 192.168.5.63:60976 <-> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] 67 UDP 192.168.5.48:63930 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] 68 TCP 192.168.115.8:49174 <-> 77.234.41.35:80 [proto: 7/HTTP][5 pkts/3309 bytes] - 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 219/iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] - 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.219/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] - 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.219/HTTP.iQIYI][2 pkts/895 bytes][Host: api.cupid.iqiyi.com] - 72 TCP 111.206.13.3:80 <-> 192.168.115.8:50492 [proto: 7.219/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] - 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.219/HTTP.iQIYI][2 pkts/588 bytes][Host: msg.iqiyi.com] + 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 206/iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] + 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] + 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/895 bytes][Host: api.cupid.iqiyi.com] + 72 TCP 111.206.13.3:80 <-> 192.168.115.8:50492 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] + 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/588 bytes][Host: msg.iqiyi.com] Undetected flows: diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index b541ff88a..908377178 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -170,7 +170,7 @@ MS_OneDrive 387 198090 1 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.207/SSL.MS_OneDrive][387 pkts/198090 bytes][SSL server: *.gateway.messenger.live.com] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][SSL server: *.gateway.messenger.live.com] 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 28203afdf..ab3f3f0fd 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -151,7 +151,7 @@ MS_OneDrive 348 181687 1 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.207/SSL.MS_OneDrive][348 pkts/181687 bytes][SSL server: *.gateway.messenger.live.com] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][SSL server: *.gateway.messenger.live.com] 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out index 673b0af70..1ec966e82 100644 --- a/tests/result/smpp_in_general.pcap.out +++ b/tests/result/smpp_in_general.pcap.out @@ -1,3 +1,3 @@ SMPP 17 1144 1 - 1 TCP 10.226.202.53:9000 <-> 10.226.202.118:1770 [proto: 220/SMPP][17 pkts/1144 bytes] + 1 TCP 10.226.202.53:9000 <-> 10.226.202.118:1770 [proto: 207/SMPP][17 pkts/1144 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index d99a70d00..f7d59e0c8 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -8,22 +8,22 @@ IGMP 2 120 1 SSL 38 2548 11 Google 14 1588 3 QUIC 6 475 1 -Starcraft 236 51494 6 Github 3 234 1 +Starcraft 236 51494 6 1 TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 80.239.186.26:80 <-> 192.168.1.100:3518 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] 3 TCP 80.239.186.21:80 <-> 192.168.1.100:3522 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net] 4 TCP 80.239.186.26:80 <-> 192.168.1.100:3524 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] 5 TCP 80.239.186.40:80 <-> 192.168.1.100:3526 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] - 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 211/Starcraft][13 pkts/902 bytes] + 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][13 pkts/902 bytes] 7 UDP 239.255.255.250:1900 <-> 192.168.1.254:38605 [proto: 12/SSDP][11 pkts/4984 bytes] 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/336 bytes][Host: nydus.battle.net] 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa] 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa] 11 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][3 pkts/168 bytes] 12 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][4 pkts/228 bytes] - 13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 211/Starcraft][2 pkts/104 bytes] + 13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][2 pkts/104 bytes] 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][2 pkts/121 bytes] 15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net] 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] @@ -47,11 +47,11 @@ Github 3 234 1 34 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa] 35 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com] 36 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com] - 37 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.216/SSL.Github][3 pkts/234 bytes] + 37 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][3 pkts/234 bytes] 38 IGMP 224.0.0.22:0 <-> 192.168.1.107:0 [proto: 82/IGMP][2 pkts/120 bytes] - 39 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 211/Starcraft][215 pkts/50178 bytes] - 40 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 211/Starcraft][2 pkts/103 bytes] - 41 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 211/Starcraft][2 pkts/103 bytes] + 39 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes] + 40 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes] + 41 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes] 42 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net] 43 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 44 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] @@ -61,7 +61,7 @@ Github 3 234 1 48 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 49 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 50 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] - 51 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 211/Starcraft][2 pkts/104 bytes] + 51 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 213/Starcraft][2 pkts/104 bytes] Undetected flows: diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index c0c37a425..6c65bc313 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -1,7 +1,7 @@ Teredo 24 2574 5 - 1 UDP 194.136.28.76:3544 <-> 10.112.16.106:52513 [proto: 212/Teredo][4 pkts/508 bytes] - 2 UDP 194.136.28.76:3544 <-> 10.112.16.89:60381 [proto: 212/Teredo][2 pkts/254 bytes] - 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 212/Teredo][14 pkts/1304 bytes] - 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 212/Teredo][2 pkts/254 bytes] - 5 UDP 194.136.28.76:3544 <-> 10.112.16.92:63448 [proto: 212/Teredo][2 pkts/254 bytes] + 1 UDP 194.136.28.76:3544 <-> 10.112.16.106:52513 [proto: 214/Teredo][4 pkts/508 bytes] + 2 UDP 194.136.28.76:3544 <-> 10.112.16.89:60381 [proto: 214/Teredo][2 pkts/254 bytes] + 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][14 pkts/1304 bytes] + 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] + 5 UDP 194.136.28.76:3544 <-> 10.112.16.92:63448 [proto: 214/Teredo][2 pkts/254 bytes] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 8d5c3df97..acb3f9167 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -9,22 +9,22 @@ Sina(Weibo) 418 258007 15 2 TCP 140.205.174.1:443 <-> 192.168.1.105:48356 [proto: 91/SSL][1 pkts/74 bytes] 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] 4 TCP 216.58.212.65:443 <-> 192.168.1.105:34699 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 5 TCP 222.73.28.96:80 <-> 192.168.1.105:42275 [proto: 7.210/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] - 6 UDP 192.168.1.1:53 <-> 192.168.1.105:50533 [proto: 5.210/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] - 7 UDP 192.168.1.1:53 <-> 192.168.1.105:53543 [proto: 5.210/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] + 5 TCP 222.73.28.96:80 <-> 192.168.1.105:42275 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] + 6 UDP 192.168.1.1:53 <-> 192.168.1.105:50533 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] + 7 UDP 192.168.1.1:53 <-> 192.168.1.105:53543 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][9 pkts/1944 bytes] 9 TCP 216.58.214.78:443 <-> 192.168.1.105:58481 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 10 UDP 192.168.1.1:53 <-> 192.168.1.105:7148 [proto: 5.210/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] - 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][106 pkts/76903 bytes][Host: img.t.sinajs.cn] - 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][41 pkts/23245 bytes][Host: img.t.sinajs.cn] - 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] - 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][35 pkts/22361 bytes][Host: img.t.sinajs.cn] - 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] + 10 UDP 192.168.1.1:53 <-> 192.168.1.105:7148 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] + 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][106 pkts/76903 bytes][Host: img.t.sinajs.cn] + 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][41 pkts/23245 bytes][Host: img.t.sinajs.cn] + 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] + 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][35 pkts/22361 bytes][Host: img.t.sinajs.cn] + 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][SSL client: g.alicdn.com] 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] 18 TCP 42.156.184.19:443 <-> 192.168.1.105:52272 [proto: 91/SSL][1 pkts/74 bytes] 19 TCP 42.156.184.19:443 <-> 192.168.1.105:52274 [proto: 91/SSL][1 pkts/74 bytes] - 20 UDP 192.168.1.1:53 <-> 192.168.1.105:11798 [proto: 5.210/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] + 20 UDP 192.168.1.1:53 <-> 192.168.1.105:11798 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] 21 UDP 192.168.1.1:53 <-> 192.168.1.105:16804 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] 22 TCP 140.205.170.63:443 <-> 192.168.1.105:47721 [proto: 91/SSL][1 pkts/74 bytes] 23 TCP 140.205.170.63:443 <-> 192.168.1.105:47723 [proto: 91/SSL][1 pkts/74 bytes] @@ -34,7 +34,7 @@ Sina(Weibo) 418 258007 15 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 29 TCP 216.58.212.69:443 <-> 192.168.1.105:37802 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 30 UDP 192.168.1.1:53 <-> 192.168.1.105:41352 [proto: 5.210/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] + 30 UDP 192.168.1.1:53 <-> 192.168.1.105:41352 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] 31 TCP 222.73.28.96:80 <-> 192.168.1.105:42280 [proto: 7/HTTP][1 pkts/74 bytes] 32 UDP 192.168.1.1:53 <-> 192.168.1.105:50640 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] 33 UDP 192.168.1.1:53 <-> 192.168.1.105:51440 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] @@ -43,9 +43,9 @@ Sina(Weibo) 418 258007 15 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][14 pkts/2174 bytes] 37 TCP 216.58.214.78:443 <-> 192.168.1.105:58480 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91/SSL][2 pkts/132 bytes] - 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] - 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.210/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] + 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] + 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][3 pkts/214 bytes] 42 TCP 42.156.184.19:443 <-> 192.168.1.105:52271 [proto: 91/SSL][1 pkts/74 bytes] - 43 UDP 192.168.1.1:53 <-> 192.168.1.105:18035 [proto: 5.210/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] - 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.210/HTTP.Sina(Weibo)][79 pkts/37492 bytes][Host: www.weibo.com] + 43 UDP 192.168.1.1:53 <-> 192.168.1.105:18035 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] + 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][79 pkts/37492 bytes][Host: www.weibo.com] -- cgit v1.2.3 From 8805d8523b6f2f22d4db0a1344439f36e5f3f9c2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 15:04:24 +0100 Subject: Optimized code to avoid multiple calls to ndpi_network_ptree_match() HTTP-based subprotocols have not HTTP set as master_protocols --- src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 7 +++---- src/lib/protocols/http.c | 10 ++++++---- src/lib/protocols/tcp_udp.c | 19 ++++++++++++------- 4 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index f34a12f13..edf4ca3dc 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -44,6 +44,7 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, /* TCP/UDP protocols */ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t protocol, u_int32_t saddr, u_int32_t daddr, u_int16_t sport, u_int16_t dport); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 28ae1ff13..f6b6911df 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1680,10 +1680,8 @@ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp != NULL) { if(packet->iph) { - if(tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->saddr) - || tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->daddr)) { + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_TOR) return(1); - } } } @@ -4413,7 +4411,8 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport); + rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, + shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.protocol = rc, diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 4b381f067..d405e407b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -41,10 +41,11 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd /* If no custom protocol has been detected */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - if(protocol == NDPI_PROTOCOL_HTTP) + if(protocol == NDPI_PROTOCOL_HTTP) { ndpi_int_reset_protocol(flow); - - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); + } else + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); } flow->http_detected = 1; @@ -382,7 +383,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(!ndpi_struct->http_dont_dissect_response && flow->http_detected) parseHttpSubprotocol(ndpi_struct, flow); - flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP; + if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP; /* check for accept line */ if(packet->accept_line.ptr != NULL) { diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 2c6792551..605ba54c3 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -24,7 +24,8 @@ /* ndpi_main.c */ extern u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, +u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t protocol, u_int32_t saddr, u_int32_t daddr, /* host endianess */ u_int16_t sport, u_int16_t dport) /* host endianess */ @@ -38,12 +39,15 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc } } - host.s_addr = htonl(saddr); - if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) - return (rc); - - host.s_addr = htonl(daddr); - return (ndpi_network_ptree_match(ndpi_struct, &host)); + if(flow) + return(flow->guessed_host_protocol_id); + else { + if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) + return (rc); + + host.s_addr = htonl(daddr); + return (ndpi_network_ptree_match(ndpi_struct, &host)); + } } void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -66,6 +70,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, + flow, flow->packet.iph ? flow->packet.iph->protocol : #ifdef NDPI_DETECTION_SUPPORT_IPV6 flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, -- cgit v1.2.3 From ff9af3166f6f1cb3ea20e00cfa08cc657cb8b3c7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 15:06:21 +0100 Subject: Updated results for HTTP-subprotocols --- tests/result/1kxun.pcap.out | 12 ++++++------ tests/result/pps.pcap.out | 18 +++++++++--------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 2ef4bf437..0b800614d 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -16,7 +16,7 @@ Lync 2 132 1 1kxun 934 523997 27 1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes] - 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 205/1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] + 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] 3 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:53938 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] 4 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:61548 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 5 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:58468 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] @@ -26,12 +26,12 @@ Lync 2 132 1 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][SSL client: 1] 10 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:64568 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 11 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:61172 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] - 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 205/1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] + 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] 13 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:50194 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 14 UDP 168.95.1.1:53 <-> 192.168.5.16:63372 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] 15 UDP 192.168.5.45:59461 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 16 UDP 192.168.5.45:59789 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 205/1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] + 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] 18 UDP 192.168.5.48:49701 <-> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] 19 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:57148 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 20 UDP 192.168.3.95:51451 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] @@ -60,7 +60,7 @@ Lync 2 132 1 43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 131/HTTP_Proxy][33 pkts/11721 bytes] - 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 205/1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] + 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] 47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] 49 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] @@ -71,14 +71,14 @@ Lync 2 132 1 54 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] 55 UDP 59.120.208.218:50151 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] 56 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:49735 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] - 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 205/1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] + 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] 58 UDP 168.95.1.1:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][25 pkts/4950 bytes][Host: vv.video.qq.com] 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 <-> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][SSL client: 1] - 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 205/1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] + 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] 66 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:63659 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] 67 UDP [fe80::406:55a8:6453:25dd]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][5 pkts/490 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index d87999458..a55361d5a 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -7,10 +7,10 @@ iQIYI 1490 1845116 56 1 TCP 192.168.115.8:50443 <-> 117.79.81.135:80 [proto: 7/HTTP][1 pkts/347 bytes] 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] - 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 206/iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] + 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] 5 TCP 192.168.5.15:65125 <-> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes] - 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 206/iQIYI][2 pkts/713 bytes][Host: api.magicansoft.com] + 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/713 bytes][Host: api.magicansoft.com] 7 TCP 192.168.115.8:50462 <-> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes] 8 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: msg.iqiyi.com] 9 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1294 bytes][Host: msg.iqiyi.com] @@ -22,7 +22,7 @@ iQIYI 1490 1845116 56 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] 16 UDP 192.168.5.63:39383 <-> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2346 bytes][Host: meta.video.qiyi.com] - 18 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 206/iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] + 18 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] 19 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: static.qiyi.com] 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][2 pkts/691 bytes][Host: static.qiyi.com] 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/724 bytes][Host: static.qiyi.com] @@ -30,7 +30,7 @@ iQIYI 1490 1845116 56 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][542 pkts/710385 bytes][Host: preimage1.qiyipic.com] 24 UDP 192.168.115.1:50945 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes] 25 UDP 192.168.5.50:52529 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes] - 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 206/iQIYI][2 pkts/1128 bytes][Host: s1.symcb.com] + 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1128 bytes][Host: s1.symcb.com] 27 UDP 192.168.5.38:58897 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/463 bytes][Host: msg.video.qiyi.com] 29 UDP 192.168.5.28:60023 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] @@ -42,10 +42,10 @@ iQIYI 1490 1845116 56 35 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1380 bytes][Host: msg.iqiyi.com] 36 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1632 bytes][Host: msg.iqiyi.com] 37 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/683 bytes][Host: pdata.video.qiyi.com] - 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 206/iQIYI][2 pkts/1451 bytes][Host: click.hm.baidu.com] + 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1451 bytes][Host: click.hm.baidu.com] 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] - 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 206/iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] - 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 206/iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] + 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] + 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] 42 TCP 192.168.115.8:50295 <-> 202.108.14.219:80 [proto: 7/HTTP][2 pkts/398 bytes] 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] @@ -62,7 +62,7 @@ iQIYI 1490 1845116 56 55 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/882 bytes][Host: msg.71.am] 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1118 bytes][Host: msg.71.am] - 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 206/iQIYI][27 pkts/34298 bytes][Host: 223.26.106.66] + 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][27 pkts/34298 bytes][Host: 223.26.106.66] 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][246 pkts/320033 bytes][Host: static.qiyi.com] 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1275 bytes][Host: static.qiyi.com] 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][8 pkts/2912 bytes][Host: static.qiyi.com] @@ -73,7 +73,7 @@ iQIYI 1490 1845116 56 66 UDP 192.168.5.63:60976 <-> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] 67 UDP 192.168.5.48:63930 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] 68 TCP 192.168.115.8:49174 <-> 77.234.41.35:80 [proto: 7/HTTP][5 pkts/3309 bytes] - 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 206/iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] + 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/895 bytes][Host: api.cupid.iqiyi.com] 72 TCP 111.206.13.3:80 <-> 192.168.115.8:50492 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] -- cgit v1.2.3 From bf35300817e6c7bda4a7305da4f95fa206991448 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 15:43:14 +0100 Subject: Updated readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index b1feb5a98..02e44350d 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,10 @@ The entire procedure of adding new protocols in detail: 11. make 12. make check +### How to use nDPI to Block Selected Traffic + +You can use nDPI to selectively block selected Internet traffic by embedding it onto an application (remember that nDPI us just a library). Both [ntopng](https://github.com/ntop/ntopng) and [nProbe cento](http://www.ntop.org/products/netflow/nprobe-cento/) can do this. + ### Creating A Source File Tar Ball If you want to distribute a source tar file of nDPI do: -- cgit v1.2.3 From a3d32d9d80db80fcfce67c70e97121d84c29a112 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 16:01:58 +0100 Subject: Improved HTTP subprotocol matching --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index d405e407b..41e04467c 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -40,7 +40,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd ndpi_search_tcp_or_udp(ndpi_struct, flow); /* If no custom protocol has been detected */ - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ { if(protocol == NDPI_PROTOCOL_HTTP) { ndpi_int_reset_protocol(flow); ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); -- cgit v1.2.3 From 8fa2d8f0d6f67cccedcefdcf8c64fec139572a89 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 16:38:31 +0100 Subject: Improved whatsapp detection --- src/lib/ndpi_content_match.c.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dcc613779..04b04133a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -128,6 +128,12 @@ static ndpi_network host_protocol_list[] = { { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + /* + WhatsApp Inc. + 169.47.35.32 - 169.47.35.63 + */ + { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* OpenDNS 208.67.216.0/21 -- cgit v1.2.3 From 99410454681b75b3a40330ac38b886c53ecd070d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 1 Feb 2017 18:10:02 +0100 Subject: Renumbered ids that were changed by mistake MQTT (NOW 208, latest stable version 222) RX ( NOW 209, latest stable version 223) OPENDNS ( NOW 197, latest stable version 225 ). --- src/include/ndpi_protocol_ids.h | 20 +++++++++++++------- src/lib/ndpi_main.c | 6 +++--- tests/result/coap_mqtt.pcap.out | 8 ++++---- tests/result/rx.pcap.out | 10 +++++----- 4 files changed, 25 insertions(+), 19 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index e278ea260..b74f384e6 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -236,7 +236,10 @@ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_OPENDNS 197 + +/* 197 is free */ +#define NDPI_PROTOCOL_FREE_197 197 + #define NDPI_PROTOCOL_MPEGTS 198 #define NDPI_PROTOCOL_SNAPCHAT 199 #define NDPI_PROTOCOL_SINA 200 @@ -247,8 +250,11 @@ #define NDPI_PROTOCOL_1KXUN 205 #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -#define NDPI_PROTOCOL_MQTT 208 -#define NDPI_PROTOCOL_RX 209 + +/* 208 - 209 free */ +#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_FREE_209 209 + #define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 @@ -264,13 +270,13 @@ #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 +#define NDPI_PROTOCOL_MQTT 222 +#define NDPI_PROTOCOL_RX 223 -/* 222 - 225 */ -#define NDPI_PROTOCOL_FREE_222 222 -#define NDPI_PROTOCOL_FREE_223 223 +/* 224 is free */ #define NDPI_PROTOCOL_FREE_224 224 -#define NDPI_PROTOCOL_FREE_225 225 +#define NDPI_PROTOCOL_OPENDNS 225 #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f6b6911df..5a6a935ae 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1596,11 +1596,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp /* To be removed as soon as we define new protocols */ ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_222); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_223); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_225); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index a9bd983e1..67e3d3077 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -7,14 +7,14 @@ MQTT 7695 668291 4 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61047 [proto: 27/COAP][1 pkts/90 bytes] 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] - 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 208/MQTT][1926 pkts/167126 bytes] + 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][1926 pkts/167126 bytes] 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/404 bytes] 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][6 pkts/467 bytes] 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61044 [proto: 27/COAP][1 pkts/86 bytes] 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61046 [proto: 27/COAP][1 pkts/86 bytes] 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] - 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 208/MQTT][1922 pkts/166928 bytes] - 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 208/MQTT][1928 pkts/167509 bytes] - 15 TCP 192.168.56.1:53524 <-> 192.168.56.101:17501 [proto: 208/MQTT][1919 pkts/166728 bytes] + 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][1922 pkts/166928 bytes] + 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][1928 pkts/167509 bytes] + 15 TCP 192.168.56.1:53524 <-> 192.168.56.101:17501 [proto: 222/MQTT][1919 pkts/166728 bytes] 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/309 bytes] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index f38fc982d..1339732cb 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -1,7 +1,7 @@ RX 132 26475 5 - 1 UDP 192.167.206.124:7002 <-> 131.114.219.168:38331 [proto: 209/RX][3 pkts/519 bytes] - 2 UDP 192.167.206.124:7002 <-> 131.114.219.168:41559 [proto: 209/RX][3 pkts/519 bytes] - 3 UDP 192.167.206.124:7003 <-> 131.114.219.168:7001 [proto: 209/RX][27 pkts/9919 bytes] - 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 209/RX][79 pkts/12376 bytes] - 5 UDP 192.167.206.124:7000 <-> 131.114.219.168:7001 [proto: 209/RX][20 pkts/3142 bytes] + 1 UDP 192.167.206.124:7002 <-> 131.114.219.168:38331 [proto: 223/RX][3 pkts/519 bytes] + 2 UDP 192.167.206.124:7002 <-> 131.114.219.168:41559 [proto: 223/RX][3 pkts/519 bytes] + 3 UDP 192.167.206.124:7003 <-> 131.114.219.168:7001 [proto: 223/RX][27 pkts/9919 bytes] + 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][79 pkts/12376 bytes] + 5 UDP 192.167.206.124:7000 <-> 131.114.219.168:7001 [proto: 223/RX][20 pkts/3142 bytes] -- cgit v1.2.3 From beb069df64fd7c4221b8b8392819fd246338754f Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Feb 2017 09:01:46 +0100 Subject: fix hardcoded value of version in Makefile Issue report by @clauderobi (issue #333) --- src/include/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/Makefile.am b/src/include/Makefile.am index cd901f58b..6eeca93b4 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -1,4 +1,4 @@ -library_includedir=$(includedir)/libndpi-1.4/libndpi +library_includedir=$(includedir)/libndpi-@VERSION@/libndpi library_include_HEADERS = ndpi_api.h \ ndpi_define.h \ -- cgit v1.2.3 From be1ee30fa82721460682b0cfa2eb4f5e9d0b03c2 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Feb 2017 09:39:16 +0100 Subject: ndpi_main(.c): fix unused function 'tor_ptree_match' [-Werror,-Wunused-function] --- src/lib/ndpi_main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5a6a935ae..20b27c7fe 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1668,9 +1668,11 @@ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str /* ******************************************* */ +#if 0 static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) { return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_PROTOCOL_TOR) ? 1 : 0); } +#endif /* ******************************************* */ -- cgit v1.2.3 From b161a6d7f797dcdd3f258c03570853d555085798 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Sat, 4 Feb 2017 17:01:40 +0100 Subject: Fix for FreeBSD build --- example/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/Makefile.am b/example/Makefile.am index 662f5a3ba..1a0570b1f 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -3,7 +3,7 @@ bin_PROGRAMS = ndpiReader AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage -LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ -ldl +LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ AM_LDFLAGS = -static @DL_LIB@ ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h -- cgit v1.2.3 From b229b89c787e7e6377b388e86ce56341ee6918b0 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 9 Feb 2017 17:01:12 +0100 Subject: fix for https://github.com/ntop/nDPI/issues/339 --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0c07dd137..1415b3e6f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -921,7 +921,7 @@ struct ndpi_flow_struct { */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[192]; + u_char host_server_name[256]; /* Via HTTP User-Agent */ u_char detected_os[32]; /* Via HTTP X-Forwarded-For */ -- cgit v1.2.3 From b6eecd7d0cccfe51696255e7bf454ca96bff4245 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Thu, 9 Feb 2017 22:57:49 +0100 Subject: Update .travis.yml --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.travis.yml b/.travis.yml index 00032ec26..cc8df7f6b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -40,3 +40,10 @@ after_script: #- lcov --remove coverage.info 'tests/*' 'packages/*' 'm4/*' 'doc/*' --output-file coverage.info #- lcov --list coverage.info # debug before upload #- coveralls-lcov --repo-token ${COVERALLS_TOKEN} coverage.info # uploads to coveralls + +notifications: + email: + recipients: + - packager@ntop.org + on_success: never + on_failure: always -- cgit v1.2.3 From 1d2e67d38ca195f115b3f06e1dbda3ab9c6d3df7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 11 Feb 2017 10:48:08 +0100 Subject: Dissected SSH client/server versions and reported in data structures --- example/ndpiReader.c | 18 +++++---- example/ndpi_util.c | 18 ++++++--- example/ndpi_util.h | 4 +- src/include/ndpi_typedefs.h | 5 ++- src/lib/protocols/ssh.c | 21 +++++++++++ tests/result/1kxun.pcap.out | 8 ++-- tests/result/6in4tunnel.pcap.out | 4 +- tests/result/Instagram.pcap.out | 10 ++--- tests/result/KakaoTalk_chat.pcap.out | 16 ++++---- tests/result/Viber_session.pcap.out | 6 +-- tests/result/dropbox.pcap.out | 8 ++-- tests/result/facebook.pcap.out | 4 +- tests/result/google_ssl.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 12 +++--- tests/result/ocs.pcap.out | 6 +-- tests/result/skype.pcap.out | 10 ++--- tests/result/skype_no_unknown.pcap.out | 6 +-- tests/result/snapchat.pcap.out | 4 +- tests/result/tor.pcap.out | 14 +++---- tests/result/viber_mobile.pcap.out | 12 +++--- tests/result/waze.pcap.out | 24 ++++++------ tests/result/webex.pcap.out | 62 +++++++++++++++---------------- tests/result/weibo.pcap.out | 2 +- tests/result/whatsapp_login_call.pcap.out | 6 +-- 24 files changed, 158 insertions(+), 124 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e1777d7da..4bf786aa8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -387,8 +387,10 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->packets, (long long unsigned int) flow->bytes); if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); - if(flow->ssl.client_certificate[0] != '\0') fprintf(out, "[SSL client: %s]", flow->ssl.client_certificate); - if(flow->ssl.server_certificate[0] != '\0') fprintf(out, "[SSL server: %s]", flow->ssl.server_certificate); + + + if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); + if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); fprintf(out, "\n"); @@ -427,16 +429,16 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(flow->host_server_name[0] != '\0') json_object_object_add(jObj,"host.server.name",json_object_new_string(flow->host_server_name)); - if((flow->ssl.client_certificate[0] != '\0') || (flow->ssl.server_certificate[0] != '\0')) { + if((flow->ssh_ssl.client_info[0] != '\0') || (flow->ssh_ssl.server_info[0] != '\0')) { json_object *sjObj = json_object_new_object(); - if(flow->ssl.client_certificate[0] != '\0') - json_object_object_add(sjObj, "client", json_object_new_string(flow->ssl.client_certificate)); + if(flow->ssh_ssl.client_info[0] != '\0') + json_object_object_add(sjObj, "client", json_object_new_string(flow->ssh_ssl.client_info)); - if(flow->ssl.server_certificate[0] != '\0') - json_object_object_add(sjObj, "server", json_object_new_string(flow->ssl.server_certificate)); + if(flow->ssh_ssl.server_info[0] != '\0') + json_object_object_add(sjObj, "server", json_object_new_string(flow->ssh_ssl.server_info)); - json_object_object_add(jObj, "ssl", sjObj); + json_object_object_add(jObj, "ssh_ssl", sjObj); } if(json_flag == 1) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d121b5841..d5cb27d5a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -440,7 +440,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo Function to process the packet: determine the flow of a packet and try to decode it @return: 0 if success; else != 0 - + @Note: ipsize = header->len - ip_offset ; rawsize = header->len */ static unsigned int packet_processing(struct ndpi_workflow * workflow, @@ -519,10 +519,18 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { - snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", - flow->ndpi_flow->protos.ssl.client_certificate); - snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", - flow->ndpi_flow->protos.ssl.server_certificate); + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssh.client_signature); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssh.server_signature); + } else if((flow->detected_protocol.protocol == NDPI_PROTOCOL_SSL) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssl.client_certificate); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssl.server_certificate); + } } if(flow->detection_completed) { diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 3168a5010..171ab8e95 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -62,8 +62,8 @@ typedef struct ndpi_flow_info { char bittorent_hash[41]; struct { - char client_certificate[48], server_certificate[48]; - } ssl; + char client_info[48], server_info[48]; + } ssh_ssl; void *src_id, *dst_id; } ndpi_flow_info_t; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 1415b3e6f..801f1e768 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -942,7 +942,6 @@ struct ndpi_flow_struct { } http; union { - /* the only fields useful for nDPI and ntopng */ struct { u_int8_t num_queries, num_answers, reply_code; @@ -957,6 +956,10 @@ struct ndpi_flow_struct { struct { char client_certificate[48], server_certificate[48]; } ssl; + + struct { + char client_signature[48], server_signature[48]; + } ssh; } protos; /*** ALL protocol specific 64 bit variables here ***/ diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 20b8b5fe9..cb874010f 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -31,6 +31,18 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSH, NDPI_PROTOCOL_UNKNOWN); } +static void ndpi_ssh_zap_cr(char *str, int len) { + len--; + + while(len > 0) { + if((str[len] == '\n') || (str[len] == '\r')) { + str[len] = '\0'; + len--; + } else + break; + } +} + void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -40,6 +52,10 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (flow->l4.tcp.ssh_stage == 0) { if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 && memcmp(packet->payload, "SSH-", 4) == 0) { + int len = ndpi_min(sizeof(flow->protos.ssh.client_signature)-1, packet->payload_packet_len); + strncpy(flow->protos.ssh.client_signature, (const char *)packet->payload, len); + flow->protos.ssh.client_signature[len] = '\0'; + ndpi_ssh_zap_cr(flow->protos.ssh.client_signature, len); NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "ssh stage 0 passed\n"); flow->l4.tcp.ssh_stage = 1 + packet->packet_direction; return; @@ -47,7 +63,12 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } else if (flow->l4.tcp.ssh_stage == (2 - packet->packet_direction)) { if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 && memcmp(packet->payload, "SSH-", 4) == 0) { + int len = ndpi_min(sizeof(flow->protos.ssh.server_signature)-1, packet->payload_packet_len); + strncpy(flow->protos.ssh.server_signature, (const char *)packet->payload, len); + flow->protos.ssh.server_signature[len] = '\0'; + ndpi_ssh_zap_cr(flow->protos.ssh.server_signature, len); NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "found ssh\n"); + ndpi_int_ssh_add_connection(ndpi_struct, flow); return; diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 0b800614d..f53dabdd0 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -21,9 +21,9 @@ Lync 2 132 1 4 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:61548 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 5 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:58468 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][SSL client: 1] - 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][SSL client: 1] - 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][SSL client: 1] + 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][client: 1] + 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][client: 1] + 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][client: 1] 10 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:64568 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 11 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:61172 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] @@ -77,7 +77,7 @@ Lync 2 132 1 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 <-> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] - 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][SSL client: 1] + 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][client: 1] 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] 66 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:63659 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 7786f4a3a..520173ab5 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,9 +4,9 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][SSL client: www.facebook.com] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][SSL client: mail.tomasu.net] + 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 1cb6c8e76..0e2f4620c 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -15,12 +15,12 @@ Instagram 363 255094 16 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 77.67.29.17:80 <-> 192.168.0.103:33976 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] - 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] + 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][SSL client: telegraph-ash.instagram.com] + 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] 18 TCP 31.13.93.52:443 <-> 192.168.0.103:33936 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] @@ -29,12 +29,12 @@ Instagram 363 255094 16 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 192.168.0.103:40855 <-> 46.33.70.150:80 [proto: 7/HTTP][2 pkts/140 bytes] 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] - 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][SSL client: igcdn-photos-h-a.akamaihd.net] - 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] + 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][client: igcdn-photos-h-a.akamaihd.net] + 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 26 TCP 192.168.0.103:41562 <-> 92.122.48.138:80 [proto: 7/HTTP][25 pkts/23525 bytes] 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] - 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][SSL client: igcdn-photos-g-a.akamaihd.net] + 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][client: igcdn-photos-g-a.akamaihd.net] 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com] 31 TCP 192.168.0.103:58053 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index f6dd66fab..64aa1385f 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -16,7 +16,7 @@ KakaoTalk 55 9990 15 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][SSL server: *.kakao.com] + 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] @@ -26,10 +26,10 @@ KakaoTalk 55 9990 15 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][SSL server: *.push.samsungosp.com] + 19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][SSL server: *.facebook.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][SSL server: *.facebook.com] + 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] 23 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] 25 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] @@ -40,10 +40,10 @@ KakaoTalk 55 9990 15 30 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] 31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com] - 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][SSL client: developers.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][SSL server: *.facebook.com] + 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] 37 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 86cef872a..17451e021 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -30,16 +30,16 @@ Viber 4163 392492 4 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] 20 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][5 pkts/424 bytes] 21 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][SSL client: e.crashlytics.com] + 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] 23 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][12 pkts/1161 bytes] - 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][SSL client: mail.google.com] + 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] 27 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] 28 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][4143 pkts/390781 bytes] 29 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][1 pkts/60 bytes] 30 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] - 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][SSL client: settings.crashlytics.com] + 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] Undetected flows: diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index c8b862513..786dc24de 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -4,9 +4,9 @@ Dropbox 1104 246122 16 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/744 bytes][Host: notify.dropbox.com] 2 UDP 192.168.1.105:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][34 pkts/18026 bytes][SSL client: client.dropbox.com] + 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][34 pkts/18026 bytes][client: client.dropbox.com] 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][8 pkts/1390 bytes][Host: log.getdropbox.com] - 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][22 pkts/11392 bytes][SSL client: notify.dropbox.com] + 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][22 pkts/11392 bytes][client: notify.dropbox.com] 6 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/792 bytes][Host: d.dropbox.com] 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/822 bytes][Host: client.dropbox.com] 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] @@ -25,7 +25,7 @@ Dropbox 1104 246122 16 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 23 UDP 192.168.1.106:57268 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] - 24 TCP 54.240.174.31:443 <-> 192.168.1.105:44949 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][SSL client: client-cf.dropbox.com] + 24 TCP 54.240.174.31:443 <-> 192.168.1.105:44949 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][20 pkts/3928 bytes][Host: log.getdropbox.com] 26 UDP 192.168.1.101:2169 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] 27 UDP 192.168.1.101:2141 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] @@ -40,4 +40,4 @@ Dropbox 1104 246122 16 36 UDP 192.168.1.101:4169 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] 37 UDP 192.168.1.106:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes] 38 UDP 192.168.1.101:4625 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][54 pkts/27432 bytes][SSL client: d.dropbox.com] + 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][54 pkts/27432 bytes][client: d.dropbox.com] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index ad3cbdaad..a8a362735 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -1,4 +1,4 @@ Facebook 60 30511 2 - 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][19 pkts/5745 bytes][SSL client: facebook.com] - 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][41 pkts/24766 bytes][SSL client: www.facebook.com] + 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][19 pkts/5745 bytes][client: facebook.com] + 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][41 pkts/24766 bytes][client: www.facebook.com] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 111be80e6..2e69420db 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -1,3 +1,3 @@ Google 28 9108 1 - 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][SSL server: www.google.com] + 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index c63b74d0d..6928e61e4 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,14 +5,14 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][SSL client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][SSL client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][SSL client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][SSL client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:804::200e]:40526 [proto: 91/SSL][2 pkts/172 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:41776 [proto: 91/SSL][14 pkts/2213 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][SSL client: s-static.ak.facebook.com] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53134 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][SSL client: s-static.ak.facebook.com] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] + 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53134 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:803::2008]:58660 [proto: 91/SSL][2 pkts/172 bytes] 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1012]:59690 [proto: 91/SSL][2 pkts/172 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 525e41d58..43674631a 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -9,19 +9,19 @@ OCS 863 57552 7 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][SSL client: settings.crashlytics.com] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91/SSL][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] 10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] 11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] - 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws] + 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][client: ocs.labgency.ws] 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com] 14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] 16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] - 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com] + 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][client: mtalk.google.com] 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 908377178..29ee2021f 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -104,9 +104,9 @@ MS_OneDrive 387 198090 1 89 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] 90 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes] - 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com] - 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com] - 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][SSL client: apps.skype.com] + 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][client: p05-keyvalueservice.icloud.com] + 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][client: apps.skypeassets.com] + 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][client: apps.skype.com] 95 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes] 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] @@ -170,7 +170,7 @@ MS_OneDrive 387 198090 1 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][SSL server: *.gateway.messenger.live.com] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] @@ -244,7 +244,7 @@ MS_OneDrive 387 198090 1 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index ab3f3f0fd..49579d00a 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -151,7 +151,7 @@ MS_OneDrive 348 181687 1 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][SSL server: *.gateway.messenger.live.com] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] @@ -233,8 +233,8 @@ MS_OneDrive 348 181687 1 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][SSL client: apps.skype.com] + 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index 132460e25..c82660708 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -1,6 +1,6 @@ SSL_No_Cert 22 2879 1 Snapchat 34 7320 2 - 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][SSL client: feelinsonice-hrd.appspot.com] - 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][SSL client: feelinsonice-hrd.appspot.com] + 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][client: feelinsonice-hrd.appspot.com] + 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][client: feelinsonice-hrd.appspot.com] 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][22 pkts/2879 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 4fb9eb1d4..134965393 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -6,12 +6,12 @@ Tor 3676 3014362 7 1 UDP 192.168.1.1:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] 2 UDP [fe80::c583:1972:5728:7323]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][6 pkts/906 bytes] - 3 TCP 212.83.155.250:443 <-> 192.168.1.252:51174 [proto: 163/Tor][32 pkts/10431 bytes][SSL client: www.t3i3ru.com] - 4 TCP 46.59.52.31:443 <-> 192.168.1.252:51111 [proto: 163/Tor][34 pkts/11142 bytes][SSL client: www.e6r5p57kbafwrxj3plz.com] - 5 TCP 91.143.93.242:443 <-> 192.168.1.252:51175 [proto: 163/Tor][38 pkts/12520 bytes][SSL client: www.gfu7hbxpfp.com] + 3 TCP 212.83.155.250:443 <-> 192.168.1.252:51174 [proto: 163/Tor][32 pkts/10431 bytes] + 4 TCP 46.59.52.31:443 <-> 192.168.1.252:51111 [proto: 163/Tor][34 pkts/11142 bytes] + 5 TCP 91.143.93.242:443 <-> 192.168.1.252:51175 [proto: 163/Tor][38 pkts/12520 bytes] 6 TCP 157.56.30.46:443 <-> 192.168.1.252:51104 [proto: 91/SSL][1 pkts/60 bytes] 7 UDP 192.168.1.252:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] - 8 TCP 38.229.70.53:443 <-> 192.168.1.252:51112 [proto: 163/Tor][1576 pkts/1388792 bytes][SSL client: www.q4cyamnc6mtokjurvdclt.com] - 9 TCP 38.229.70.53:443 <-> 192.168.1.252:51176 [proto: 163/Tor][1826 pkts/1513278 bytes][SSL client: www.jmts2id.com] - 10 TCP 62.210.137.230:443 <-> 192.168.1.252:51185 [proto: 163/Tor][29 pkts/9661 bytes][SSL client: www.6gyip7tqim7sieb.com] - 11 TCP 91.143.93.242:443 <-> 192.168.1.252:51110 [proto: 163/Tor][141 pkts/68538 bytes][SSL client: www.ct7ctrgb6cr7.com] + 8 TCP 38.229.70.53:443 <-> 192.168.1.252:51112 [proto: 163/Tor][1576 pkts/1388792 bytes] + 9 TCP 38.229.70.53:443 <-> 192.168.1.252:51176 [proto: 163/Tor][1826 pkts/1513278 bytes] + 10 TCP 62.210.137.230:443 <-> 192.168.1.252:51185 [proto: 163/Tor][29 pkts/9661 bytes] + 11 TCP 91.143.93.242:443 <-> 192.168.1.252:51110 [proto: 163/Tor][141 pkts/68538 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index ca38a7815..0c1afb020 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -12,7 +12,7 @@ Google 75 17027 7 WhatsApp 31 6224 2 Viber 10081 1413446 4 - 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][SSL client: mtalk.google.com] + 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 122.146.250.88:9415 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 3 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][16 pkts/5838 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] @@ -28,7 +28,7 @@ Viber 10081 1413446 4 14 UDP 90.19.187.56:40500 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 15 UDP 80.47.129.1:44420 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 16 UDP 70.112.231.62:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][SSL client: graph.facebook.com] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] 18 UDP 94.6.33.9:46735 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 20 UDP 88.176.55.218:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] @@ -47,7 +47,7 @@ Viber 10081 1413446 4 33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes] 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][SSL client: googleads.g.doubleclick.net] + 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] 38 UDP 80.234.25.211:12624 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 39 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] @@ -69,9 +69,9 @@ Viber 10081 1413446 4 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes] 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][SSL client: e.crashlytics.com] + 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][SSL client: mail.google.com] + 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 62 UDP 8.8.8.8:53 <-> 192.168.200.222:58921 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] 63 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][5 pkts/300 bytes] @@ -83,7 +83,7 @@ Viber 10081 1413446 4 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][SSL client: settings.crashlytics.com] + 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com] Undetected flows: diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 65169ea40..b74ec7a15 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -8,19 +8,19 @@ Waze 484 289335 19 WhatsApp 15 1341 1 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][15 pkts/1341 bytes] - 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][SSL server: *.world.waze.com] - 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][SSL server: *.world.waze.com] - 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][SSL server: *.world.waze.com] + 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][server: *.world.waze.com] + 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][server: *.world.waze.com] + 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][server: *.world.waze.com] 5 TCP 200.160.4.49:80 <-> 10.16.37.157:41823 [proto: 7/HTTP][4 pkts/228 bytes] 6 TCP 200.160.4.31:80 <-> 10.16.37.157:43991 [proto: 7/HTTP][4 pkts/228 bytes] - 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][SSL server: *.waze.com] + 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][server: *.waze.com] 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][4 pkts/216 bytes] 9 TCP 200.160.4.49:80 <-> 10.16.37.157:46473 [proto: 7/HTTP][4 pkts/228 bytes] 10 TCP 200.160.4.49:80 <-> 10.16.37.157:52953 [proto: 7/HTTP][4 pkts/228 bytes] - 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][SSL server: *.world.waze.com] - 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][SSL server: *.world.waze.com] - 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][SSL server: *.world.waze.com] - 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][SSL server: *.world.waze.com] + 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][server: *.world.waze.com] + 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][server: *.world.waze.com] + 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][server: *.world.waze.com] + 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][server: *.world.waze.com] 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][15 pkts/1365 bytes][Host: cres.waze.com] 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1326 bytes][Host: cres.waze.com] 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1286 bytes][Host: roadshields.waze.com] @@ -30,14 +30,14 @@ WhatsApp 15 1341 1 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTPDownload][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][4 pkts/216 bytes] - 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][SSL server: *.waze.com] - 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][SSL server: *.waze.com] + 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] + 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][server: *.waze.com] 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes] 27 TCP 200.160.4.49:80 <-> 10.16.37.157:52746 [proto: 7/HTTP][4 pkts/228 bytes] 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/216 bytes] 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][4 pkts/216 bytes] - 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][SSL server: *.world.waze.com] - 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][SSL server: *.world.waze.com] + 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][server: *.world.waze.com] + 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][server: *.world.waze.com] 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][17 pkts/4015 bytes][Host: roadshields.waze.com] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 7d9c790f1..50109bef0 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -7,61 +7,61 @@ Google 17 6375 1 Webex 1244 809312 29 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/697 bytes] - 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][513 pkts/344086 bytes][SSL server: *.webex.com] + 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][513 pkts/344086 bytes][server: *.webex.com] 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/SSL][5 pkts/353 bytes] - 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][16 pkts/7099 bytes][SSL server: *.webex.com] + 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][16 pkts/7099 bytes][server: *.webex.com] 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/SSL][8 pkts/639 bytes] 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/SSL][8 pkts/639 bytes] - 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][50 pkts/10360 bytes][SSL server: *.webex.com] + 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][50 pkts/10360 bytes][server: *.webex.com] 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/SSL][3 pkts/182 bytes] 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/SSL][11 pkts/697 bytes] 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/SSL][11 pkts/697 bytes] - 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][SSL server: *.webex.com] + 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][server: *.webex.com] 12 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] 13 TCP 107.20.242.44:443 <-> 10.133.206.47:59447 [proto: 91/SSL][3 pkts/174 bytes] - 14 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][SSL server: *.webex.com] - 15 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][SSL server: *.webex.com] - 16 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][SSL server: *.webex.com] - 17 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][SSL server: *.webex.com] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][SSL server: *.webex.com] + 14 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 15 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][server: *.webex.com] 19 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/SSL][11 pkts/697 bytes] 20 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][8 pkts/668 bytes] 21 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][21 pkts/2530 bytes] 22 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][20 pkts/2475 bytes] 23 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][13 pkts/1733 bytes] - 24 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][SSL client: radcom.webex.com] - 25 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][SSL server: *.webex.com] - 26 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][SSL server: *.webex.com] + 24 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][client: radcom.webex.com] + 25 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][server: *.webex.com] 27 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/697 bytes] - 28 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][SSL server: *.webex.com] + 28 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][server: *.webex.com] 29 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/717 bytes] - 30 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][SSL server: *.webex.com] - 31 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][SSL server: *.webex.com] + 30 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][server: *.webex.com] + 31 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] 32 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/SSL][8 pkts/515 bytes] - 33 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][SSL server: *.webex.com] - 34 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][SSL server: *.webex.com] - 35 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][SSL server: *.webex.com] + 33 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] + 34 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] + 35 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][server: *.webex.com] 36 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][12 pkts/1791 bytes][Host: cp.pushwoosh.com] - 37 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][SSL server: *.webex.com] + 37 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][server: *.webex.com] 38 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/SSL][11 pkts/697 bytes] - 39 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][SSL server: *.webex.com] - 40 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][SSL client: ssl.google-analytics.com] - 41 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][SSL server: *.webex.com] + 39 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] + 40 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] + 41 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] 42 TCP 185.63.147.10:443 <-> 10.133.206.47:54651 [proto: 91/SSL][3 pkts/174 bytes] 43 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] 44 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] 45 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] 46 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] - 47 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][SSL server: www.webex.com] - 48 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][SSL client: radcom.webex.com] - 49 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][SSL client: radcom.webex.com] - 50 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][SSL client: radcom.webex.com] - 51 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][SSL server: *.webex.com] - 52 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][SSL server: *.webex.com] - 53 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][SSL server: *.webex.com] + 47 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][server: www.webex.com] + 48 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][client: radcom.webex.com] + 49 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][client: radcom.webex.com] + 50 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][client: radcom.webex.com] + 51 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][server: *.webex.com] + 52 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] + 53 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] 54 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/SSL][11 pkts/697 bytes] - 55 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][SSL client: api.crittercism.com] - 56 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][SSL server: *.webex.com] + 55 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com] + 56 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] Undetected flows: diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index acb3f9167..801983bcb 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -20,7 +20,7 @@ Sina(Weibo) 418 258007 15 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][35 pkts/22361 bytes][Host: img.t.sinajs.cn] 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] - 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][SSL client: g.alicdn.com] + 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][client: g.alicdn.com] 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] 18 TCP 42.156.184.19:443 <-> 192.168.1.105:52272 [proto: 91/SSL][1 pkts/74 bytes] 19 TCP 42.156.184.19:443 <-> 192.168.1.105:52274 [proto: 91/SSL][1 pkts/74 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 6ac5f31b9..1a5f00e1e 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -26,7 +26,7 @@ WhatsAppVoice 706 91156 4 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] @@ -56,13 +56,13 @@ WhatsAppVoice 706 91156 4 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com] + 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] -- cgit v1.2.3 From ffbe5d1e22808595d536ba63e6b74f3b4a599a5c Mon Sep 17 00:00:00 2001 From: Numeronove Date: Sat, 11 Feb 2017 10:53:28 +0100 Subject: Easing OpenBSD build Addedd macro AM_PROG_CC_C_O in configure.ac, needed to have autogen.sh manage the error: C objects in subdir but `AM_PROG_CC_C_O' not in `configure.ac' Modified case instance in example/ndpi_util.c, since DLT_LINUX_SLL isn't defined in OpenBSD pcap.h. --- configure.ac | 1 + example/ndpi_util.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 0e46e15aa..239187360 100644 --- a/configure.ac +++ b/configure.ac @@ -7,6 +7,7 @@ AM_INIT_AUTOMAKE([foreign subdir-objects]) LT_INIT AC_PROG_CC +AM_PROG_CC_C_O AX_PTHREAD if test -d ".git"; then : diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d121b5841..c1c5120ec 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -650,10 +650,12 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Linux Cooked Capture - 113 */ +#ifdef __linux__ case DLT_LINUX_SLL : type = (packet[eth_offset+14] << 8) + packet[eth_offset+15]; ip_offset = 16 + eth_offset; break; +#endif /* Radiotap link-layer - 127 */ case DLT_IEEE802_11_RADIO : -- cgit v1.2.3 From b16769ddbe0f20000b52fa86b7a1d6a966705c28 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 12 Feb 2017 20:14:11 +0100 Subject: Refined guess that does not happen for protocols that have been excluded --- src/lib/ndpi_main.c | 35 +++++++++++++++++++++++++++-------- src/lib/protocols/mssql_tds.c | 2 +- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 20b27c7fe..2bf1a103e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3439,22 +3439,41 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* TODO: add the remaining stage_XXXX protocols */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + u_int16_t guessed_protocol_id, guessed_host_protocol_id; + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; - - ndpi_int_change_protocol(ndpi_struct, flow, - flow->guessed_host_protocol_id, - flow->guessed_protocol_id); + + guessed_protocol_id = flow->guessed_protocol_id, + guessed_host_protocol_id = flow->guessed_host_protocol_id; + + if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + + /* Ignore guessed protocol if they have been discarded */ + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) + guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ndpi_int_change_protocol(ndpi_struct, flow, + guessed_host_protocol_id, + guessed_protocol_id); + } } else { flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; - + if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0]) flow->detected_protocol_stack[1] = flow->guessed_host_protocol_id; } - + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); @@ -4177,10 +4196,10 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, if((upper_detected_protocol == NDPI_PROTOCOL_UNKNOWN) && (lower_detected_protocol != NDPI_PROTOCOL_UNKNOWN)) upper_detected_protocol = lower_detected_protocol; - + if(upper_detected_protocol == lower_detected_protocol) lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN; - + ndpi_int_change_flow_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol); ndpi_int_change_packet_protocol(ndpi_struct, flow, diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 8a78266a9..42cecb8e2 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -46,7 +46,7 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; - if (packet->payload_packet_len < sizeof(struct tds_packet_header)) { + if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); return; -- cgit v1.2.3 From e2cfc96577be5fe97cd5ce63ac30b23cbfadce84 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Feb 2017 01:29:25 +0100 Subject: Improvements for exporting info in MDNS and UBNTAC2 protocols Added test pcap file for UBNTAC2 --- example/ndpiReader.c | 2 +- example/ndpi_util.c | 6 +++++- example/ndpi_util.h | 1 + src/include/ndpi_typedefs.h | 8 ++++++++ src/lib/protocols/mdns.c | 21 +++++++++++++++----- src/lib/protocols/ubntac2.c | 35 ++++++++++++++++++++++++++++----- tests/pcap/ubntac2.pcap | Bin 0 -> 1888 bytes tests/result/skype_no_unknown.pcap.out | 2 +- tests/result/ubntac2.pcap.out | 10 ++++++++++ 9 files changed, 72 insertions(+), 13 deletions(-) create mode 100644 tests/pcap/ubntac2.pcap create mode 100644 tests/result/ubntac2.pcap.out diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4bf786aa8..72b495912 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -387,7 +387,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->packets, (long long unsigned int) flow->bytes); if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); - + if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d5cb27d5a..3397d8a92 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -516,8 +516,12 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if(n == 0) flow->bittorent_hash[0] = '\0'; + } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_MDNS) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); + } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UBNTAC2) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); } - + if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) { snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 171ab8e95..6ff17bac2 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -58,6 +58,7 @@ typedef struct ndpi_flow_info { // result only, not used for flow identification ndpi_protocol detected_protocol; + char info[96]; char host_server_name[192]; char bittorent_hash[41]; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 801f1e768..68e332c23 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -960,6 +960,14 @@ struct ndpi_flow_struct { struct { char client_signature[48], server_signature[48]; } ssh; + + struct { + char answer[96]; + } mdns; + + struct { + char version[96]; + } ubntac2; } protos; /*** ALL protocol specific 64 bit variables here ***/ diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index b3184c26f..0692b3252 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -63,13 +63,26 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); - return 1; - + return 1; } else if((packet->payload[2] & 0x80) != 0 && ntohs(get_u_int16_t(packet->payload, 4)) == 0 && ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && ntohs(get_u_int16_t(packet->payload, 6)) != 0) { + char answer[256]; + int i, j, len; + + for(i=13, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(answer)-1)); i++) + answer[j++] = (packet->payload[i] < 13) ? '.' : packet->payload[i]; + + answer[j] = '\0'; + + /* printf("==> [%d] %s\n", j, answer); */ + + len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); + strncpy(flow->protos.mdns.answer, (const char *)answer, len); + flow->protos.mdns.answer[len] = '\0'; + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); return 1; } @@ -87,14 +100,12 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n */ /* check if UDP packet */ - if(packet->udp != NULL) { - + if(packet->udp != NULL) { /* read destination port */ dport = ntohs(packet->udp->dest); /* check standard MDNS ON port 5353 */ if(dport == 5353 && packet->payload_packet_len >= 12) { - /* mdns protocol must have destination address 224.0.0.251 */ if(packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index b465e0a30..7196ee884 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -37,12 +37,37 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc if(packet->udp) { if(packet->payload_packet_len >= 135 && - (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) && - memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { + (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001))) { + int found = 0; - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); - - ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + if(memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { + found = 36+5; + } else if(memcmp(&(packet->payload[49]), "ubnt", 4) == 0) { + found = 49+5; + } + + if(found) { + char version[256]; + int i, j, len; + + found += packet->payload[found+1] + 4; /* Skip model name */ + found++; /* Skip len*/ + + if(found < packet->payload_packet_len) { + for(i=found, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(version)-1)); i++) + version[j++] = packet->payload[i]; + + version[j] = '\0'; + + len = ndpi_min(sizeof(flow->protos.ubntac2.version)-1, j); + strncpy(flow->protos.ubntac2.version, (const char *)version, len); + flow->protos.ubntac2.version[len] = '\0'; + } + + NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); + + ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + } return; } } diff --git a/tests/pcap/ubntac2.pcap b/tests/pcap/ubntac2.pcap new file mode 100644 index 000000000..254700b61 Binary files /dev/null and b/tests/pcap/ubntac2.pcap differ diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 49579d00a..d8b67aab0 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -239,7 +239,7 @@ MS_OneDrive 348 181687 1 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes] + 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out new file mode 100644 index 000000000..02e7d8e59 --- /dev/null +++ b/tests/result/ubntac2.pcap.out @@ -0,0 +1,10 @@ +UBNTAC2 8 1736 8 + + 1 UDP 192.168.1.1:42838 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 2 UDP 192.168.1.1:47746 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 3 UDP 192.168.1.1:52220 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 4 UDP 192.168.1.1:59772 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:34085 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 6 UDP 192.168.1.1:44641 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 7 UDP 192.168.1.1:47871 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:55321 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] -- cgit v1.2.3 From 363b38ceb015530fa1f054c24ebe6c55483e64c1 Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 13 Feb 2017 13:03:27 +0100 Subject: fix dhcp buffer overflow --- src/lib/protocols/dhcp.c | 49 ++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index f597d6ced..38711c911 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -78,34 +78,35 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru while(i < DHCP_VEND_LEN) { u_int8_t id = dhcp->options[i]; - u_int8_t len = dhcp->options[i+1]; - - if(len == 0) break; - + if(id == 0xFF) break; + else { + u_int8_t len = dhcp->options[i+1]; + + if(len == 0) break; + #ifdef DHCP_DEBUG - printf("[DHCP] Id=%d [len=%d]\n", id, len); + printf("[DHCP] Id=%d [len=%d]\n", id, len); #endif - - if(id == 53 /* DHCP Message Type */) { - u_int8_t msg_type = dhcp->options[i+2]; - - if(msg_type <= 8) foundValidMsgType = 1; - } else if(id == 12 /* Host Name */) { - char *name = (char*)&dhcp->options[i+2]; - int j = 0; - + + if(id == 53 /* DHCP Message Type */) { + u_int8_t msg_type = dhcp->options[i+2]; + + if(msg_type <= 8) foundValidMsgType = 1; + } else if(id == 12 /* Host Name */) { + char *name = (char*)&dhcp->options[i+2]; + int j = 0; + #ifdef DHCP_DEBUG - printf("[DHCP] "); - while(j < len) { printf("%c", name[j]); j++; } - printf("\n"); + printf("[DHCP] "); + while(j < len) { printf("%c", name[j]); j++; } + printf("\n"); #endif - j = ndpi_min(len, sizeof(flow->host_server_name)-1); - strncpy((char*)flow->host_server_name, name, j); - flow->host_server_name[j] = '\0'; - } else if(id == 0xFF) - break; - - i += len + 2; + j = ndpi_min(len, sizeof(flow->host_server_name)-1); + strncpy((char*)flow->host_server_name, name, j); + flow->host_server_name[j] = '\0'; + } + i += len + 2; + } } //get_u_int16_t(packet->payload, 240) == htons(0x3501)) { -- cgit v1.2.3 From b35c1ab696672257eeebe8e22448373e486c5e82 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 14 Feb 2017 01:23:47 +0100 Subject: minor fix mgcp dissector --- src/lib/protocols/mgcp.c | 104 +++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 63 deletions(-) diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index 779caa0eb..e16091642 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -1,8 +1,7 @@ /* * mgcp.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2017 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -21,12 +20,11 @@ * along with nDPI. If not, see . * */ - - #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_MGCP + static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -34,67 +32,47 @@ static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct } - -#if !defined(WIN32) - static inline -#else -__forceinline static -#endif - void ndpi_search_mgcp_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - - struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - /* information about MGCP taken from http://en.wikipedia.org/wiki/MGCP */ - - u_int16_t pos = 5; - - if (packet->payload_packet_len < 8) { - goto mgcp_excluded; - } - - /* packet must end with 0x0d0a or with 0x0a */ - if (packet->payload[packet->payload_packet_len - 1] != 0x0a) { - goto mgcp_excluded; - } - - - - if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && - packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && - packet->payload[0] != 'R') { - goto mgcp_excluded; - } - if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && - memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && - memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && - memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && - memcmp(packet->payload, "RSIP ", 5) != 0) { - goto mgcp_excluded; - } - // now search for string "MGCP " in the rest of the message - while ((pos + 4) < packet->payload_packet_len) { - if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "MGCP match.\n"); - ndpi_int_mgcp_add_connection(ndpi_struct, flow); - return; - } - pos++; - } - - mgcp_excluded: - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude MGCP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MGCP); -} - - void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_search_mgcp_connection(ndpi_struct, flow); + + struct ndpi_packet_struct *packet = &flow->packet; + + u_int16_t pos = 5; + + if (packet->payload_packet_len < 8) { + goto mgcp_excluded; + } + + /* packet must end with 0x0d0a or with 0x0a */ + if (packet->payload[packet->payload_packet_len - 1] != 0x0a) { + goto mgcp_excluded; + } + + if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && + packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && + packet->payload[0] != 'R') { + goto mgcp_excluded; + } + if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && + memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && + memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && + memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && + memcmp(packet->payload, "RSIP ", 5) != 0) { + goto mgcp_excluded; + } + // now search for string "MGCP " in the rest of the message + while ((pos + 4) < packet->payload_packet_len) { + if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { + NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "MGCP match.\n"); + ndpi_int_mgcp_add_connection(ndpi_struct, flow); + return; + } + pos++; + } + + mgcp_excluded: + NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude MGCP.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MGCP); } -- cgit v1.2.3 From af04f78bd783a18593fb9a1320bfc430ae8af0bc Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 16 Feb 2017 12:43:52 +0100 Subject: update Netflix ip-range list --- src/lib/ndpi_content_match.c.inc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 04b04133a..0bbf4f9df 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -175,11 +175,32 @@ static ndpi_network host_protocol_list[] = { 23.246.0.0/18 23.21.190.124/32 69.53.224.0/19 + 108.175.32.0/20 + 185.2.220.0/22 + 185.9.188.0/22 + 192.173.64.0/18 + 198.38.96.0/19 + 198.45.48.0/20 + 37.77.184.0/21 + 45.57.0.0/17 + 66.197.128.0/17 + 64.120.128.0/17 */ { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_PROTOCOL_NETFLIX }, { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, + { 0x6CAF2000 /* 108.175.32.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, + { 0xB902DC00 /* 185.2.220.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, + { 0xB909BC00 /* 185.9.188.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, + { 0xC0AD4000 /* 192.173.64.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, + { 0xC6266000 /* 198.38.96.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, + { 0xC62D3000 /* 198.45.48.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, + { 0x254DB800 /* 37.77.184.0/21 */, 21, NDPI_PROTOCOL_NETFLIX }, + { 0x2D390000 /* 45.57.0.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x42C58000 /* 66.197.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x40788000 /* 64.120.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + /* Cloudflare -- cgit v1.2.3 From eb92c6b676064ef7bd642f43eae3136e7db4737e Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 16 Feb 2017 20:11:21 +0100 Subject: improved skype detection --- src/lib/ndpi_content_match.c.inc | 6 +++++- src/lib/protocols/skype.c | 23 ++++++++++------------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 0bbf4f9df..dfcad6c28 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -317,11 +317,13 @@ static ndpi_network host_protocol_list[] = { 157.60.0.0/16, 157.54.0.0/15 13.107.3.128/32 13.107.3.129/32 - 111.221.64.0 - 111.221.127.255 + 13.64.0.0/11 + 111.221.64.0/18 91.190.216.0/21 (AS198015 Skype Communications Sarl) 91.190.218.0/24 40.126.129.109/32 65.55.223.0/26 + 23.96.0.0/13 */ { 0x9D388740 /* 157.56.135.64 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x9D38B900 /* 157.56.185.0 */, 26, NDPI_PROTOCOL_SKYPE }, @@ -330,6 +332,7 @@ static ndpi_network host_protocol_list[] = { { 0x9D38C600 /* 157.56.198.0 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x9D3C0000 /* 157.60.0.0 */, 16, NDPI_PROTOCOL_SKYPE }, { 0x9D360000 /* 157.54.0.0 */, 15, NDPI_PROTOCOL_SKYPE }, + { 0x0D400000 /* 13.64.0.0 */, 11, NDPI_PROTOCOL_SKYPE }, { 0x0D6B0380 /* 13.107.3.128 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x0D6B0381 /* 13.107.3.129 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x6FDD4000 /* 111.221.64.0 */, 18, NDPI_PROTOCOL_SKYPE }, @@ -337,6 +340,7 @@ static ndpi_network host_protocol_list[] = { { 0x5BBEDA00 /* 91.190.218.0 */, 24, NDPI_PROTOCOL_SKYPE }, { 0x287F816D /* 40.126.129.109 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x4237DF00 /* 65.55.223.0 */, 26, NDPI_PROTOCOL_SKYPE }, + { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, /* route: 5.42.160.0/19 diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index da36d40bf..7236da777 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -1,7 +1,7 @@ /* * skype.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2017 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -17,8 +17,6 @@ * along with nDPI. If not, see . * */ - - #include "ndpi_api.h" #ifdef NDPI_PROTOCOL_SKYPE @@ -55,18 +53,17 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; + if(flow->host_server_name[0] != '\0') return; - /* - Skype AS8220 - 212.161.8.0/24 - */ + if(is_skype_flow(ndpi_struct, flow)) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); return; } + // UDP check if(packet->udp != NULL) { flow->l4.udp.skype_packet_id++; @@ -75,20 +72,20 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s /* skype-to-skype */ if(dport != 1119) /* It can be confused with battle.net */ { - if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) - || ((payload_len >= 16) - && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ - && (packet->payload[2] == 0x02))) { + if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || + ((payload_len >= 16) + && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ + && (packet->payload[2] == 0x02))) { NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } } - return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); return; + + // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; -- cgit v1.2.3 From 66044578c2dba3b081d87d6ea95e1802cb4b47cb Mon Sep 17 00:00:00 2001 From: Konstantin Shalygin Date: Sun, 12 Feb 2017 20:33:38 +0700 Subject: ndpi_content_match: Add origin routes for many services. --- src/lib/ndpi_content_match.c.inc | 15000 +++++++++++++++++++------------------ 1 file changed, 7745 insertions(+), 7255 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dfcad6c28..86927edb2 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1,7 +1,7 @@ /* * ndpi_content_match.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-2017 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -22,90 +22,36 @@ static ndpi_network host_protocol_list[] = { - /* - Facebook - 31.13.86.0/24 - 31.13.24.0/21 - 31.13.64.0/18 - 31.13.65.0/24 - 31.13.66.0/24 - 31.13.67.0/24 - 31.13.68.0/24 - 31.13.69.0/24 - 31.13.70.0/24 - 31.13.71.0/24 - 31.13.72.0/24 - 31.13.73.0/24 - 31.13.74.0/24 - 31.13.75.0/24 - 31.13.76.0/24 - 31.13.77.0/24 - 31.13.78.0/24 - 31.13.80.0/24 - 31.13.96.0/19 - 45.64.40.0/22 - 69.63.176.0/20 - 69.63.184.0/21 - 66.220.144.0/20 - 66.220.152.0/21 - 204.15.20.0/22 - + /* + Facebook, Inc. + origin AS32934, AS54115 + */ - */ - { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4100 /* 31.13.65.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4200 /* 31.13.66.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4300 /* 31.13.67.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4400 /* 31.13.68.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4500 /* 31.13.69.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4600 /* 31.13.70.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4700 /* 31.13.71.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4800 /* 31.13.72.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4900 /* 31.13.73.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4A00 /* 31.13.74.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4C00 /* 31.13.76.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4D00 /* 31.13.77.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4E00 /* 31.13.78.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D8000 /* 31.13.80.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D6000 /* 31.13.96.0/19 */, 19, NDPI_PROTOCOL_FACEBOOK }, - { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, - { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, - { 0x453FB800 /* 69.63.184.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, - { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, - { 0x45DC9800 /* 69.220.152.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, - { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, + { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x45ABE000 /* 69.171.224.0/19 */, 19, NDPI_PROTOCOL_FACEBOOK }, + { 0x4A774C00 /* 74.119.76.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x67046000 /* 103.4.96.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x81860000 /* 129.134.0.0/16 */, 16, NDPI_PROTOCOL_FACEBOOK }, + { 0x9DF00000 /* 157.240.0.0/16 */, 16, NDPI_PROTOCOL_FACEBOOK }, + { 0xADFC4000 /* 173.252.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, + { 0xB33CC000 /* 179.60.192.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0xB93CD800 /* 185.60.216.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0xC7C94000 /* 199.201.64.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + /* + Twitter Inc. + origin AS13414, AS35995 + */ - /* - Twitter - 103.252.112.0/23 - 103.252.114.0/23 - 104.244.40.0/24 - 104.244.41.0/24 - 104.244.42.0/24 - 104.244.43.0/24 - 104.244.44.0/24 - 104.244.45.0/24 - 104.244.46.0/24 - 104.244.47.0/24 - 185.45.5.0/24 - 185.45.6.0/23 - 192.133.76.0/22 - 199.16.156.0/22 - 199.59.148.0/22 - 199.96.56.0/23 - 199.96.58.0/23 - 199.96.60.0/23 - 199.96.62.0/23 - 202.160.128.0/24 - 202.160.129.0/24 - 202.160.130.0/24 - 202.160.131.0/24 - */ - { 0x67FC7000 /* 103.252.112.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0x67FC7200 /* 103.252.114.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x0819C200 /* 8.25.194.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x0819C400 /* 8.25.196.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x450C3800 /* 69.12.56.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, + { 0x67FC7000 /* 103.252.112.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0x68F42800 /* 104.244.40.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42900 /* 104.244.41.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42A00 /* 104.244.42.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, @@ -114,81 +60,493 @@ static ndpi_network host_protocol_list[] = { { 0x68F42D00 /* 104.244.45.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42E00 /* 104.244.46.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42F00 /* 104.244.47.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0xB92D0500 /* 185.45.5.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xB92D0400 /* 185.45.4.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xBC40E000 /* 188.64.224.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, + { 0xC02C4400 /* 192.44.68.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC030EC00 /* 192.48.236.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, - { 0xC7603800 /* 199.96.56.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC7603B00 /* 199.96.58.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC7603C00 /* 199.96.60.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC7603F00 /* 199.96.62.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0x68F28000 /* 202.160.128.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0x68F28100 /* 202.160.129.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xC7453A00 /* 199.69.58.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603800 /* 199.96.56.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, + { 0xCAA08000 /* 202.160.128.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, /* WhatsApp Inc. 169.47.35.32 - 169.47.35.63 */ + { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, - - /* - OpenDNS - 208.67.216.0/21 - */ - { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, - /* + /* + OpenDNS, LLC + origin AS36692, AS30607 + */ + + { 0x26631400 /* 38.99.20.0/23 */, 23, NDPI_PROTOCOL_OPENDNS }, + { 0x3F504FC0 /* 63.80.79.192/26 */, 26, NDPI_PROTOCOL_OPENDNS }, + { 0x43D74000 /* 67.215.64.0/19 */, 19, NDPI_PROTOCOL_OPENDNS }, + { 0x92700000 /* 146.112.0.0/16 */, 16, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5400 /* 185.60.84.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5500 /* 185.60.85.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5600 /* 185.60.86.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5700 /* 185.60.87.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xCCC2E800 /* 204.194.232.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, + { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, + { 0xD0452000 /* 208.69.32.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, + + /* Microsoft Corporation (MS One Drive) - 204.79.195.0/24 - 204.79.196.0/23 - 134.170.0.0/16 - 131.253.12.0/22 - 131.253.16.0/23 - 131.253.18.0/24 - 65.54.191.0/24 */ + { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, - { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, - { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, - /* - Amazon-EU-AWS Elastic Compute Cloud, EC2 (also used by Netflix) - 46.137.128.0/18 + /* + Amazon.com, Inc. / Amazon Data Services Ireland Ltd + origin AS16509, AS14618, AS7224, AS62785, AS8987 */ + + { 0x08129000 /* 8.18.144.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x08129100 /* 8.18.145.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x0D200000 /* 13.32.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D340000 /* 13.52.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D380000 /* 13.56.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D700000 /* 13.112.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D7C0000 /* 13.124.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0DD00000 /* 13.208.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0DE40000 /* 13.228.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0DE80000 /* 13.232.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x0DF80000 /* 13.248.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x17140000 /* 23.20.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x1B000000 /* 27.0.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x22C00000 /* 34.192.0.0/10 */, 10, NDPI_PROTOCOL_AMAZON }, + { 0x23980000 /* 35.152.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x23A00000 /* 35.160.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, + { 0x23B00000 /* 35.176.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x2BFAC000 /* 43.250.192.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x2BFAC100 /* 43.250.193.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x2E338000 /* 46.51.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x2E33C000 /* 46.51.192.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x2E33D800 /* 46.51.216.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x2E33E000 /* 46.51.224.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x2E890000 /* 46.137.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x2E89C000 /* 46.137.192.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x2E89E000 /* 46.137.224.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x32100000 /* 50.16.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x32700000 /* 50.112.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34000000 /* 52.0.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34020000 /* 52.2.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34040000 /* 52.4.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34080000 /* 52.8.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34090000 /* 52.9.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x340A0000 /* 52.10.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x340C0000 /* 52.12.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x340E0000 /* 52.14.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34100000 /* 52.16.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34120000 /* 52.18.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34140000 /* 52.20.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34180000 /* 52.24.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x341C0000 /* 52.28.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x341D0000 /* 52.29.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x341E0000 /* 52.30.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34200000 /* 52.32.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34240000 /* 52.36.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34280000 /* 52.40.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x342C0000 /* 52.44.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x342E0000 /* 52.46.0.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x342E5000 /* 52.46.80.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x342F0000 /* 52.47.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34300000 /* 52.48.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34340000 /* 52.52.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34360000 /* 52.54.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34380000 /* 52.56.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34390000 /* 52.57.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x343A0000 /* 52.58.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x343C0000 /* 52.60.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x343E0000 /* 52.62.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34400000 /* 52.64.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34408000 /* 52.64.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34410000 /* 52.65.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34420000 /* 52.66.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34430000 /* 52.67.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34440000 /* 52.68.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34460000 /* 52.70.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34480000 /* 52.72.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x344A0000 /* 52.74.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x344C0000 /* 52.76.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x344C8000 /* 52.76.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x3452BB00 /* 52.82.187.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x34530000 /* 52.83.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34540000 /* 52.84.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34560000 /* 52.86.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34580000 /* 52.88.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x345C0000 /* 52.92.0.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345C1000 /* 52.92.16.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345C2000 /* 52.92.32.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C2800 /* 52.92.40.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345C3000 /* 52.92.48.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C3400 /* 52.92.52.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C3800 /* 52.92.56.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C3C00 /* 52.92.60.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4000 /* 52.92.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4400 /* 52.92.68.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4800 /* 52.92.72.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4C00 /* 52.92.76.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C5400 /* 52.92.84.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C5800 /* 52.92.88.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345CF800 /* 52.92.248.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345CFC00 /* 52.92.252.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345D0000 /* 52.93.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x345E0000 /* 52.94.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345E0400 /* 52.94.4.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0500 /* 52.94.5.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0600 /* 52.94.6.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0700 /* 52.94.7.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0800 /* 52.94.8.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0900 /* 52.94.9.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0A00 /* 52.94.10.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0B00 /* 52.94.11.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0C00 /* 52.94.12.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0D00 /* 52.94.13.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0E00 /* 52.94.14.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0F00 /* 52.94.15.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E1100 /* 52.94.17.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E1800 /* 52.94.24.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345E1C00 /* 52.94.28.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345E2000 /* 52.94.32.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E3000 /* 52.94.48.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E4000 /* 52.94.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345E5000 /* 52.94.80.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E6000 /* 52.94.96.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E7000 /* 52.94.112.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345ECC00 /* 52.94.204.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345ECE00 /* 52.94.206.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345ED000 /* 52.94.208.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345ED800 /* 52.94.216.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345EE000 /* 52.94.224.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345EF000 /* 52.94.240.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345EFC00 /* 52.94.252.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345EFE00 /* 52.94.254.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345F0A00 /* 52.95.10.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345F0C00 /* 52.95.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F1000 /* 52.95.16.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345F1800 /* 52.95.24.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F1E00 /* 52.95.30.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345F2200 /* 52.95.34.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345F2300 /* 52.95.35.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345F2400 /* 52.95.36.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F3000 /* 52.95.48.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F3400 /* 52.95.52.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F3800 /* 52.95.56.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F4000 /* 52.95.64.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345F5000 /* 52.95.80.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345F6000 /* 52.95.96.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F6400 /* 52.95.100.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F6800 /* 52.95.104.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F6F00 /* 52.95.111.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345F8000 /* 52.95.128.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x345FA000 /* 52.95.160.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x345FC000 /* 52.95.192.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345FD400 /* 52.95.212.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345FE000 /* 52.95.224.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF000 /* 52.95.240.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF100 /* 52.95.241.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF200 /* 52.95.242.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF300 /* 52.95.243.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF400 /* 52.95.244.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF500 /* 52.95.245.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF600 /* 52.95.246.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF700 /* 52.95.247.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF800 /* 52.95.248.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF900 /* 52.95.249.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFA00 /* 52.95.250.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFB00 /* 52.95.251.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFC00 /* 52.95.252.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFD00 /* 52.95.253.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFE00 /* 52.95.254.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x34778000 /* 52.119.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x347C8000 /* 52.124.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34818000 /* 52.129.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34908000 /* 52.144.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34C00000 /* 52.192.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34C40000 /* 52.196.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34C80000 /* 52.200.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x34D00000 /* 52.208.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x34D80000 /* 52.216.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34DA0000 /* 52.218.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DA8000 /* 52.218.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DB0000 /* 52.219.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DB8000 /* 52.219.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DC0000 /* 52.220.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34DE0000 /* 52.222.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DE8000 /* 52.222.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36400000 /* 54.64.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36420000 /* 54.66.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36428000 /* 54.66.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36430000 /* 54.67.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36440000 /* 54.68.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36460000 /* 54.70.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36480000 /* 54.72.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36490000 /* 54.73.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x364A0000 /* 54.74.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x364C0000 /* 54.76.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x364E0000 /* 54.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x364F0000 /* 54.79.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x364F8000 /* 54.79.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36500000 /* 54.80.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36540000 /* 54.84.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36560000 /* 54.86.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36570000 /* 54.87.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36580000 /* 54.88.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36590000 /* 54.89.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x365A0000 /* 54.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x365C0000 /* 54.92.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365C8000 /* 54.92.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365D0000 /* 54.93.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x365E0000 /* 54.94.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365E8000 /* 54.94.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x365EC000 /* 54.94.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x365F0000 /* 54.95.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365F8000 /* 54.95.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36900000 /* 54.144.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36940000 /* 54.148.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36960000 /* 54.150.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36970000 /* 54.151.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36978000 /* 54.151.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36980000 /* 54.152.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36990000 /* 54.153.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36998000 /* 54.153.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x369A0000 /* 54.154.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x369B0000 /* 54.155.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x369C0000 /* 54.156.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36A00000 /* 54.160.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36A40000 /* 54.164.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36A60000 /* 54.166.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36A80000 /* 54.168.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36A90000 /* 54.169.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36A98000 /* 54.169.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36AA0000 /* 54.170.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36AB0000 /* 54.171.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36AC0000 /* 54.172.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36AE0000 /* 54.174.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36B00000 /* 54.176.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36B20000 /* 54.178.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B28000 /* 54.178.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B30000 /* 54.179.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B38000 /* 54.179.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36B3C000 /* 54.179.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36B60000 /* 54.182.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x36B60800 /* 54.182.8.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x36B61000 /* 54.182.16.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x36B68000 /* 54.182.128.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68200 /* 54.182.130.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68400 /* 54.182.132.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68600 /* 54.182.134.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68800 /* 54.182.136.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68A00 /* 54.182.138.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68C00 /* 54.182.140.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68E00 /* 54.182.142.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69000 /* 54.182.144.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69200 /* 54.182.146.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69400 /* 54.182.148.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69600 /* 54.182.150.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69800 /* 54.182.152.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69A00 /* 54.182.154.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69C00 /* 54.182.156.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69E00 /* 54.182.158.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A200 /* 54.182.162.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A400 /* 54.182.164.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A600 /* 54.182.166.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A800 /* 54.182.168.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6AA00 /* 54.182.170.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6AE00 /* 54.182.174.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B000 /* 54.182.176.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B200 /* 54.182.178.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B400 /* 54.182.180.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B600 /* 54.182.182.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B800 /* 54.182.184.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6BA00 /* 54.182.186.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6BF00 /* 54.182.191.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C000 /* 54.182.192.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C100 /* 54.182.193.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C200 /* 54.182.194.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C300 /* 54.182.195.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C400 /* 54.182.196.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C500 /* 54.182.197.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C600 /* 54.182.198.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C700 /* 54.182.199.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C800 /* 54.182.200.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C900 /* 54.182.201.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CA00 /* 54.182.202.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CB00 /* 54.182.203.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CC00 /* 54.182.204.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CD00 /* 54.182.205.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CE00 /* 54.182.206.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CF00 /* 54.182.207.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D100 /* 54.182.209.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D200 /* 54.182.210.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D300 /* 54.182.211.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D400 /* 54.182.212.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D500 /* 54.182.213.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D600 /* 54.182.214.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D700 /* 54.182.215.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D800 /* 54.182.216.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D900 /* 54.182.217.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DA00 /* 54.182.218.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DB00 /* 54.182.219.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DC00 /* 54.182.220.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DD00 /* 54.182.221.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DE00 /* 54.182.222.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DF00 /* 54.182.223.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E000 /* 54.182.224.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E200 /* 54.182.226.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E400 /* 54.182.228.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E600 /* 54.182.230.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E700 /* 54.182.231.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E800 /* 54.182.232.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E900 /* 54.182.233.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EA00 /* 54.182.234.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EB00 /* 54.182.235.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EC00 /* 54.182.236.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6ED00 /* 54.182.237.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EE00 /* 54.182.238.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EF00 /* 54.182.239.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F000 /* 54.182.240.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F200 /* 54.182.242.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F300 /* 54.182.243.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F400 /* 54.182.244.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F500 /* 54.182.245.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F600 /* 54.182.246.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F800 /* 54.182.248.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FA00 /* 54.182.250.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FC00 /* 54.182.252.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FD00 /* 54.182.253.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FE00 /* 54.182.254.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FF00 /* 54.182.255.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B70000 /* 54.183.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B78000 /* 54.183.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B80000 /* 54.184.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36BA0000 /* 54.186.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36BC0000 /* 54.188.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36BE0000 /* 54.190.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36BF0000 /* 54.191.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C00000 /* 54.192.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C10000 /* 54.193.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C18000 /* 54.193.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C20000 /* 54.194.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C30000 /* 54.195.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C40000 /* 54.196.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36C60000 /* 54.198.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C70000 /* 54.199.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C78000 /* 54.199.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C80000 /* 54.200.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36CA0000 /* 54.202.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36CC0000 /* 54.204.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36CE0000 /* 54.206.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36CE8000 /* 54.206.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36CF0000 /* 54.207.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36CF8000 /* 54.207.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D00000 /* 54.208.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36D20000 /* 54.210.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D30000 /* 54.211.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D40000 /* 54.212.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D50000 /* 54.213.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D60000 /* 54.214.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D68000 /* 54.214.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D70000 /* 54.215.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D78000 /* 54.215.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36D7C000 /* 54.215.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36D80000 /* 54.216.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36DA0000 /* 54.218.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36DA8000 /* 54.218.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36DB0000 /* 54.219.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36DB8000 /* 54.219.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36DBC000 /* 54.219.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36DC0000 /* 54.220.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36DD0000 /* 54.221.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36DF2000 /* 54.223.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x36DF4000 /* 54.223.64.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36E00000 /* 54.224.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, + { 0x36F00000 /* 54.240.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, + { 0x3F5C0C00 /* 63.92.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x3FEE0C00 /* 63.238.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x3FEE1000 /* 63.238.16.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x42074000 /* 66.7.64.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x43CA0000 /* 67.202.0.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x4815C000 /* 72.21.192.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x482C2000 /* 72.44.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x4B658000 /* 75.101.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x4F7D0000 /* 79.125.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x57EE5000 /* 87.238.80.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x607F0000 /* 96.127.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x67040800 /* 103.4.8.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x6708AC00 /* 103.8.172.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x67F69400 /* 103.246.148.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x67F69600 /* 103.246.150.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x6B140000 /* 107.20.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x7AF8C000 /* 122.248.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xAC606000 /* 172.96.96.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0xAE810000 /* 174.129.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0xAF298000 /* 175.41.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xAF29C000 /* 175.41.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xB0204000 /* 176.32.64.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB0206000 /* 176.32.96.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB0206800 /* 176.32.104.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB0207000 /* 176.32.112.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB0207800 /* 176.32.120.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xB0207E00 /* 176.32.126.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0xB0220000 /* 176.34.0.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB0222000 /* 176.34.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB0224000 /* 176.34.64.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xB0228000 /* 176.34.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB1478000 /* 177.71.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB148F000 /* 177.72.240.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB2EC0000 /* 178.236.0.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0xB8480000 /* 184.72.0.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xB8484000 /* 184.72.64.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB8486000 /* 184.72.96.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB8488000 /* 184.72.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB8490000 /* 184.73.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0xB8A98000 /* 184.169.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB9307800 /* 185.48.120.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xB98F1000 /* 185.143.16.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xC77FE800 /* 199.127.232.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xC7FFC000 /* 199.255.192.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xCB53DC00 /* 203.83.220.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xCCEC8000 /* 204.236.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xCCECC000 /* 204.236.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xCCF6A000 /* 204.246.160.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xCDFBC000 /* 205.251.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xCFABA000 /* 207.171.160.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xD02FF800 /* 208.47.248.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0xD1C96000 /* 209.201.96.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xD8892000 /* 216.137.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xD8B6E000 /* 216.182.224.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - /* - Amazon-EU (also used by Netflix) - 176.34.184.0/21 + /* + Netflix Inc. / Netflix Streaming Services Inc. + origin AS2906, AS55095, AS40027 */ - { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - - /* - Netflix - 23.246.0.0/18 - 23.21.190.124/32 - 69.53.224.0/19 - 108.175.32.0/20 - 185.2.220.0/22 - 185.9.188.0/22 - 192.173.64.0/18 - 198.38.96.0/19 - 198.45.48.0/20 - 37.77.184.0/21 - 45.57.0.0/17 - 66.197.128.0/17 - 64.120.128.0/17 - */ { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, - { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_PROTOCOL_NETFLIX }, + { 0x254DB800 /* 37.77.184.0/21 */, 21, NDPI_PROTOCOL_NETFLIX }, + { 0x26487E00 /* 38.72.126.0/24 */, 24, NDPI_PROTOCOL_NETFLIX }, + { 0x2D390000 /* 45.57.0.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x40788000 /* 64.120.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x42C58000 /* 66.197.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, { 0x6CAF2000 /* 108.175.32.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, { 0xB902DC00 /* 185.2.220.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, @@ -196,38 +554,37 @@ static ndpi_network host_protocol_list[] = { { 0xC0AD4000 /* 192.173.64.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, { 0xC6266000 /* 198.38.96.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, { 0xC62D3000 /* 198.45.48.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, - { 0x254DB800 /* 37.77.184.0/21 */, 21, NDPI_PROTOCOL_NETFLIX }, - { 0x2D390000 /* 45.57.0.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, - { 0x42C58000 /* 66.197.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, - { 0x40788000 /* 64.120.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, - + { 0xD04B4C00 /* 208.75.76.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, /* - Cloudflare - 104.16.0.0/12 - 173.245.48.0/20 - 162.158.0.0/15 - 141.101.125.0/24 CLOUDFLARE-EU CDN network + Cloudflare, Inc. + origin AS13335, AS132892, AS203898, AS394536 */ + + { 0x4044C000 /* 64.68.192.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_PROTOCOL_CLOUDFLARE }, - { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x6CA2C000 /* 108.162.192.0/18 */, 18, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x8D654400 /* 141.101.68.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x8D654500 /* 141.101.69.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_PROTOCOL_CLOUDFLARE }, - { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xA2FB5200 /* 162.251.82.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xAC400000 /* 172.64.0.0/13 */, 13, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xB97A0000 /* 185.122.0.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726000 /* 188.114.96.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726400 /* 188.114.100.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726800 /* 188.114.104.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726900 /* 188.114.105.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726A00 /* 188.114.106.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726B00 /* 188.114.107.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726C00 /* 188.114.108.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xC6298000 /* 198.41.128.0/17 */, 17, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xC71B8000 /* 199.27.128.0/21 */, 21, NDPI_PROTOCOL_CLOUDFLARE }, - /* + /* OFFICE 365 - 13.107.1.0/24 - 13.107.3.0/24 - 13.107.4.0/24 - 13.107.5.0/24 - 13.107.6.0/24 - 13.107.7.0/24 - 13.107.9.0/24 - 13.107.12.0/24 - 13.107.13.0/24 - 13.107.15.0/24 - 13.107.16.0/24 */ + { 0x0D6B0100 /* 13.107.1.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, { 0x0D6B0300 /* 13.107.3.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, { 0x0D6B0400 /* 13.107.4.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, @@ -242,88 +599,86 @@ static ndpi_network host_protocol_list[] = { /* OCS GO (Orange Cinéma Séries) - 178.248.208.0/21 */ + { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_PROTOCOL_OCS }, /* IFLIX services -by www.vizuamatix.com R&D team - 52.77.0.0/16 - 52.220.0.0/16 - 52.74.0.0/16 - 54.230.159.0/24 - 54.192.156.80/32 - 54.251.182.168/32 - 54.192.150.0/24 - 52.74.192.247/32 - 2.21.231.24/32 - */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, - { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, - { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, - { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_PROTOCOL_IFLIX }, - { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_PROTOCOL_IFLIX }, - { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_PROTOCOL_IFLIX }, - { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, - { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, - { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, + */ + + { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, /* Citrix GotoMeeting (AS16815, AS21866) - 216.115.208.0/20 - 216.219.112.0/20 */ + { 0xD873D000 /* 216.115.208.0 */, 20, NDPI_PROTOCOL_CITRIX_ONLINE }, { 0xD8DB7000 /* 216.219.112.0 */, 20, NDPI_PROTOCOL_CITRIX_ONLINE }, /* - Webex - 66.114.160.0/20 + Cisco Webex LLC + origin AS13445 */ - { 0x4272A000 /* 66.114.160.0 */, 20, NDPI_PROTOCOL_WEBEX }, + + { 0x0819C000 /* 8.25.192.0/24 */, 24, NDPI_PROTOCOL_WEBEX }, + { 0x3E6DC000 /* 62.109.192.0/18 */, 18, NDPI_PROTOCOL_WEBEX }, + { 0x40446000 /* 64.68.96.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0x4272A000 /* 66.114.160.0/20 */, 20, NDPI_PROTOCOL_WEBEX }, + { 0x42A32000 /* 66.163.32.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0x721DC000 /* 114.29.192.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0xADF30000 /* 173.243.0.0/20 */, 20, NDPI_PROTOCOL_WEBEX }, + { 0xCFB6A000 /* 207.182.160.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0xD0085100 /* 208.8.81.0/24 */, 24, NDPI_PROTOCOL_WEBEX }, + { 0xD1C5C000 /* 209.197.192.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0xD204C000 /* 210.4.192.0/20 */, 20, NDPI_PROTOCOL_WEBEX }, /* - Viber Media AWS-VIBER-MEDIA (NET-54-169-63-160-1) 54.169.63.160 - 54.169.63.191 - Viber Media S a r l AWS-VIBER-MEDIA-S-A-R-L (NET-54-93-255-64-1) 54.93.255.64 - 54.93.255.127 - Crittercism AWS-VIBER-MEDIA (NET-52-0-252-0-1) 52.0.252.0 - 52.0.255.255 - 54.169.63.160/27 - 54.93.255.64/26 - 52.0.252.0/22 + Viber Media S.à r.l. + https://whois.arin.net/rest/nets;q=AWS-VIBER-MEDIA?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2 */ - { 0x36A93FA0 /* 54.169.63.160 */, 27, NDPI_PROTOCOL_VIBER }, - { 0x365DFF40 /* 54.93.255.64 */, 26, NDPI_PROTOCOL_VIBER }, - { 0x3400FC00 /* 52.0.252.0 */, 22, NDPI_PROTOCOL_VIBER }, + + { 0x3400FC00 /* 52.0.252.0/22 */, 22, NDPI_PROTOCOL_VIBER }, + { 0x3640BFF0 /* 54.64.191.240/28 */, 28, NDPI_PROTOCOL_VIBER }, + { 0x36A5FFD0 /* 54.165.255.208/28 */, 28, NDPI_PROTOCOL_VIBER }, + { 0x36A5FFE0 /* 54.165.255.224/27 */, 27, NDPI_PROTOCOL_VIBER }, + { 0x36A93FA0 /* 54.169.63.160/27 */, 27, NDPI_PROTOCOL_VIBER }, + { 0x36A93FC0 /* 54.169.63.192/26 */, 26, NDPI_PROTOCOL_VIBER }, + { 0x36DBBFA0 /* 54.219.191.160/28 */, 28, NDPI_PROTOCOL_VIBER }, + { 0x36E8FB90 /* 54.232.251.144/28 */, 28, NDPI_PROTOCOL_VIBER }, /* - Apple (FaceTime, iMessage,...) - 17.0.0.0/8 + Apple Inc. + origin AS714, AS6185 */ - { 0x11000000 /* 17.0.0.0 */, 8, NDPI_PROTOCOL_APPLE }, + + { 0x11000000 /* 17.0.0.0/8 */, 8, NDPI_PROTOCOL_APPLE }, + { 0xC0233200 /* 192.35.50.0/24 */, 24, NDPI_PROTOCOL_APPLE }, + { 0xC6B71000 /* 198.183.16.0/24 */, 24, NDPI_PROTOCOL_APPLE }, + { 0xC6B71100 /* 198.183.17.0/24 */, 24, NDPI_PROTOCOL_APPLE }, + { 0xCDB4AF00 /* 205.180.175.0/24 */, 24, NDPI_PROTOCOL_APPLE }, /* - Dropbox - 108.160.160.0/20 - 199.47.216.0/22 - 45.58.64.0/20 + Dropbox, Inc. + origin AS19679 */ - { 0x6CA0A000 /* 108.160.160.0 */, 20, NDPI_PROTOCOL_DROPBOX }, - { 0xC72FD800 /* 199.47.216.0 */, 22, NDPI_PROTOCOL_DROPBOX }, - { 0x2D3A4000 /* 45.58.64.0 */, 20, NDPI_PROTOCOL_DROPBOX }, + + { 0x2D3A4000 /* 45.58.64.0/20 */, 20, NDPI_PROTOCOL_DROPBOX }, + { 0x6CA0A000 /* 108.160.160.0/20 */, 20, NDPI_PROTOCOL_DROPBOX }, + { 0xA27D0000 /* 162.125.0.0/16 */, 16, NDPI_PROTOCOL_DROPBOX }, + { 0xB92D0800 /* 185.45.8.0/22 */, 22, NDPI_PROTOCOL_DROPBOX }, + { 0xC72FD800 /* 199.47.216.0/22 */, 22, NDPI_PROTOCOL_DROPBOX }, /* Skype (Microsoft CDN) - 157.56.135.64/26, 157.56.185.0/26, 157.56.52.0/26, - 157.56.53.128/25, 157.56.198.0/26 - 157.60.0.0/16, 157.54.0.0/15 - 13.107.3.128/32 - 13.107.3.129/32 - 13.64.0.0/11 - 111.221.64.0/18 - 91.190.216.0/21 (AS198015 Skype Communications Sarl) - 91.190.218.0/24 - 40.126.129.109/32 - 65.55.223.0/26 - 23.96.0.0/13 */ { 0x9D388740 /* 157.56.135.64 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x9D38B900 /* 157.56.185.0 */, 26, NDPI_PROTOCOL_SKYPE }, @@ -343,7071 +698,7206 @@ static ndpi_network host_protocol_list[] = { { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, /* - route: 5.42.160.0/19 - descr: Blizzard Entertainment, Inc - origin: AS57976 + Blizzard Entertainment, Inc + origin AS57976 */ - { 0x052AA000 /* 5.42.160.0 */, 19, NDPI_PROTOCOL_STARCRAFT }, + + { 0x052AA000 /* 5.42.160.0/19 */, 19, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81DE00 /* 12.129.222.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81E400 /* 12.129.228.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81EC00 /* 12.129.236.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81FE00 /* 12.129.254.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C82F400 /* 12.130.244.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x18690000 /* 24.105.0.0/18 */, 18, NDPI_PROTOCOL_STARCRAFT }, + { 0x25F40000 /* 37.244.0.0/18 */, 18, NDPI_PROTOCOL_STARCRAFT }, + { 0x3B992800 /* 59.153.40.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x3E73F400 /* 62.115.244.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x50EFD000 /* 80.239.208.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x67047200 /* 103.4.114.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x67C62000 /* 103.198.32.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x89DD4000 /* 137.221.64.0/18 */, 18, NDPI_PROTOCOL_STARCRAFT }, + { 0xB93C7000 /* 185.60.112.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0xC30CF400 /* 195.12.244.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0xC76C2000 /* 199.108.32.0/20 */, 20, NDPI_PROTOCOL_STARCRAFT }, + { 0xC76C3000 /* 199.108.48.0/20 */, 20, NDPI_PROTOCOL_STARCRAFT }, + { 0xCA094200 /* 202.9.66.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, /* - Google - 173.194.0.0/16 - 74.125.0.0/16 - 64.233.160.0/19 - 216.58.192.0/19 + Google Inc. / Google Switzerland GmbH / Google Ireland Limited + origin AS15169, AS36384, AS41264, AS43515, AS36039, AS36040, AS36492 */ - { 0xADC20000 /* 173.194.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, - { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, - { 0x40E91600 /* 64.233.160.0 */, 19, NDPI_PROTOCOL_GOOGLE }, - { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_PROTOCOL_GOOGLE }, + + { 0x01000000 /* 1.0.0.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x01010100 /* 1.1.1.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x01020300 /* 1.2.3.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x08063000 /* 8.6.48.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x08080400 /* 8.8.4.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x08080800 /* 8.8.8.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x080FCA00 /* 8.15.202.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x0822D000 /* 8.34.208.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x0822D800 /* 8.34.216.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x0823C000 /* 8.35.192.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x0823C800 /* 8.35.200.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x17EC3000 /* 23.236.48.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x17FB8000 /* 23.251.128.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x23B80000 /* 35.184.0.0/13 */, 13, NDPI_PROTOCOL_GOOGLE }, + { 0x2D79E400 /* 45.121.228.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x2D79E500 /* 45.121.229.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x2D79E600 /* 45.121.230.0/23 */, 23, NDPI_PROTOCOL_GOOGLE }, + { 0x2E1CF700 /* 46.28.247.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x4009E000 /* 64.9.224.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x400F7000 /* 64.15.112.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x40E9A000 /* 64.233.160.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x42660000 /* 66.102.0.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x42F94000 /* 66.249.64.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x46208000 /* 70.32.128.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x480EC000 /* 72.14.192.0/18 */, 18, NDPI_PROTOCOL_GOOGLE }, + { 0x4A721800 /* 74.114.24.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x4A7D0000 /* 74.125.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x59CFE000 /* 89.207.224.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x673E4000 /* 103.62.64.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x673E4100 /* 103.62.65.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x673E4200 /* 103.62.66.0/23 */, 23, NDPI_PROTOCOL_GOOGLE }, + { 0x68840000 /* 104.132.0.0/14 */, 14, NDPI_PROTOCOL_GOOGLE }, + { 0x689A0000 /* 104.154.0.0/15 */, 15, NDPI_PROTOCOL_GOOGLE }, + { 0x68C40000 /* 104.196.0.0/14 */, 14, NDPI_PROTOCOL_GOOGLE }, + { 0x68EDA000 /* 104.237.160.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x6BA7A000 /* 107.167.160.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x6BB2C000 /* 107.178.192.0/18 */, 18, NDPI_PROTOCOL_GOOGLE }, + { 0x6C3B5000 /* 108.59.80.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x6CAAC000 /* 108.170.192.0/18 */, 18, NDPI_PROTOCOL_GOOGLE }, + { 0x6CB10000 /* 108.177.0.0/17 */, 17, NDPI_PROTOCOL_GOOGLE }, + { 0x71C56800 /* 113.197.104.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0x82D30000 /* 130.211.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x8EFA0000 /* 142.250.0.0/15 */, 15, NDPI_PROTOCOL_GOOGLE }, + { 0x92940000 /* 146.148.0.0/17 */, 17, NDPI_PROTOCOL_GOOGLE }, + { 0xA2D89400 /* 162.216.148.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xA2DEB000 /* 162.222.176.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xAC660800 /* 172.102.8.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xAC6E2000 /* 172.110.32.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xACD90000 /* 172.217.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0xACFD0000 /* 172.253.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0xADC20000 /* 173.194.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0xADFF7000 /* 173.255.112.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xB9191C00 /* 185.25.28.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xB9969400 /* 185.150.148.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC068A000 /* 192.104.160.0/23 */, 23, NDPI_PROTOCOL_GOOGLE }, + { 0xC0771C00 /* 192.119.28.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC09E1C00 /* 192.158.28.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC0B20000 /* 192.178.0.0/15 */, 15, NDPI_PROTOCOL_GOOGLE }, + { 0xC1210400 /* 193.33.4.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC1210500 /* 193.33.5.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC1C8DE00 /* 193.200.222.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC27A5000 /* 194.122.80.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC7C07000 /* 199.192.112.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC7DFE800 /* 199.223.232.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xCFDFA000 /* 207.223.160.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xD0419800 /* 208.65.152.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xD075E000 /* 208.117.224.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD1558000 /* 209.85.128.0/17 */, 17, NDPI_PROTOCOL_GOOGLE }, + { 0xD16BB000 /* 209.107.176.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xD83AC000 /* 216.58.192.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD8495000 /* 216.73.80.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xD8EF2000 /* 216.239.32.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD8FCDC00 /* 216.252.220.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, /* - Ubuntu One - 91.189.89.0/21 (255.255.248.0) + Canonical Ltd (Ubuntu) + origin AS41231 */ - { 0x5BBD5900 /* 91.189.89.0 */, 21, NDPI_PROTOCOL_UBUNTUONE}, + + { 0x5BBD5800 /* 91.189.88.0/21 */, 21, NDPI_PROTOCOL_UBUNTUONE }, + { 0xA2D52000 /* 162.213.32.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, + { 0xB97DBC00 /* 185.125.188.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, /* - Telegram - 149.154.164.0/22 - 149.154.168.0/22 - http://myip.ms/view/web_hosting/363906/Telegram_Messenger_Network.html + Telegram Messenger LLP + origin: AS62041, AS62014, AS59930 */ - { 0x959AA400 /* 149.154.164.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM}, - { 0x959AA800 /* 149.154.168.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM}, + + { 0x5B6C0400 /* 91.108.4.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C0800 /* 91.108.8.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C0C00 /* 91.108.12.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C1000 /* 91.108.16.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, /* - TOR + Tor + http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv + From 02/17/2017 */ - { 0x012A1231, 32, NDPI_PROTOCOL_TOR }, - { 0x01E69FA1, 32, NDPI_PROTOCOL_TOR }, - { 0x020DE985, 32, NDPI_PROTOCOL_TOR }, - { 0x021D88C5, 32, NDPI_PROTOCOL_TOR }, - { 0x0221585B, 32, NDPI_PROTOCOL_TOR }, - { 0x023E1975, 32, NDPI_PROTOCOL_TOR }, - { 0x0255D62F, 32, NDPI_PROTOCOL_TOR }, - { 0x025B6A07, 32, NDPI_PROTOCOL_TOR }, - { 0x025CB2FE, 32, NDPI_PROTOCOL_TOR }, - { 0x025DFEE6, 32, NDPI_PROTOCOL_TOR }, - { 0x025E83A7, 32, NDPI_PROTOCOL_TOR }, - { 0x02683058, 32, NDPI_PROTOCOL_TOR }, - { 0x026AEE77, 32, NDPI_PROTOCOL_TOR }, - { 0x026B16BA, 32, NDPI_PROTOCOL_TOR }, - { 0x028BD8A9, 32, NDPI_PROTOCOL_TOR }, - { 0x02D9E930, 32, NDPI_PROTOCOL_TOR }, - { 0x02E18D86, 32, NDPI_PROTOCOL_TOR }, - { 0x02E1E75C, 32, NDPI_PROTOCOL_TOR }, - { 0x02E688B0, 32, NDPI_PROTOCOL_TOR }, - { 0x02E6A4FE, 32, NDPI_PROTOCOL_TOR }, - { 0x02E7F51D, 32, NDPI_PROTOCOL_TOR }, - { 0x02EAEAFB, 32, NDPI_PROTOCOL_TOR }, - { 0x02EB2A85, 32, NDPI_PROTOCOL_TOR }, - { 0x02F04269, 32, NDPI_PROTOCOL_TOR }, - { 0x02F0667E, 32, NDPI_PROTOCOL_TOR }, - { 0x02F0DA7F, 32, NDPI_PROTOCOL_TOR }, - { 0x02F183CC, 32, NDPI_PROTOCOL_TOR }, - { 0x02F1A8DE, 32, NDPI_PROTOCOL_TOR }, - { 0x02F2F217, 32, NDPI_PROTOCOL_TOR }, - { 0x02F2FBEB, 32, NDPI_PROTOCOL_TOR }, - { 0x02F4CD37, 32, NDPI_PROTOCOL_TOR }, - { 0x02F779C1, 32, NDPI_PROTOCOL_TOR }, - { 0x0422C8FD, 32, NDPI_PROTOCOL_TOR }, - { 0x0422C8FD, 32, NDPI_PROTOCOL_TOR }, - { 0x0501547D, 32, NDPI_PROTOCOL_TOR }, - { 0x05021027, 32, NDPI_PROTOCOL_TOR }, - { 0x050902CC, 32, NDPI_PROTOCOL_TOR }, - { 0x050906A3, 32, NDPI_PROTOCOL_TOR }, - { 0x05091513, 32, NDPI_PROTOCOL_TOR }, - { 0x05091ADB, 32, NDPI_PROTOCOL_TOR }, - { 0x05091ADB, 32, NDPI_PROTOCOL_TOR }, - { 0x0509254B, 32, NDPI_PROTOCOL_TOR }, - { 0x05092771, 32, NDPI_PROTOCOL_TOR }, - { 0x05092B03, 32, NDPI_PROTOCOL_TOR }, - { 0x05092B50, 32, NDPI_PROTOCOL_TOR }, - { 0x05093176, 32, NDPI_PROTOCOL_TOR }, - { 0x05093394, 32, NDPI_PROTOCOL_TOR }, - { 0x050933AE, 32, NDPI_PROTOCOL_TOR }, - { 0x0509362C, 32, NDPI_PROTOCOL_TOR }, - { 0x05093B4E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509437C, 32, NDPI_PROTOCOL_TOR }, - { 0x05094F06, 32, NDPI_PROTOCOL_TOR }, - { 0x05094F9A, 32, NDPI_PROTOCOL_TOR }, - { 0x0509501C, 32, NDPI_PROTOCOL_TOR }, - { 0x050953CC, 32, NDPI_PROTOCOL_TOR }, - { 0x05095812, 32, NDPI_PROTOCOL_TOR }, - { 0x050959BD, 32, NDPI_PROTOCOL_TOR }, - { 0x05096C4A, 32, NDPI_PROTOCOL_TOR }, - { 0x05096C56, 32, NDPI_PROTOCOL_TOR }, - { 0x05096E85, 32, NDPI_PROTOCOL_TOR }, - { 0x05096EEC, 32, NDPI_PROTOCOL_TOR }, - { 0x050975D4, 32, NDPI_PROTOCOL_TOR }, - { 0x05097B51, 32, NDPI_PROTOCOL_TOR }, - { 0x050981DA, 32, NDPI_PROTOCOL_TOR }, - { 0x05098A9B, 32, NDPI_PROTOCOL_TOR }, - { 0x05098CC3, 32, NDPI_PROTOCOL_TOR }, - { 0x050997F1, 32, NDPI_PROTOCOL_TOR }, - { 0x05099C11, 32, NDPI_PROTOCOL_TOR }, - { 0x05099E44, 32, NDPI_PROTOCOL_TOR }, - { 0x05099E4B, 32, NDPI_PROTOCOL_TOR }, - { 0x0509A92E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509A92E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509BF34, 32, NDPI_PROTOCOL_TOR }, - { 0x0509C38C, 32, NDPI_PROTOCOL_TOR }, - { 0x0509D4CE, 32, NDPI_PROTOCOL_TOR }, - { 0x0509D642, 32, NDPI_PROTOCOL_TOR }, - { 0x0509E35E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509EAEE, 32, NDPI_PROTOCOL_TOR }, - { 0x050D3E81, 32, NDPI_PROTOCOL_TOR }, - { 0x050E066C, 32, NDPI_PROTOCOL_TOR }, - { 0x050E30B4, 32, NDPI_PROTOCOL_TOR }, - { 0x050E476B, 32, NDPI_PROTOCOL_TOR }, - { 0x050ECAE6, 32, NDPI_PROTOCOL_TOR }, - { 0x0513A267, 32, NDPI_PROTOCOL_TOR }, - { 0x0513B30A, 32, NDPI_PROTOCOL_TOR }, - { 0x0513EC45, 32, NDPI_PROTOCOL_TOR }, - { 0x0522B70F, 32, NDPI_PROTOCOL_TOR }, - { 0x0522B7CD, 32, NDPI_PROTOCOL_TOR }, - { 0x0522B7CF, 32, NDPI_PROTOCOL_TOR }, - { 0x05272D98, 32, NDPI_PROTOCOL_TOR }, - { 0x05273CF1, 32, NDPI_PROTOCOL_TOR }, - { 0x0527465F, 32, NDPI_PROTOCOL_TOR }, - { 0x05274C24, 32, NDPI_PROTOCOL_TOR }, - { 0x05274CB6, 32, NDPI_PROTOCOL_TOR }, - { 0x05274DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x05274E65, 32, NDPI_PROTOCOL_TOR }, - { 0x05274FB5, 32, NDPI_PROTOCOL_TOR }, - { 0x0527501C, 32, NDPI_PROTOCOL_TOR }, - { 0x05275087, 32, NDPI_PROTOCOL_TOR }, - { 0x05275087, 32, NDPI_PROTOCOL_TOR }, - { 0x052752C0, 32, NDPI_PROTOCOL_TOR }, - { 0x052753D9, 32, NDPI_PROTOCOL_TOR }, - { 0x052754D9, 32, NDPI_PROTOCOL_TOR }, - { 0x052756CE, 32, NDPI_PROTOCOL_TOR }, - { 0x0527579C, 32, NDPI_PROTOCOL_TOR }, - { 0x05275808, 32, NDPI_PROTOCOL_TOR }, - { 0x05275813, 32, NDPI_PROTOCOL_TOR }, - { 0x05275836, 32, NDPI_PROTOCOL_TOR }, - { 0x0527597C, 32, NDPI_PROTOCOL_TOR }, - { 0x05277240, 32, NDPI_PROTOCOL_TOR }, - { 0x05277A42, 32, NDPI_PROTOCOL_TOR }, - { 0x05277A42, 32, NDPI_PROTOCOL_TOR }, - { 0x052A0AE5, 32, NDPI_PROTOCOL_TOR }, - { 0x052C634D, 32, NDPI_PROTOCOL_TOR }, - { 0x052C63A1, 32, NDPI_PROTOCOL_TOR }, - { 0x052C6B17, 32, NDPI_PROTOCOL_TOR }, - { 0x052D4824, 32, NDPI_PROTOCOL_TOR }, - { 0x052D4909, 32, NDPI_PROTOCOL_TOR }, - { 0x052D4D11, 32, NDPI_PROTOCOL_TOR }, - { 0x052D617F, 32, NDPI_PROTOCOL_TOR }, - { 0x052D626F, 32, NDPI_PROTOCOL_TOR }, - { 0x052D634B, 32, NDPI_PROTOCOL_TOR }, - { 0x052D688D, 32, NDPI_PROTOCOL_TOR }, - { 0x052D6CBD, 32, NDPI_PROTOCOL_TOR }, - { 0x0536FAC4, 32, NDPI_PROTOCOL_TOR }, - { 0x0538E13D, 32, NDPI_PROTOCOL_TOR }, - { 0x0538E4D0, 32, NDPI_PROTOCOL_TOR }, - { 0x053D223F, 32, NDPI_PROTOCOL_TOR }, - { 0x053D260B, 32, NDPI_PROTOCOL_TOR }, - { 0x053DA005, 32, NDPI_PROTOCOL_TOR }, - { 0x054F44A1, 32, NDPI_PROTOCOL_TOR }, - { 0x054F44A1, 32, NDPI_PROTOCOL_TOR }, - { 0x054F47C3, 32, NDPI_PROTOCOL_TOR }, - { 0x054F4E61, 32, NDPI_PROTOCOL_TOR }, - { 0x054F51C0, 32, NDPI_PROTOCOL_TOR }, - { 0x054F56A8, 32, NDPI_PROTOCOL_TOR }, - { 0x056476A6, 32, NDPI_PROTOCOL_TOR }, - { 0x056565E9, 32, NDPI_PROTOCOL_TOR }, - { 0x05656652, 32, NDPI_PROTOCOL_TOR }, - { 0x05656746, 32, NDPI_PROTOCOL_TOR }, - { 0x0567688C, 32, NDPI_PROTOCOL_TOR }, - { 0x0567E82F, 32, NDPI_PROTOCOL_TOR }, - { 0x05685A1D, 32, NDPI_PROTOCOL_TOR }, - { 0x05686A26, 32, NDPI_PROTOCOL_TOR }, - { 0x0581F54D, 32, NDPI_PROTOCOL_TOR }, - { 0x0581FAAD, 32, NDPI_PROTOCOL_TOR }, - { 0x058706AC, 32, NDPI_PROTOCOL_TOR }, - { 0x05873DD1, 32, NDPI_PROTOCOL_TOR }, - { 0x05873DDA, 32, NDPI_PROTOCOL_TOR }, - { 0x05875517, 32, NDPI_PROTOCOL_TOR }, - { 0x05878F54, 32, NDPI_PROTOCOL_TOR }, - { 0x0587917D, 32, NDPI_PROTOCOL_TOR }, - { 0x058794AB, 32, NDPI_PROTOCOL_TOR }, - { 0x058798B2, 32, NDPI_PROTOCOL_TOR }, - { 0x058798D0, 32, NDPI_PROTOCOL_TOR }, - { 0x05879ACF, 32, NDPI_PROTOCOL_TOR }, - { 0x05879B79, 32, NDPI_PROTOCOL_TOR }, - { 0x05879E65, 32, NDPI_PROTOCOL_TOR }, - { 0x05879F04, 32, NDPI_PROTOCOL_TOR }, - { 0x05879F6E, 32, NDPI_PROTOCOL_TOR }, - { 0x05879FCF, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A046, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A21C, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A2D9, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A393, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A5E1, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B1B7, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B209, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B5D5, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B818, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B991, 32, NDPI_PROTOCOL_TOR }, - { 0x0587BA49, 32, NDPI_PROTOCOL_TOR }, - { 0x0587BA9D, 32, NDPI_PROTOCOL_TOR }, - { 0x058B66B7, 32, NDPI_PROTOCOL_TOR }, - { 0x0591316A, 32, NDPI_PROTOCOL_TOR }, - { 0x05922138, 32, NDPI_PROTOCOL_TOR }, - { 0x05930EA4, 32, NDPI_PROTOCOL_TOR }, - { 0x0593158F, 32, NDPI_PROTOCOL_TOR }, - { 0x05937036, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FA35, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FAA4, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FE6D, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FE72, 32, NDPI_PROTOCOL_TOR }, - { 0x0596CC95, 32, NDPI_PROTOCOL_TOR }, - { 0x0596D5F4, 32, NDPI_PROTOCOL_TOR }, - { 0x0596DE9A, 32, NDPI_PROTOCOL_TOR }, - { 0x0596EF88, 32, NDPI_PROTOCOL_TOR }, - { 0x05A4F0C9, 32, NDPI_PROTOCOL_TOR }, - { 0x05A6DDC2, 32, NDPI_PROTOCOL_TOR }, - { 0x05A72D58, 32, NDPI_PROTOCOL_TOR }, - { 0x05A76C53, 32, NDPI_PROTOCOL_TOR }, - { 0x05A79195, 32, NDPI_PROTOCOL_TOR }, - { 0x05AC8CC1, 32, NDPI_PROTOCOL_TOR }, - { 0x05AF714C, 32, NDPI_PROTOCOL_TOR }, - { 0x05AFC17A, 32, NDPI_PROTOCOL_TOR }, - { 0x05AFC245, 32, NDPI_PROTOCOL_TOR }, - { 0x05B256DC, 32, NDPI_PROTOCOL_TOR }, - { 0x05BD82BB, 32, NDPI_PROTOCOL_TOR }, - { 0x05BD8738, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4007B, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40181, 32, NDPI_PROTOCOL_TOR }, - { 0x05C404D0, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40A96, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40BD0, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40C4F, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40C9C, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40C9F, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40D1A, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40E33, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40EEA, 32, NDPI_PROTOCOL_TOR }, - { 0x05C41405, 32, NDPI_PROTOCOL_TOR }, - { 0x05C41455, 32, NDPI_PROTOCOL_TOR }, - { 0x05C41AC6, 32, NDPI_PROTOCOL_TOR }, - { 0x05C44134, 32, NDPI_PROTOCOL_TOR }, - { 0x05C441E9, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4426D, 32, NDPI_PROTOCOL_TOR }, - { 0x05C469E5, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4C4A8, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4E3A1, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4E51D, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78181, 32, NDPI_PROTOCOL_TOR }, - { 0x05C782BC, 32, NDPI_PROTOCOL_TOR }, - { 0x05C785C1, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78E7C, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78EC3, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78EE6, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78EEC, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A208, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A51B, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A621, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A78A, 32, NDPI_PROTOCOL_TOR }, - { 0x05E4618A, 32, NDPI_PROTOCOL_TOR }, - { 0x05E4CC86, 32, NDPI_PROTOCOL_TOR }, - { 0x05F6674A, 32, NDPI_PROTOCOL_TOR }, - { 0x05F91F00, 32, NDPI_PROTOCOL_TOR }, - { 0x05F99676, 32, NDPI_PROTOCOL_TOR }, - { 0x05FE818A, 32, NDPI_PROTOCOL_TOR }, - { 0x05FF57A9, 32, NDPI_PROTOCOL_TOR }, - { 0x05FF57D5, 32, NDPI_PROTOCOL_TOR }, - { 0x081C576C, 32, NDPI_PROTOCOL_TOR }, - { 0x0C845D90, 32, NDPI_PROTOCOL_TOR }, - { 0x0E20584A, 32, NDPI_PROTOCOL_TOR }, - { 0x0EA2AFC9, 32, NDPI_PROTOCOL_TOR }, - { 0x0EC771B3, 32, NDPI_PROTOCOL_TOR }, - { 0x0ECAE0FB, 32, NDPI_PROTOCOL_TOR }, - { 0x0ECAE0FB, 32, NDPI_PROTOCOL_TOR }, - { 0x0F7EF324, 32, NDPI_PROTOCOL_TOR }, - { 0x12520388, 32, NDPI_PROTOCOL_TOR }, - { 0x125203C4, 32, NDPI_PROTOCOL_TOR }, - { 0x125203CD, 32, NDPI_PROTOCOL_TOR }, - { 0x127D01DE, 32, NDPI_PROTOCOL_TOR }, - { 0x12B5051C, 32, NDPI_PROTOCOL_TOR }, - { 0x12B50525, 32, NDPI_PROTOCOL_TOR }, - { 0x12BB0144, 32, NDPI_PROTOCOL_TOR }, - { 0x12BD4791, 32, NDPI_PROTOCOL_TOR }, - { 0x12E400BC, 32, NDPI_PROTOCOL_TOR }, - { 0x12EE0155, 32, NDPI_PROTOCOL_TOR }, - { 0x12EE0255, 32, NDPI_PROTOCOL_TOR }, - { 0x12EF008C, 32, NDPI_PROTOCOL_TOR }, - { 0x12EF009B, 32, NDPI_PROTOCOL_TOR }, - { 0x12F3001E, 32, NDPI_PROTOCOL_TOR }, - { 0x17159AC2, 32, NDPI_PROTOCOL_TOR }, - { 0x17162143, 32, NDPI_PROTOCOL_TOR }, - { 0x17198709, 32, NDPI_PROTOCOL_TOR }, - { 0x1750E204, 32, NDPI_PROTOCOL_TOR }, - { 0x1758E805, 32, NDPI_PROTOCOL_TOR }, - { 0x175B15E5, 32, NDPI_PROTOCOL_TOR }, - { 0x175B420B, 32, NDPI_PROTOCOL_TOR }, - { 0x175C1308, 32, NDPI_PROTOCOL_TOR }, - { 0x175C144D, 32, NDPI_PROTOCOL_TOR }, - { 0x175C154A, 32, NDPI_PROTOCOL_TOR }, - { 0x175C1A72, 32, NDPI_PROTOCOL_TOR }, - { 0x175CDC55, 32, NDPI_PROTOCOL_TOR }, - { 0x175E1BE3, 32, NDPI_PROTOCOL_TOR }, - { 0x175E2B4C, 32, NDPI_PROTOCOL_TOR }, - { 0x175E3FA2, 32, NDPI_PROTOCOL_TOR }, - { 0x175E6595, 32, NDPI_PROTOCOL_TOR }, - { 0x175ED723, 32, NDPI_PROTOCOL_TOR }, - { 0x175F092F, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2687, 32, NDPI_PROTOCOL_TOR }, - { 0x175F26A0, 32, NDPI_PROTOCOL_TOR }, - { 0x175F27A1, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B1D, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B49, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B4B, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B4C, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B4D, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B52, 32, NDPI_PROTOCOL_TOR }, - { 0x175F6E41, 32, NDPI_PROTOCOL_TOR }, - { 0x175F6F50, 32, NDPI_PROTOCOL_TOR }, - { 0x175F70C0, 32, NDPI_PROTOCOL_TOR }, - { 0x1763514C, 32, NDPI_PROTOCOL_TOR }, - { 0x1766A02E, 32, NDPI_PROTOCOL_TOR }, - { 0x177A8D00, 32, NDPI_PROTOCOL_TOR }, - { 0x17E283AF, 32, NDPI_PROTOCOL_TOR }, - { 0x17E28484, 32, NDPI_PROTOCOL_TOR }, - { 0x17E94164, 32, NDPI_PROTOCOL_TOR }, - { 0x17E96B78, 32, NDPI_PROTOCOL_TOR }, - { 0x17EE11E5, 32, NDPI_PROTOCOL_TOR }, - { 0x17EEE636, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF045E, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF0590, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF0A90, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1378, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1378, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1399, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1B1C, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1D41, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1D41, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1DE2, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF7165, 32, NDPI_PROTOCOL_TOR }, - { 0x17FA079F, 32, NDPI_PROTOCOL_TOR }, - { 0x17FC36AA, 32, NDPI_PROTOCOL_TOR }, - { 0x17FE8026, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA584, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA5FA, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA6DE, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA7E7, 32, NDPI_PROTOCOL_TOR }, - { 0x17FFC32F, 32, NDPI_PROTOCOL_TOR }, - { 0x17FFCC6C, 32, NDPI_PROTOCOL_TOR }, - { 0x17FFF26D, 32, NDPI_PROTOCOL_TOR }, - { 0x18015D49, 32, NDPI_PROTOCOL_TOR }, - { 0x18041FF9, 32, NDPI_PROTOCOL_TOR }, - { 0x18048A52, 32, NDPI_PROTOCOL_TOR }, - { 0x18084CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x180AEB3E, 32, NDPI_PROTOCOL_TOR }, - { 0x180CFAC8, 32, NDPI_PROTOCOL_TOR }, - { 0x180D9384, 32, NDPI_PROTOCOL_TOR }, - { 0x1810444C, 32, NDPI_PROTOCOL_TOR }, - { 0x1811131D, 32, NDPI_PROTOCOL_TOR }, - { 0x18140EAF, 32, NDPI_PROTOCOL_TOR }, - { 0x18153FC2, 32, NDPI_PROTOCOL_TOR }, - { 0x18157F86, 32, NDPI_PROTOCOL_TOR }, - { 0x18158EEB, 32, NDPI_PROTOCOL_TOR }, - { 0x1815BE96, 32, NDPI_PROTOCOL_TOR }, - { 0x1815EACE, 32, NDPI_PROTOCOL_TOR }, - { 0x18166B48, 32, NDPI_PROTOCOL_TOR }, - { 0x1816B6B0, 32, NDPI_PROTOCOL_TOR }, - { 0x18228E2D, 32, NDPI_PROTOCOL_TOR }, - { 0x1833357C, 32, NDPI_PROTOCOL_TOR }, - { 0x1834CE43, 32, NDPI_PROTOCOL_TOR }, - { 0x1834DF47, 32, NDPI_PROTOCOL_TOR }, - { 0x1834F2AC, 32, NDPI_PROTOCOL_TOR }, - { 0x183E84AB, 32, NDPI_PROTOCOL_TOR }, - { 0x183ECD0A, 32, NDPI_PROTOCOL_TOR }, - { 0x18405FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x18446509, 32, NDPI_PROTOCOL_TOR }, - { 0x185AC5F6, 32, NDPI_PROTOCOL_TOR }, - { 0x18601285, 32, NDPI_PROTOCOL_TOR }, - { 0x186339F8, 32, NDPI_PROTOCOL_TOR }, - { 0x1868D868, 32, NDPI_PROTOCOL_TOR }, - { 0x186BDA67, 32, NDPI_PROTOCOL_TOR }, - { 0x187950A5, 32, NDPI_PROTOCOL_TOR }, - { 0x1880EB2A, 32, NDPI_PROTOCOL_TOR }, - { 0x18815804, 32, NDPI_PROTOCOL_TOR }, - { 0x188628E9, 32, NDPI_PROTOCOL_TOR }, - { 0x1886424B, 32, NDPI_PROTOCOL_TOR }, - { 0x1886A34A, 32, NDPI_PROTOCOL_TOR }, - { 0x1887456F, 32, NDPI_PROTOCOL_TOR }, - { 0x188CE8A3, 32, NDPI_PROTOCOL_TOR }, - { 0x18943BB9, 32, NDPI_PROTOCOL_TOR }, - { 0x18973BA8, 32, NDPI_PROTOCOL_TOR }, - { 0x189C1043, 32, NDPI_PROTOCOL_TOR }, - { 0x18A0A2C8, 32, NDPI_PROTOCOL_TOR }, - { 0x18A2F56C, 32, NDPI_PROTOCOL_TOR }, - { 0x18A57BA7, 32, NDPI_PROTOCOL_TOR }, - { 0x18A6420B, 32, NDPI_PROTOCOL_TOR }, - { 0x18AA2AAE, 32, NDPI_PROTOCOL_TOR }, - { 0x18B5AF66, 32, NDPI_PROTOCOL_TOR }, - { 0x18B93E50, 32, NDPI_PROTOCOL_TOR }, - { 0x18BB1408, 32, NDPI_PROTOCOL_TOR }, - { 0x18BE411A, 32, NDPI_PROTOCOL_TOR }, - { 0x18C05C02, 32, NDPI_PROTOCOL_TOR }, - { 0x18C1E947, 32, NDPI_PROTOCOL_TOR }, - { 0x18C4398A, 32, NDPI_PROTOCOL_TOR }, - { 0x18CB1026, 32, NDPI_PROTOCOL_TOR }, - { 0x18CBAD0C, 32, NDPI_PROTOCOL_TOR }, - { 0x18D48CD3, 32, NDPI_PROTOCOL_TOR }, - { 0x18D67228, 32, NDPI_PROTOCOL_TOR }, - { 0x18D921A8, 32, NDPI_PROTOCOL_TOR }, - { 0x18DCAE5D, 32, NDPI_PROTOCOL_TOR }, - { 0x18E94A6F, 32, NDPI_PROTOCOL_TOR }, - { 0x18EFCCC4, 32, NDPI_PROTOCOL_TOR }, - { 0x18FBC42B, 32, NDPI_PROTOCOL_TOR }, - { 0x18FC70B1, 32, NDPI_PROTOCOL_TOR }, - { 0x1B6D75D6, 32, NDPI_PROTOCOL_TOR }, - { 0x1B78549C, 32, NDPI_PROTOCOL_TOR }, - { 0x1B7C7C7A, 32, NDPI_PROTOCOL_TOR }, - { 0x1F036525, 32, NDPI_PROTOCOL_TOR }, - { 0x1F07B826, 32, NDPI_PROTOCOL_TOR }, - { 0x1F07B84C, 32, NDPI_PROTOCOL_TOR }, - { 0x1F07BADF, 32, NDPI_PROTOCOL_TOR }, - { 0x1F088004, 32, NDPI_PROTOCOL_TOR }, - { 0x1F0A4D53, 32, NDPI_PROTOCOL_TOR }, - { 0x1F0B41C6, 32, NDPI_PROTOCOL_TOR }, - { 0x1F0BF184, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1018A6, 32, NDPI_PROTOCOL_TOR }, - { 0x1F10AE02, 32, NDPI_PROTOCOL_TOR }, - { 0x1F11CDA0, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1269A3, 32, NDPI_PROTOCOL_TOR }, - { 0x1F12A967, 32, NDPI_PROTOCOL_TOR }, - { 0x1F12B428, 32, NDPI_PROTOCOL_TOR }, - { 0x1F12FBBE, 32, NDPI_PROTOCOL_TOR }, - { 0x1F13D492, 32, NDPI_PROTOCOL_TOR }, - { 0x1F17E469, 32, NDPI_PROTOCOL_TOR }, - { 0x1F180C17, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1979DC, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1E2413, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1E2E44, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4A40, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4A71, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4B54, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4BB5, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4CA9, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4DDE, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4E31, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4E8D, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4F98, 32, NDPI_PROTOCOL_TOR }, - { 0x1F205448, 32, NDPI_PROTOCOL_TOR }, - { 0x1F21B915, 32, NDPI_PROTOCOL_TOR }, - { 0x1F22B6B1, 32, NDPI_PROTOCOL_TOR }, - { 0x1F2AA922, 32, NDPI_PROTOCOL_TOR }, - { 0x1F2CE29C, 32, NDPI_PROTOCOL_TOR }, - { 0x1F2D7B2D, 32, NDPI_PROTOCOL_TOR }, - { 0x1F30B0E8, 32, NDPI_PROTOCOL_TOR }, - { 0x1F326CF7, 32, NDPI_PROTOCOL_TOR }, - { 0x1F338AC8, 32, NDPI_PROTOCOL_TOR }, - { 0x1F81A64E, 32, NDPI_PROTOCOL_TOR }, - { 0x1F86556D, 32, NDPI_PROTOCOL_TOR }, - { 0x1FAC1FCF, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB29AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB8C367, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB8C370, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB91BCB, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC06934, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC06C42, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC0E4B9, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC18B0E, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC9B5F1, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCC966A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCC968A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCC9866, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCF8399, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCFF1A8, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD2636A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD263D2, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD2694A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD269BA, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD26E3A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD26E82, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD27FBA, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC0580, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC0586, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC0599, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC05C8, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC073F, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC078F, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC07C9, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC2AC2, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC326D, 32, NDPI_PROTOCOL_TOR }, - { 0x20D7A24A, 32, NDPI_PROTOCOL_TOR }, - { 0x23007F34, 32, NDPI_PROTOCOL_TOR }, - { 0x23007F34, 32, NDPI_PROTOCOL_TOR }, - { 0x2437F025, 32, NDPI_PROTOCOL_TOR }, - { 0x2450B024, 32, NDPI_PROTOCOL_TOR }, - { 0x25007B98, 32, NDPI_PROTOCOL_TOR }, - { 0x25007BCF, 32, NDPI_PROTOCOL_TOR }, - { 0x2501C2B6, 32, NDPI_PROTOCOL_TOR }, - { 0x2501D288, 32, NDPI_PROTOCOL_TOR }, - { 0x2501D569, 32, NDPI_PROTOCOL_TOR }, - { 0x2501D799, 32, NDPI_PROTOCOL_TOR }, - { 0x25041A62, 32, NDPI_PROTOCOL_TOR }, - { 0x25041BED, 32, NDPI_PROTOCOL_TOR }, - { 0x2505A41C, 32, NDPI_PROTOCOL_TOR }, - { 0x250B231C, 32, NDPI_PROTOCOL_TOR }, - { 0x250B231C, 32, NDPI_PROTOCOL_TOR }, - { 0x250B480D, 32, NDPI_PROTOCOL_TOR }, - { 0x2511AD98, 32, NDPI_PROTOCOL_TOR }, - { 0x251816D1, 32, NDPI_PROTOCOL_TOR }, - { 0x2518F260, 32, NDPI_PROTOCOL_TOR }, - { 0x25223476, 32, NDPI_PROTOCOL_TOR }, - { 0x25223A38, 32, NDPI_PROTOCOL_TOR }, - { 0x252C2C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x252EB809, 32, NDPI_PROTOCOL_TOR }, - { 0x25304046, 32, NDPI_PROTOCOL_TOR }, - { 0x2530417A, 32, NDPI_PROTOCOL_TOR }, - { 0x2530417A, 32, NDPI_PROTOCOL_TOR }, - { 0x253043AA, 32, NDPI_PROTOCOL_TOR }, - { 0x25304A4B, 32, NDPI_PROTOCOL_TOR }, - { 0x25304E9F, 32, NDPI_PROTOCOL_TOR }, - { 0x25305130, 32, NDPI_PROTOCOL_TOR }, - { 0x253056A0, 32, NDPI_PROTOCOL_TOR }, - { 0x25305A99, 32, NDPI_PROTOCOL_TOR }, - { 0x2530782F, 32, NDPI_PROTOCOL_TOR }, - { 0x253078C4, 32, NDPI_PROTOCOL_TOR }, - { 0x253110CB, 32, NDPI_PROTOCOL_TOR }, - { 0x253A70B2, 32, NDPI_PROTOCOL_TOR }, - { 0x253B0227, 32, NDPI_PROTOCOL_TOR }, - { 0x253B02BC, 32, NDPI_PROTOCOL_TOR }, - { 0x253B0EC9, 32, NDPI_PROTOCOL_TOR }, - { 0x253B1D49, 32, NDPI_PROTOCOL_TOR }, - { 0x253B24C6, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2675, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2E9F, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2F1B, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2F1B, 32, NDPI_PROTOCOL_TOR }, - { 0x253B4365, 32, NDPI_PROTOCOL_TOR }, - { 0x253B6052, 32, NDPI_PROTOCOL_TOR }, - { 0x253B60BF, 32, NDPI_PROTOCOL_TOR }, - { 0x253B63BF, 32, NDPI_PROTOCOL_TOR }, - { 0x253B640B, 32, NDPI_PROTOCOL_TOR }, - { 0x253B69D6, 32, NDPI_PROTOCOL_TOR }, - { 0x253B69E8, 32, NDPI_PROTOCOL_TOR }, - { 0x253B6FC0, 32, NDPI_PROTOCOL_TOR }, - { 0x253B704A, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7493, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7614, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7662, 32, NDPI_PROTOCOL_TOR }, - { 0x253B76F6, 32, NDPI_PROTOCOL_TOR }, - { 0x253B794E, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7B8E, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7D1D, 32, NDPI_PROTOCOL_TOR }, - { 0x253B85D0, 32, NDPI_PROTOCOL_TOR }, - { 0x253B9010, 32, NDPI_PROTOCOL_TOR }, - { 0x253BA2DA, 32, NDPI_PROTOCOL_TOR }, - { 0x254BA34C, 32, NDPI_PROTOCOL_TOR }, - { 0x254CCFC4, 32, NDPI_PROTOCOL_TOR }, - { 0x256E0D88, 32, NDPI_PROTOCOL_TOR }, - { 0x256E3C0F, 32, NDPI_PROTOCOL_TOR }, - { 0x256EF1F9, 32, NDPI_PROTOCOL_TOR }, - { 0x25718DEE, 32, NDPI_PROTOCOL_TOR }, - { 0x2571B30C, 32, NDPI_PROTOCOL_TOR }, - { 0x25723407, 32, NDPI_PROTOCOL_TOR }, - { 0x25780229, 32, NDPI_PROTOCOL_TOR }, - { 0x25784275, 32, NDPI_PROTOCOL_TOR }, - { 0x2578A080, 32, NDPI_PROTOCOL_TOR }, - { 0x2578AC86, 32, NDPI_PROTOCOL_TOR }, - { 0x2578AC88, 32, NDPI_PROTOCOL_TOR }, - { 0x2578ACF2, 32, NDPI_PROTOCOL_TOR }, - { 0x257B700E, 32, NDPI_PROTOCOL_TOR }, - { 0x257B70FD, 32, NDPI_PROTOCOL_TOR }, - { 0x257B756F, 32, NDPI_PROTOCOL_TOR }, - { 0x257B924B, 32, NDPI_PROTOCOL_TOR }, - { 0x2582E385, 32, NDPI_PROTOCOL_TOR }, - { 0x2582E386, 32, NDPI_PROTOCOL_TOR }, - { 0x2585814C, 32, NDPI_PROTOCOL_TOR }, - { 0x25869E3E, 32, NDPI_PROTOCOL_TOR }, - { 0x258B03AB, 32, NDPI_PROTOCOL_TOR }, - { 0x258B03E7, 32, NDPI_PROTOCOL_TOR }, - { 0x258B0C33, 32, NDPI_PROTOCOL_TOR }, - { 0x258B0D4E, 32, NDPI_PROTOCOL_TOR }, - { 0x258B166E, 32, NDPI_PROTOCOL_TOR }, - { 0x258F094A, 32, NDPI_PROTOCOL_TOR }, - { 0x25904351, 32, NDPI_PROTOCOL_TOR }, - { 0x2591FF60, 32, NDPI_PROTOCOL_TOR }, - { 0x259267E1, 32, NDPI_PROTOCOL_TOR }, - { 0x25928712, 32, NDPI_PROTOCOL_TOR }, - { 0x25929590, 32, NDPI_PROTOCOL_TOR }, - { 0x25939A1B, 32, NDPI_PROTOCOL_TOR }, - { 0x2599010A, 32, NDPI_PROTOCOL_TOR }, - { 0x25993585, 32, NDPI_PROTOCOL_TOR }, - { 0x259DA955, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC059, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC2D2, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC30D, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC353, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC38F, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC3B2, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC4DB, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0012, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB007E, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0255, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB02E5, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB02E6, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0303, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0408, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB04DB, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB052C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB056D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB074A, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB094F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB115F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB122B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB122B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB126D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB12B4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB143B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB144F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB151C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB159D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB15B4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1657, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1683, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB17E8, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB17E8, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1E4E, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1F27, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB2693, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB27D2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB33D2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB3F72, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB4275, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB604E, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB611F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB615F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB62B9, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB638F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB63C1, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB666C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB66BA, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB675B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB679C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB692B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6941, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6944, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6B5B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6BD2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6BD2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6C50, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6D13, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6D3A, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6D45, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6E3F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6ED8, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7224, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB728C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB732F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7487, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB76EC, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7C84, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7CC6, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7DCF, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7DCF, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7DE4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7E15, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB8244, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB82E2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB89E1, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB023, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB040, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB404, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB41C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB441, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBC635, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBC69F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBEFBF, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBF36D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBF428, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBF6DD, 32, NDPI_PROTOCOL_TOR }, - { 0x25BC44E4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BED50A, 32, NDPI_PROTOCOL_TOR }, - { 0x25BF8A2B, 32, NDPI_PROTOCOL_TOR }, - { 0x25C08768, 32, NDPI_PROTOCOL_TOR }, - { 0x25C2350B, 32, NDPI_PROTOCOL_TOR }, - { 0x25C3C530, 32, NDPI_PROTOCOL_TOR }, - { 0x25C86205, 32, NDPI_PROTOCOL_TOR }, - { 0x25C863FB, 32, NDPI_PROTOCOL_TOR }, - { 0x25C939D9, 32, NDPI_PROTOCOL_TOR }, - { 0x25C98337, 32, NDPI_PROTOCOL_TOR }, - { 0x25C9DF9D, 32, NDPI_PROTOCOL_TOR }, - { 0x25CCA01C, 32, NDPI_PROTOCOL_TOR }, - { 0x25CD0983, 32, NDPI_PROTOCOL_TOR }, - { 0x25CD0B95, 32, NDPI_PROTOCOL_TOR }, - { 0x25D13BC6, 32, NDPI_PROTOCOL_TOR }, - { 0x25D14A11, 32, NDPI_PROTOCOL_TOR }, - { 0x25D16FE5, 32, NDPI_PROTOCOL_TOR }, - { 0x25D3561F, 32, NDPI_PROTOCOL_TOR }, - { 0x25DC233D, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA125, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA137, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA2E2, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA2E2, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA5E5, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA5F6, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDC114, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDC5B7, 32, NDPI_PROTOCOL_TOR }, - { 0x25E48203, 32, NDPI_PROTOCOL_TOR }, - { 0x25E48424, 32, NDPI_PROTOCOL_TOR }, - { 0x25E60143, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB30F7, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB312E, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB317C, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3443, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3753, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3C39, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3C3C, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3E07, 32, NDPI_PROTOCOL_TOR }, - { 0x25F71635, 32, NDPI_PROTOCOL_TOR }, - { 0x25F732A7, 32, NDPI_PROTOCOL_TOR }, - { 0x25F7348C, 32, NDPI_PROTOCOL_TOR }, - { 0x25F735A2, 32, NDPI_PROTOCOL_TOR }, - { 0x25FC0CBA, 32, NDPI_PROTOCOL_TOR }, - { 0x25FCBE85, 32, NDPI_PROTOCOL_TOR }, - { 0x264D16FB, 32, NDPI_PROTOCOL_TOR }, - { 0x266C0A8C, 32, NDPI_PROTOCOL_TOR }, - { 0x26825026, 32, NDPI_PROTOCOL_TOR }, - { 0x26825039, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5001C, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5001D, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54621, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54622, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5462A, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5462A, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54633, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54634, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54635, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54636, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5463D, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54F02, 32, NDPI_PROTOCOL_TOR }, - { 0x27775DC9, 32, NDPI_PROTOCOL_TOR }, - { 0x294885AE, 32, NDPI_PROTOCOL_TOR }, - { 0x294D88FA, 32, NDPI_PROTOCOL_TOR }, - { 0x2985828E, 32, NDPI_PROTOCOL_TOR }, - { 0x29B619B5, 32, NDPI_PROTOCOL_TOR }, - { 0x29D4257A, 32, NDPI_PROTOCOL_TOR }, - { 0x29D7F1EA, 32, NDPI_PROTOCOL_TOR }, - { 0x29DF358D, 32, NDPI_PROTOCOL_TOR }, - { 0x29F201F2, 32, NDPI_PROTOCOL_TOR }, - { 0x2A02EFEA, 32, NDPI_PROTOCOL_TOR }, - { 0x2A7010C4, 32, NDPI_PROTOCOL_TOR }, - { 0x2A701341, 32, NDPI_PROTOCOL_TOR }, - { 0x2A7013C9, 32, NDPI_PROTOCOL_TOR }, - { 0x2BFA082A, 32, NDPI_PROTOCOL_TOR }, - { 0x2BFA0842, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04009C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0418A8, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0419D6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0422F2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0427EB, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0437B1, 32, NDPI_PROTOCOL_TOR }, - { 0x2E043C6A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0457AC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046723, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046A12, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046ACF, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046F7C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0474B0, 32, NDPI_PROTOCOL_TOR }, - { 0x2E047AA2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E047AAD, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04AE34, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04B777, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04FDC2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E051DC4, 32, NDPI_PROTOCOL_TOR }, - { 0x2E051E05, 32, NDPI_PROTOCOL_TOR }, - { 0x2E055F13, 32, NDPI_PROTOCOL_TOR }, - { 0x2E059971, 32, NDPI_PROTOCOL_TOR }, - { 0x2E09C314, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0ACDFC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0EF5CE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E10EA83, 32, NDPI_PROTOCOL_TOR }, - { 0x2E113FD6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E138E1D, 32, NDPI_PROTOCOL_TOR }, - { 0x2E138E7E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E14F675, 32, NDPI_PROTOCOL_TOR }, - { 0x2E167BDE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1746C3, 32, NDPI_PROTOCOL_TOR }, - { 0x2E17551F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C449E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C4581, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C6E81, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C6EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1CCAD6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1CCF78, 32, NDPI_PROTOCOL_TOR }, - { 0x2E20E8EE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E20EABD, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2423D5, 32, NDPI_PROTOCOL_TOR }, - { 0x2E24251B, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2425B7, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2425D6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E24271A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2639C4, 32, NDPI_PROTOCOL_TOR }, - { 0x2E263E1E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E263F07, 32, NDPI_PROTOCOL_TOR }, - { 0x2E26E9F2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E26FA27, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2779BC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E298244, 32, NDPI_PROTOCOL_TOR }, - { 0x2E298454, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2B325C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2D0F7B, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2F133A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E37146D, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B27B9, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B3A75, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B8EEC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B9439, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B9998, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3BB9D7, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3BF04E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E48594D, 32, NDPI_PROTOCOL_TOR }, - { 0x2E49F960, 32, NDPI_PROTOCOL_TOR }, - { 0x2E691148, 32, NDPI_PROTOCOL_TOR }, - { 0x2E6960BE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E69AC56, 32, NDPI_PROTOCOL_TOR }, - { 0x2E69E8BC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E6C27DB, 32, NDPI_PROTOCOL_TOR }, - { 0x2E76110C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E762709, 32, NDPI_PROTOCOL_TOR }, - { 0x2E76A38F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E76E5C9, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7E47AA, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7FC664, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7FCB2F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7FD0F8, 32, NDPI_PROTOCOL_TOR }, - { 0x2E800457, 32, NDPI_PROTOCOL_TOR }, - { 0x2E802D63, 32, NDPI_PROTOCOL_TOR }, - { 0x2E802D76, 32, NDPI_PROTOCOL_TOR }, - { 0x2E80D52B, 32, NDPI_PROTOCOL_TOR }, - { 0x2E81138F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E8115E6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E817C16, 32, NDPI_PROTOCOL_TOR }, - { 0x2E84BCDD, 32, NDPI_PROTOCOL_TOR }, - { 0x2E92E027, 32, NDPI_PROTOCOL_TOR }, - { 0x2E95120A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E97D0D5, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA25245, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA26191, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA340CA, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA341A0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA3449C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA34C20, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA34CFA, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA3DB56, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5C560, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DDA6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DDA6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DFD6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DFD9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DFE3, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5F08F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5F2A6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5F9E4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5FAEB, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA6A127, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA7F533, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA7F545, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA7F5AC, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB5EEA4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB61224, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB6126F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB612F5, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB61303, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB61563, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB66ABE, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB6845A, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB6D01C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7D9F4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7DA8D, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7DBC4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7DC84, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB9E185, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBB039C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC0425, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC0A17, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC2510, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC2AB0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EC29854, 32, NDPI_PROTOCOL_TOR }, - { 0x2ED80D2F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDF485B, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDF4FDF, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDF8DA7, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDFCD19, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDFF71E, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE26D30, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE26EB9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE360DA, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE4045B, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE4C713, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE5EEAC, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE90046, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE9EDBB, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEBE346, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEC95E0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF62AC, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF6472, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF6B4A, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF6CC2, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF75B4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF2623D, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF48AFB, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF5C841, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF61484, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF6220C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF623E5, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF62E1B, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF659A9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF66CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF66FCF, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF9258F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC1838, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC18F6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC19F9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC1A02, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC98C0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFE4BA8, 32, NDPI_PROTOCOL_TOR }, - { 0x2F376EBC, 32, NDPI_PROTOCOL_TOR }, - { 0x31CD342B, 32, NDPI_PROTOCOL_TOR }, - { 0x31D4A626, 32, NDPI_PROTOCOL_TOR }, - { 0x31D4ADDE, 32, NDPI_PROTOCOL_TOR }, - { 0x31D4C271, 32, NDPI_PROTOCOL_TOR }, - { 0x320163E9, 32, NDPI_PROTOCOL_TOR }, - { 0x32070872, 32, NDPI_PROTOCOL_TOR }, - { 0x32073D6A, 32, NDPI_PROTOCOL_TOR }, - { 0x3207A1DA, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03B, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03B, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03C, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03D, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03D, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03E, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B83A, 32, NDPI_PROTOCOL_TOR }, - { 0x3207C27A, 32, NDPI_PROTOCOL_TOR }, - { 0x3207D2DA, 32, NDPI_PROTOCOL_TOR }, - { 0x3207F36B, 32, NDPI_PROTOCOL_TOR }, - { 0x3207F36B, 32, NDPI_PROTOCOL_TOR }, - { 0x32092FEE, 32, NDPI_PROTOCOL_TOR }, - { 0x321F4CC3, 32, NDPI_PROTOCOL_TOR }, - { 0x321FFF5E, 32, NDPI_PROTOCOL_TOR }, - { 0x322300F4, 32, NDPI_PROTOCOL_TOR }, - { 0x322554A1, 32, NDPI_PROTOCOL_TOR }, - { 0x322B0AF0, 32, NDPI_PROTOCOL_TOR }, - { 0x322B38B6, 32, NDPI_PROTOCOL_TOR }, - { 0x322EF39B, 32, NDPI_PROTOCOL_TOR }, - { 0x32354A02, 32, NDPI_PROTOCOL_TOR }, - { 0x32355AFB, 32, NDPI_PROTOCOL_TOR }, - { 0x323995CC, 32, NDPI_PROTOCOL_TOR }, - { 0x3245A0C6, 32, NDPI_PROTOCOL_TOR }, - { 0x3248C4CE, 32, NDPI_PROTOCOL_TOR }, - { 0x324C9FDA, 32, NDPI_PROTOCOL_TOR }, - { 0x324EC501, 32, NDPI_PROTOCOL_TOR }, - { 0x324F2036, 32, NDPI_PROTOCOL_TOR }, - { 0x32511947, 32, NDPI_PROTOCOL_TOR }, - { 0x32532059, 32, NDPI_PROTOCOL_TOR }, - { 0x32582849, 32, NDPI_PROTOCOL_TOR }, - { 0x3258C0F5, 32, NDPI_PROTOCOL_TOR }, - { 0x325A0246, 32, NDPI_PROTOCOL_TOR }, - { 0x325DF89A, 32, NDPI_PROTOCOL_TOR }, - { 0x325DF9E4, 32, NDPI_PROTOCOL_TOR }, - { 0x326F05DE, 32, NDPI_PROTOCOL_TOR }, - { 0x326FC86F, 32, NDPI_PROTOCOL_TOR }, - { 0x32710FAD, 32, NDPI_PROTOCOL_TOR }, - { 0x327375B9, 32, NDPI_PROTOCOL_TOR }, - { 0x32737A44, 32, NDPI_PROTOCOL_TOR }, - { 0x3273E93E, 32, NDPI_PROTOCOL_TOR }, - { 0x32740095, 32, NDPI_PROTOCOL_TOR }, - { 0x327403DF, 32, NDPI_PROTOCOL_TOR }, - { 0x3274048D, 32, NDPI_PROTOCOL_TOR }, - { 0x32740599, 32, NDPI_PROTOCOL_TOR }, - { 0x32740AF2, 32, NDPI_PROTOCOL_TOR }, - { 0x327415AC, 32, NDPI_PROTOCOL_TOR }, - { 0x32741D36, 32, NDPI_PROTOCOL_TOR }, - { 0x32741D36, 32, NDPI_PROTOCOL_TOR }, - { 0x327420D9, 32, NDPI_PROTOCOL_TOR }, - { 0x3274222C, 32, NDPI_PROTOCOL_TOR }, - { 0x32742806, 32, NDPI_PROTOCOL_TOR }, - { 0x32742AF5, 32, NDPI_PROTOCOL_TOR }, - { 0x32742E14, 32, NDPI_PROTOCOL_TOR }, - { 0x32742FAB, 32, NDPI_PROTOCOL_TOR }, - { 0x3274312E, 32, NDPI_PROTOCOL_TOR }, - { 0x3274320C, 32, NDPI_PROTOCOL_TOR }, - { 0x3274320C, 32, NDPI_PROTOCOL_TOR }, - { 0x32743687, 32, NDPI_PROTOCOL_TOR }, - { 0x32743830, 32, NDPI_PROTOCOL_TOR }, - { 0x327556D3, 32, NDPI_PROTOCOL_TOR }, - { 0x328293BF, 32, NDPI_PROTOCOL_TOR }, - { 0x328C5DDF, 32, NDPI_PROTOCOL_TOR }, - { 0x328F6411, 32, NDPI_PROTOCOL_TOR }, - { 0x3294BED5, 32, NDPI_PROTOCOL_TOR }, - { 0x3298F1C6, 32, NDPI_PROTOCOL_TOR }, - { 0x32A4685A, 32, NDPI_PROTOCOL_TOR }, - { 0x32A84435, 32, NDPI_PROTOCOL_TOR }, - { 0x32B12972, 32, NDPI_PROTOCOL_TOR }, - { 0x32B1AF1A, 32, NDPI_PROTOCOL_TOR }, - { 0x32B5B129, 32, NDPI_PROTOCOL_TOR }, - { 0x32C18F2A, 32, NDPI_PROTOCOL_TOR }, - { 0x32C701B2, 32, NDPI_PROTOCOL_TOR }, - { 0x32F11E91, 32, NDPI_PROTOCOL_TOR }, - { 0x32F57C83, 32, NDPI_PROTOCOL_TOR }, - { 0x32F74BCD, 32, NDPI_PROTOCOL_TOR }, - { 0x32F7C37C, 32, NDPI_PROTOCOL_TOR }, - { 0x32F90236, 32, NDPI_PROTOCOL_TOR }, - { 0x32FAC9FE, 32, NDPI_PROTOCOL_TOR }, - { 0x32FAD011, 32, NDPI_PROTOCOL_TOR }, - { 0x32FADAA1, 32, NDPI_PROTOCOL_TOR }, - { 0x32FF615D, 32, NDPI_PROTOCOL_TOR }, - { 0x340A7D8C, 32, NDPI_PROTOCOL_TOR }, - { 0x364023F4, 32, NDPI_PROTOCOL_TOR }, - { 0x3640E586, 32, NDPI_PROTOCOL_TOR }, - { 0x3641ACFE, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE17, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE2C, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE34, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE39, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE3C, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE43, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE4A, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE4F, 32, NDPI_PROTOCOL_TOR }, - { 0x3642A01A, 32, NDPI_PROTOCOL_TOR }, - { 0x3642ED8D, 32, NDPI_PROTOCOL_TOR }, - { 0x36431231, 32, NDPI_PROTOCOL_TOR }, - { 0x36441DAA, 32, NDPI_PROTOCOL_TOR }, - { 0x3645C64F, 32, NDPI_PROTOCOL_TOR }, - { 0x3649DA8A, 32, NDPI_PROTOCOL_TOR }, - { 0x364D068C, 32, NDPI_PROTOCOL_TOR }, - { 0x364D6EBC, 32, NDPI_PROTOCOL_TOR }, - { 0x364D7868, 32, NDPI_PROTOCOL_TOR }, - { 0x364D7DC1, 32, NDPI_PROTOCOL_TOR }, - { 0x364F7EC5, 32, NDPI_PROTOCOL_TOR }, - { 0x3652C35E, 32, NDPI_PROTOCOL_TOR }, - { 0x36542A9B, 32, NDPI_PROTOCOL_TOR }, - { 0x36546A29, 32, NDPI_PROTOCOL_TOR }, - { 0x36568324, 32, NDPI_PROTOCOL_TOR }, - { 0x36571DA1, 32, NDPI_PROTOCOL_TOR }, - { 0x36583B2D, 32, NDPI_PROTOCOL_TOR }, - { 0x36583F17, 32, NDPI_PROTOCOL_TOR }, - { 0x3658A5E5, 32, NDPI_PROTOCOL_TOR }, - { 0x365D2B6D, 32, NDPI_PROTOCOL_TOR }, - { 0x365E89A4, 32, NDPI_PROTOCOL_TOR }, - { 0x365E8BA7, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF005, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF097, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF100, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1A2, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1A8, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1AB, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1B5, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1B8, 32, NDPI_PROTOCOL_TOR }, - { 0x3692143E, 32, NDPI_PROTOCOL_TOR }, - { 0x3692CB7D, 32, NDPI_PROTOCOL_TOR }, - { 0x36941FE1, 32, NDPI_PROTOCOL_TOR }, - { 0x36946DAA, 32, NDPI_PROTOCOL_TOR }, - { 0x36949610, 32, NDPI_PROTOCOL_TOR }, - { 0x3695F2AE, 32, NDPI_PROTOCOL_TOR }, - { 0x369A0E1A, 32, NDPI_PROTOCOL_TOR }, - { 0x36A49C46, 32, NDPI_PROTOCOL_TOR }, - { 0x36AB5EF9, 32, NDPI_PROTOCOL_TOR }, - { 0x36AD6890, 32, NDPI_PROTOCOL_TOR }, - { 0x36AF0DB5, 32, NDPI_PROTOCOL_TOR }, - { 0x36AF5145, 32, NDPI_PROTOCOL_TOR }, - { 0x36B9A3E2, 32, NDPI_PROTOCOL_TOR }, - { 0x36BB371D, 32, NDPI_PROTOCOL_TOR }, - { 0x36BBEF10, 32, NDPI_PROTOCOL_TOR }, - { 0x36BF1132, 32, NDPI_PROTOCOL_TOR }, - { 0x36BF7203, 32, NDPI_PROTOCOL_TOR }, - { 0x36BF80E4, 32, NDPI_PROTOCOL_TOR }, - { 0x36C25AB0, 32, NDPI_PROTOCOL_TOR }, - { 0x36D05F8F, 32, NDPI_PROTOCOL_TOR }, - { 0x36D5A676, 32, NDPI_PROTOCOL_TOR }, - { 0x36E035C2, 32, NDPI_PROTOCOL_TOR }, - { 0x36E44160, 32, NDPI_PROTOCOL_TOR }, - { 0x36E8A7C8, 32, NDPI_PROTOCOL_TOR }, - { 0x36EBF7DC, 32, NDPI_PROTOCOL_TOR }, - { 0x36EDB868, 32, NDPI_PROTOCOL_TOR }, - { 0x36FBC11C, 32, NDPI_PROTOCOL_TOR }, - { 0x36FBD0B4, 32, NDPI_PROTOCOL_TOR }, - { 0x36FC6132, 32, NDPI_PROTOCOL_TOR }, - { 0x3A0775BC, 32, NDPI_PROTOCOL_TOR }, - { 0x3A604E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x3AB78278, 32, NDPI_PROTOCOL_TOR }, - { 0x3B656242, 32, NDPI_PROTOCOL_TOR }, - { 0x3BA79B3B, 32, NDPI_PROTOCOL_TOR }, - { 0x3BB14C69, 32, NDPI_PROTOCOL_TOR }, - { 0x3C230879, 32, NDPI_PROTOCOL_TOR }, - { 0x3CEA7764, 32, NDPI_PROTOCOL_TOR }, - { 0x3CF2B70F, 32, NDPI_PROTOCOL_TOR }, - { 0x3CF8A2B3, 32, NDPI_PROTOCOL_TOR }, - { 0x3D56E640, 32, NDPI_PROTOCOL_TOR }, - { 0x3D5A3C79, 32, NDPI_PROTOCOL_TOR }, - { 0x3DCD303F, 32, NDPI_PROTOCOL_TOR }, - { 0x3DDB7725, 32, NDPI_PROTOCOL_TOR }, - { 0x3DE6AE3B, 32, NDPI_PROTOCOL_TOR }, - { 0x3DE6C615, 32, NDPI_PROTOCOL_TOR }, - { 0x3E040D0D, 32, NDPI_PROTOCOL_TOR }, - { 0x3E1E7D29, 32, NDPI_PROTOCOL_TOR }, - { 0x3E2BAF76, 32, NDPI_PROTOCOL_TOR }, - { 0x3E2C7FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x3E315C96, 32, NDPI_PROTOCOL_TOR }, - { 0x3E3F9D4E, 32, NDPI_PROTOCOL_TOR }, - { 0x3E3FEFD7, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B8EA6, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B8FA7, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B9617, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B9DC5, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B9FF9, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BB91A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BBB2A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BD198, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BEBDE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BF147, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BF17F, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BF74A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BFB9D, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BFDF7, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4C20B3, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4C2C95, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4D554A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E5C6F2D, 32, NDPI_PROTOCOL_TOR }, - { 0x3E6C249B, 32, NDPI_PROTOCOL_TOR }, - { 0x3E6C2530, 32, NDPI_PROTOCOL_TOR }, - { 0x3E6CAB4C, 32, NDPI_PROTOCOL_TOR }, - { 0x3E70C338, 32, NDPI_PROTOCOL_TOR }, - { 0x3E71DF9A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E71FA27, 32, NDPI_PROTOCOL_TOR }, - { 0x3E71FAB4, 32, NDPI_PROTOCOL_TOR }, - { 0x3E7A36A1, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D24D5, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D251E, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2574, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2CCE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2E36, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2EC1, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8F7968, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8F8DEE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8F91BE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8FDE16, 32, NDPI_PROTOCOL_TOR }, - { 0x3E92842F, 32, NDPI_PROTOCOL_TOR }, - { 0x3E93FB15, 32, NDPI_PROTOCOL_TOR }, - { 0x3E9502BC, 32, NDPI_PROTOCOL_TOR }, - { 0x3E950D39, 32, NDPI_PROTOCOL_TOR }, - { 0x3E982BCB, 32, NDPI_PROTOCOL_TOR }, - { 0x3EA803D4, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB0EFE5, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB287DB, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB5EEBA, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB63D99, 32, NDPI_PROTOCOL_TOR }, - { 0x3EC5289B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ECA279D, 32, NDPI_PROTOCOL_TOR }, - { 0x3ECB0AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ECC6EC6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED22410, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED22552, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24579, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED245EC, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24A37, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24A89, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24A8F, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24ABA, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24AC9, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24C60, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2522C, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED252A9, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED252B1, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25404, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25414, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED28438, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED28990, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED289E6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED289E6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AA0A, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AA1B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AA8F, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AC5E, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2B6BC, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2B6EF, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2BCDA, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2BD22, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2C698, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CC3D, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CE19, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CE19, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CE35, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2D3ED, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2ECAE, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2ED55, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2EE32, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2F088, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2F3A7, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2F3B1, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2FCAF, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED448F3, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED45233, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED454E5, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED45975, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED6063D, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED8D048, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED97CFD, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDA4B01, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDB2E85, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDBB62A, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC8781, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC88FD, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC9457, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC945E, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC9460, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC9461, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDCB113, 32, NDPI_PROTOCOL_TOR }, - { 0x3EE1CA01, 32, NDPI_PROTOCOL_TOR }, - { 0x3EE2FA55, 32, NDPI_PROTOCOL_TOR }, - { 0x3EE47585, 32, NDPI_PROTOCOL_TOR }, - { 0x3EF1F052, 32, NDPI_PROTOCOL_TOR }, - { 0x3EFF6FC3, 32, NDPI_PROTOCOL_TOR }, - { 0x3F770D78, 32, NDPI_PROTOCOL_TOR }, - { 0x3F8EF878, 32, NDPI_PROTOCOL_TOR }, - { 0x3FE761E4, 32, NDPI_PROTOCOL_TOR }, - { 0x3FE7B589, 32, NDPI_PROTOCOL_TOR }, - { 0x3FF95AF8, 32, NDPI_PROTOCOL_TOR }, - { 0x400535AF, 32, NDPI_PROTOCOL_TOR }, - { 0x40167D28, 32, NDPI_PROTOCOL_TOR }, - { 0x4022A5ED, 32, NDPI_PROTOCOL_TOR }, - { 0x403AC85C, 32, NDPI_PROTOCOL_TOR }, - { 0x403EF9DE, 32, NDPI_PROTOCOL_TOR }, - { 0x404552A0, 32, NDPI_PROTOCOL_TOR }, - { 0x40478F7C, 32, NDPI_PROTOCOL_TOR }, - { 0x404A7772, 32, NDPI_PROTOCOL_TOR }, - { 0x404E969E, 32, NDPI_PROTOCOL_TOR }, - { 0x405713F4, 32, NDPI_PROTOCOL_TOR }, - { 0x405F3C4B, 32, NDPI_PROTOCOL_TOR }, - { 0x4071201D, 32, NDPI_PROTOCOL_TOR }, - { 0x40712CCE, 32, NDPI_PROTOCOL_TOR }, - { 0x407E2B54, 32, NDPI_PROTOCOL_TOR }, - { 0x40801EE8, 32, NDPI_PROTOCOL_TOR }, - { 0x4096D384, 32, NDPI_PROTOCOL_TOR }, - { 0x40ED332E, 32, NDPI_PROTOCOL_TOR }, - { 0x40FB0E11, 32, NDPI_PROTOCOL_TOR }, - { 0x4113B2B1, 32, NDPI_PROTOCOL_TOR }, - { 0x411DE8C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4124628D, 32, NDPI_PROTOCOL_TOR }, - { 0x4132CB05, 32, NDPI_PROTOCOL_TOR }, - { 0x415E2693, 32, NDPI_PROTOCOL_TOR }, - { 0x416FBA42, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57080, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57159, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57188, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57BFE, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57F76, 32, NDPI_PROTOCOL_TOR }, - { 0x41BF4B1E, 32, NDPI_PROTOCOL_TOR }, - { 0x4207CDA4, 32, NDPI_PROTOCOL_TOR }, - { 0x42088235, 32, NDPI_PROTOCOL_TOR }, - { 0x4208A63E, 32, NDPI_PROTOCOL_TOR }, - { 0x421F2F84, 32, NDPI_PROTOCOL_TOR }, - { 0x421FD0F6, 32, NDPI_PROTOCOL_TOR }, - { 0x422DF72A, 32, NDPI_PROTOCOL_TOR }, - { 0x424217DA, 32, NDPI_PROTOCOL_TOR }, - { 0x4244A7E8, 32, NDPI_PROTOCOL_TOR }, - { 0x42558348, 32, NDPI_PROTOCOL_TOR }, - { 0x426CCBC5, 32, NDPI_PROTOCOL_TOR }, - { 0x426D18CC, 32, NDPI_PROTOCOL_TOR }, - { 0x426F0210, 32, NDPI_PROTOCOL_TOR }, - { 0x426F0214, 32, NDPI_PROTOCOL_TOR }, - { 0x42746CB3, 32, NDPI_PROTOCOL_TOR }, - { 0x4275090A, 32, NDPI_PROTOCOL_TOR }, - { 0x4283C0D3, 32, NDPI_PROTOCOL_TOR }, - { 0x4289E293, 32, NDPI_PROTOCOL_TOR }, - { 0x4292C11F, 32, NDPI_PROTOCOL_TOR }, - { 0x4294745A, 32, NDPI_PROTOCOL_TOR }, - { 0x42AB5188, 32, NDPI_PROTOCOL_TOR }, - { 0x42ABB3C2, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC0A43, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC0CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC0CFE, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC216A, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC21DC, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD3F2, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD3F9, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD695, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD695, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD94E, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFDC99, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFDD18, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFDF91, 32, NDPI_PROTOCOL_TOR }, - { 0x42B4C1DB, 32, NDPI_PROTOCOL_TOR }, - { 0x42C428FC, 32, NDPI_PROTOCOL_TOR }, - { 0x42DC03B3, 32, NDPI_PROTOCOL_TOR }, - { 0x42E421F8, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42752, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42772, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42CCC, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42FFE, 32, NDPI_PROTOCOL_TOR }, - { 0x42E436C3, 32, NDPI_PROTOCOL_TOR }, - { 0x42E43B18, 32, NDPI_PROTOCOL_TOR }, - { 0x42E43E5B, 32, NDPI_PROTOCOL_TOR }, - { 0x42F64BA7, 32, NDPI_PROTOCOL_TOR }, - { 0x42F8CC47, 32, NDPI_PROTOCOL_TOR }, - { 0x4300A951, 32, NDPI_PROTOCOL_TOR }, - { 0x4301F94A, 32, NDPI_PROTOCOL_TOR }, - { 0x43125C8D, 32, NDPI_PROTOCOL_TOR }, - { 0x43172B2E, 32, NDPI_PROTOCOL_TOR }, - { 0x4317B5ED, 32, NDPI_PROTOCOL_TOR }, - { 0x4355853B, 32, NDPI_PROTOCOL_TOR }, - { 0x43564FB9, 32, NDPI_PROTOCOL_TOR }, - { 0x4395F029, 32, NDPI_PROTOCOL_TOR }, - { 0x439EE2CA, 32, NDPI_PROTOCOL_TOR }, - { 0x43A58EE2, 32, NDPI_PROTOCOL_TOR }, - { 0x43A864B7, 32, NDPI_PROTOCOL_TOR }, - { 0x43A92D7F, 32, NDPI_PROTOCOL_TOR }, - { 0x43AD3984, 32, NDPI_PROTOCOL_TOR }, - { 0x43AD4C19, 32, NDPI_PROTOCOL_TOR }, - { 0x43B43F19, 32, NDPI_PROTOCOL_TOR }, - { 0x43B799D5, 32, NDPI_PROTOCOL_TOR }, - { 0x43CD598E, 32, NDPI_PROTOCOL_TOR }, - { 0x43CD704A, 32, NDPI_PROTOCOL_TOR }, - { 0x43D7FF8C, 32, NDPI_PROTOCOL_TOR }, - { 0x43DC16BF, 32, NDPI_PROTOCOL_TOR }, - { 0x43F43639, 32, NDPI_PROTOCOL_TOR }, - { 0x43F98A71, 32, NDPI_PROTOCOL_TOR }, - { 0x43FDF527, 32, NDPI_PROTOCOL_TOR }, - { 0x43FF09CB, 32, NDPI_PROTOCOL_TOR }, - { 0x440440C6, 32, NDPI_PROTOCOL_TOR }, - { 0x440859BD, 32, NDPI_PROTOCOL_TOR }, - { 0x44094F72, 32, NDPI_PROTOCOL_TOR }, - { 0x440FB66B, 32, NDPI_PROTOCOL_TOR }, - { 0x442300D4, 32, NDPI_PROTOCOL_TOR }, - { 0x44238420, 32, NDPI_PROTOCOL_TOR }, - { 0x44240EFA, 32, NDPI_PROTOCOL_TOR }, - { 0x44342124, 32, NDPI_PROTOCOL_TOR }, - { 0x4434AFBE, 32, NDPI_PROTOCOL_TOR }, - { 0x443A307C, 32, NDPI_PROTOCOL_TOR }, - { 0x4440A1EE, 32, NDPI_PROTOCOL_TOR }, - { 0x44416405, 32, NDPI_PROTOCOL_TOR }, - { 0x44429AD6, 32, NDPI_PROTOCOL_TOR }, - { 0x44432303, 32, NDPI_PROTOCOL_TOR }, - { 0x44472E8A, 32, NDPI_PROTOCOL_TOR }, - { 0x445011A0, 32, NDPI_PROTOCOL_TOR }, - { 0x44590067, 32, NDPI_PROTOCOL_TOR }, - { 0x4461BFC0, 32, NDPI_PROTOCOL_TOR }, - { 0x44669EA3, 32, NDPI_PROTOCOL_TOR }, - { 0x4468364B, 32, NDPI_PROTOCOL_TOR }, - { 0x44706295, 32, NDPI_PROTOCOL_TOR }, - { 0x4471943A, 32, NDPI_PROTOCOL_TOR }, - { 0x4494A2D8, 32, NDPI_PROTOCOL_TOR }, - { 0x449528B7, 32, NDPI_PROTOCOL_TOR }, - { 0x44B7A9A7, 32, NDPI_PROTOCOL_TOR }, - { 0x44BB40FC, 32, NDPI_PROTOCOL_TOR }, - { 0x44E003CC, 32, NDPI_PROTOCOL_TOR }, - { 0x44E003CC, 32, NDPI_PROTOCOL_TOR }, - { 0x44E4F314, 32, NDPI_PROTOCOL_TOR }, - { 0x44E7DBD4, 32, NDPI_PROTOCOL_TOR }, - { 0x44E9EBD9, 32, NDPI_PROTOCOL_TOR }, - { 0x450C569F, 32, NDPI_PROTOCOL_TOR }, - { 0x450D2623, 32, NDPI_PROTOCOL_TOR }, - { 0x451B5416, 32, NDPI_PROTOCOL_TOR }, - { 0x451C5230, 32, NDPI_PROTOCOL_TOR }, - { 0x451C5A69, 32, NDPI_PROTOCOL_TOR }, - { 0x452731C9, 32, NDPI_PROTOCOL_TOR }, - { 0x4532A549, 32, NDPI_PROTOCOL_TOR }, - { 0x453EA2B2, 32, NDPI_PROTOCOL_TOR }, - { 0x45402255, 32, NDPI_PROTOCOL_TOR }, - { 0x454027B4, 32, NDPI_PROTOCOL_TOR }, - { 0x454030A8, 32, NDPI_PROTOCOL_TOR }, - { 0x45403430, 32, NDPI_PROTOCOL_TOR }, - { 0x4543FC87, 32, NDPI_PROTOCOL_TOR }, - { 0x45596485, 32, NDPI_PROTOCOL_TOR }, - { 0x455A97E5, 32, NDPI_PROTOCOL_TOR }, - { 0x455D7F39, 32, NDPI_PROTOCOL_TOR }, - { 0x45722B5C, 32, NDPI_PROTOCOL_TOR }, - { 0x45733217, 32, NDPI_PROTOCOL_TOR }, - { 0x4573C28D, 32, NDPI_PROTOCOL_TOR }, - { 0x4588E954, 32, NDPI_PROTOCOL_TOR }, - { 0x458A00E2, 32, NDPI_PROTOCOL_TOR }, - { 0x458AB189, 32, NDPI_PROTOCOL_TOR }, - { 0x458D2BC5, 32, NDPI_PROTOCOL_TOR }, - { 0x45928DBA, 32, NDPI_PROTOCOL_TOR }, - { 0x45A26B05, 32, NDPI_PROTOCOL_TOR }, - { 0x45A28B09, 32, NDPI_PROTOCOL_TOR }, - { 0x45A323DE, 32, NDPI_PROTOCOL_TOR }, - { 0x45A3640C, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C3F0, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C4EE, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C524, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C620, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C696, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4CD93, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4CEB0, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4CFEA, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D108, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D197, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D312, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D4B4, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D6FA, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D852, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4DD41, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4DD4E, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4DD99, 32, NDPI_PROTOCOL_TOR }, - { 0x45AC94F2, 32, NDPI_PROTOCOL_TOR }, - { 0x45AC9C67, 32, NDPI_PROTOCOL_TOR }, - { 0x45ACE727, 32, NDPI_PROTOCOL_TOR }, - { 0x45B57E1B, 32, NDPI_PROTOCOL_TOR }, - { 0x45C38CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x45C456D6, 32, NDPI_PROTOCOL_TOR }, - { 0x45C4AE92, 32, NDPI_PROTOCOL_TOR }, - { 0x45C5AF23, 32, NDPI_PROTOCOL_TOR }, - { 0x45C5AF24, 32, NDPI_PROTOCOL_TOR }, - { 0x45F5523E, 32, NDPI_PROTOCOL_TOR }, - { 0x460F3C1D, 32, NDPI_PROTOCOL_TOR }, - { 0x4618CF2E, 32, NDPI_PROTOCOL_TOR }, - { 0x462438C6, 32, NDPI_PROTOCOL_TOR }, - { 0x46261F79, 32, NDPI_PROTOCOL_TOR }, - { 0x462C2054, 32, NDPI_PROTOCOL_TOR }, - { 0x463D61E4, 32, NDPI_PROTOCOL_TOR }, - { 0x463D61E5, 32, NDPI_PROTOCOL_TOR }, - { 0x463FAA56, 32, NDPI_PROTOCOL_TOR }, - { 0x46551FF2, 32, NDPI_PROTOCOL_TOR }, - { 0x4663CC61, 32, NDPI_PROTOCOL_TOR }, - { 0x4670A038, 32, NDPI_PROTOCOL_TOR }, - { 0x4670A341, 32, NDPI_PROTOCOL_TOR }, - { 0x467176E8, 32, NDPI_PROTOCOL_TOR }, - { 0x46721018, 32, NDPI_PROTOCOL_TOR }, - { 0x46A22F33, 32, NDPI_PROTOCOL_TOR }, - { 0x46A2595A, 32, NDPI_PROTOCOL_TOR }, - { 0x46A56AAE, 32, NDPI_PROTOCOL_TOR }, - { 0x46A923AD, 32, NDPI_PROTOCOL_TOR }, - { 0x46B5013D, 32, NDPI_PROTOCOL_TOR }, - { 0x46BB9A33, 32, NDPI_PROTOCOL_TOR }, - { 0x46BED043, 32, NDPI_PROTOCOL_TOR }, - { 0x470EB6E8, 32, NDPI_PROTOCOL_TOR }, - { 0x47139515, 32, NDPI_PROTOCOL_TOR }, - { 0x4713954E, 32, NDPI_PROTOCOL_TOR }, - { 0x47139BBB, 32, NDPI_PROTOCOL_TOR }, - { 0x47139D7F, 32, NDPI_PROTOCOL_TOR }, - { 0x47139DD5, 32, NDPI_PROTOCOL_TOR }, - { 0x47236A50, 32, NDPI_PROTOCOL_TOR }, - { 0x4738B62B, 32, NDPI_PROTOCOL_TOR }, - { 0x474BC940, 32, NDPI_PROTOCOL_TOR }, - { 0x474F591F, 32, NDPI_PROTOCOL_TOR }, - { 0x474F9691, 32, NDPI_PROTOCOL_TOR }, - { 0x475ACDF8, 32, NDPI_PROTOCOL_TOR }, - { 0x475F28FC, 32, NDPI_PROTOCOL_TOR }, - { 0x47872D47, 32, NDPI_PROTOCOL_TOR }, - { 0x47A59723, 32, NDPI_PROTOCOL_TOR }, - { 0x47A79A15, 32, NDPI_PROTOCOL_TOR }, - { 0x47AE3E2D, 32, NDPI_PROTOCOL_TOR }, - { 0x47B1E232, 32, NDPI_PROTOCOL_TOR }, - { 0x47B76C25, 32, NDPI_PROTOCOL_TOR }, - { 0x47B8FBE9, 32, NDPI_PROTOCOL_TOR }, - { 0x47B9233B, 32, NDPI_PROTOCOL_TOR }, - { 0x47B9AB0D, 32, NDPI_PROTOCOL_TOR }, - { 0x47C3DB07, 32, NDPI_PROTOCOL_TOR }, - { 0x47C5EB05, 32, NDPI_PROTOCOL_TOR }, - { 0x47C5FE48, 32, NDPI_PROTOCOL_TOR }, - { 0x47C772A6, 32, NDPI_PROTOCOL_TOR }, - { 0x47CAB8E5, 32, NDPI_PROTOCOL_TOR }, - { 0x47CC7AF0, 32, NDPI_PROTOCOL_TOR }, - { 0x47D7CE97, 32, NDPI_PROTOCOL_TOR }, - { 0x47DBB265, 32, NDPI_PROTOCOL_TOR }, - { 0x47DE7EC5, 32, NDPI_PROTOCOL_TOR }, - { 0x47E0883A, 32, NDPI_PROTOCOL_TOR }, - { 0x47E6FD44, 32, NDPI_PROTOCOL_TOR }, - { 0x47E7BE7B, 32, NDPI_PROTOCOL_TOR }, - { 0x47EB4AB7, 32, NDPI_PROTOCOL_TOR }, - { 0x47F5506C, 32, NDPI_PROTOCOL_TOR }, - { 0x47FB9E4B, 32, NDPI_PROTOCOL_TOR }, - { 0x4800E332, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB0AC, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB1A4, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB30A, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB3A3, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB552, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB83D, 32, NDPI_PROTOCOL_TOR }, - { 0x480EBAE2, 32, NDPI_PROTOCOL_TOR }, - { 0x481AD093, 32, NDPI_PROTOCOL_TOR }, - { 0x481DA212, 32, NDPI_PROTOCOL_TOR }, - { 0x482E9BBA, 32, NDPI_PROTOCOL_TOR }, - { 0x48332350, 32, NDPI_PROTOCOL_TOR }, - { 0x48344B1B, 32, NDPI_PROTOCOL_TOR }, - { 0x48345B16, 32, NDPI_PROTOCOL_TOR }, - { 0x48345B1D, 32, NDPI_PROTOCOL_TOR }, - { 0x48345B1E, 32, NDPI_PROTOCOL_TOR }, - { 0x48358586, 32, NDPI_PROTOCOL_TOR }, - { 0x484200E9, 32, NDPI_PROTOCOL_TOR }, - { 0x4845E5D5, 32, NDPI_PROTOCOL_TOR }, - { 0x4845F863, 32, NDPI_PROTOCOL_TOR }, - { 0x484E8BB9, 32, NDPI_PROTOCOL_TOR }, - { 0x48531759, 32, NDPI_PROTOCOL_TOR }, - { 0x4859E93A, 32, NDPI_PROTOCOL_TOR }, - { 0x485DF597, 32, NDPI_PROTOCOL_TOR }, - { 0x488184C2, 32, NDPI_PROTOCOL_TOR }, - { 0x488313EC, 32, NDPI_PROTOCOL_TOR }, - { 0x48A0F076, 32, NDPI_PROTOCOL_TOR }, - { 0x48AEAC8D, 32, NDPI_PROTOCOL_TOR }, - { 0x48B13B6E, 32, NDPI_PROTOCOL_TOR }, - { 0x48C0D011, 32, NDPI_PROTOCOL_TOR }, - { 0x48C105B0, 32, NDPI_PROTOCOL_TOR }, - { 0x48C5C123, 32, NDPI_PROTOCOL_TOR }, - { 0x48D1B426, 32, NDPI_PROTOCOL_TOR }, - { 0x48D1DB9A, 32, NDPI_PROTOCOL_TOR }, - { 0x48D8ECC2, 32, NDPI_PROTOCOL_TOR }, - { 0x48DCAD6B, 32, NDPI_PROTOCOL_TOR }, - { 0x48DE8A0C, 32, NDPI_PROTOCOL_TOR }, - { 0x48E1295B, 32, NDPI_PROTOCOL_TOR }, - { 0x48EFE271, 32, NDPI_PROTOCOL_TOR }, - { 0x48F9B964, 32, NDPI_PROTOCOL_TOR }, - { 0x48FAD50D, 32, NDPI_PROTOCOL_TOR }, - { 0x48FD5C2C, 32, NDPI_PROTOCOL_TOR }, - { 0x49041E43, 32, NDPI_PROTOCOL_TOR }, - { 0x49043472, 32, NDPI_PROTOCOL_TOR }, - { 0x4906D179, 32, NDPI_PROTOCOL_TOR }, - { 0x4908B6E5, 32, NDPI_PROTOCOL_TOR }, - { 0x490B9E26, 32, NDPI_PROTOCOL_TOR }, - { 0x490F96AC, 32, NDPI_PROTOCOL_TOR }, - { 0x490FFEF1, 32, NDPI_PROTOCOL_TOR }, - { 0x49134ECD, 32, NDPI_PROTOCOL_TOR }, - { 0x491610C3, 32, NDPI_PROTOCOL_TOR }, - { 0x492574A8, 32, NDPI_PROTOCOL_TOR }, - { 0x4926F8B6, 32, NDPI_PROTOCOL_TOR }, - { 0x49274DA6, 32, NDPI_PROTOCOL_TOR }, - { 0x492C8639, 32, NDPI_PROTOCOL_TOR }, - { 0x492D254B, 32, NDPI_PROTOCOL_TOR }, - { 0x492FF6DF, 32, NDPI_PROTOCOL_TOR }, - { 0x49304E30, 32, NDPI_PROTOCOL_TOR }, - { 0x49308BE2, 32, NDPI_PROTOCOL_TOR }, - { 0x498400F7, 32, NDPI_PROTOCOL_TOR }, - { 0x4984FA0B, 32, NDPI_PROTOCOL_TOR }, - { 0x49A3EC5F, 32, NDPI_PROTOCOL_TOR }, - { 0x49A5F4EE, 32, NDPI_PROTOCOL_TOR }, - { 0x49A64EFD, 32, NDPI_PROTOCOL_TOR }, - { 0x49A69CAC, 32, NDPI_PROTOCOL_TOR }, - { 0x49AA0647, 32, NDPI_PROTOCOL_TOR }, - { 0x49AC98E6, 32, NDPI_PROTOCOL_TOR }, - { 0x49C08B3F, 32, NDPI_PROTOCOL_TOR }, - { 0x49C0E718, 32, NDPI_PROTOCOL_TOR }, - { 0x49C6A499, 32, NDPI_PROTOCOL_TOR }, - { 0x49C7CBB9, 32, NDPI_PROTOCOL_TOR }, - { 0x49CAE19F, 32, NDPI_PROTOCOL_TOR }, - { 0x49D03060, 32, NDPI_PROTOCOL_TOR }, - { 0x49D0409E, 32, NDPI_PROTOCOL_TOR }, - { 0x49D0A2E1, 32, NDPI_PROTOCOL_TOR }, - { 0x49D932BB, 32, NDPI_PROTOCOL_TOR }, - { 0x49DE0E0A, 32, NDPI_PROTOCOL_TOR }, - { 0x4A03A527, 32, NDPI_PROTOCOL_TOR }, - { 0x4A323644, 32, NDPI_PROTOCOL_TOR }, - { 0x4A3BA760, 32, NDPI_PROTOCOL_TOR }, - { 0x4A3BCC47, 32, NDPI_PROTOCOL_TOR }, - { 0x4A436379, 32, NDPI_PROTOCOL_TOR }, - { 0x4A47FA54, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5203E0, 32, NDPI_PROTOCOL_TOR }, - { 0x4A536574, 32, NDPI_PROTOCOL_TOR }, - { 0x4A561813, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5B1B8D, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5B1B8E, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5E43C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5FBB69, 32, NDPI_PROTOCOL_TOR }, - { 0x4A60E7B2, 32, NDPI_PROTOCOL_TOR }, - { 0x4A621760, 32, NDPI_PROTOCOL_TOR }, - { 0x4A65C9F9, 32, NDPI_PROTOCOL_TOR }, - { 0x4A677F7F, 32, NDPI_PROTOCOL_TOR }, - { 0x4A6DF071, 32, NDPI_PROTOCOL_TOR }, - { 0x4A74BA78, 32, NDPI_PROTOCOL_TOR }, - { 0x4A79B693, 32, NDPI_PROTOCOL_TOR }, - { 0x4A7CAB14, 32, NDPI_PROTOCOL_TOR }, - { 0x4A8AA23A, 32, NDPI_PROTOCOL_TOR }, - { 0x4AB9DBC9, 32, NDPI_PROTOCOL_TOR }, - { 0x4AC09417, 32, NDPI_PROTOCOL_TOR }, - { 0x4AC14C45, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACEB5A4, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE03F, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE03F, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE7BA, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE7FA, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE998, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFECC5, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFED2C, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFEDA7, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFEDA7, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFF207, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFF86E, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFF9A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFFB6D, 32, NDPI_PROTOCOL_TOR }, - { 0x4AD045C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4AD04E82, 32, NDPI_PROTOCOL_TOR }, - { 0x4AD2C50C, 32, NDPI_PROTOCOL_TOR }, - { 0x4B013890, 32, NDPI_PROTOCOL_TOR }, - { 0x4B09754D, 32, NDPI_PROTOCOL_TOR }, - { 0x4B435766, 32, NDPI_PROTOCOL_TOR }, - { 0x4B451E4D, 32, NDPI_PROTOCOL_TOR }, - { 0x4B488B38, 32, NDPI_PROTOCOL_TOR }, - { 0x4B4F23FE, 32, NDPI_PROTOCOL_TOR }, - { 0x4B50A0EC, 32, NDPI_PROTOCOL_TOR }, - { 0x4B5169DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4B52A04D, 32, NDPI_PROTOCOL_TOR }, - { 0x4B54A327, 32, NDPI_PROTOCOL_TOR }, - { 0x4B6189EA, 32, NDPI_PROTOCOL_TOR }, - { 0x4B642932, 32, NDPI_PROTOCOL_TOR }, - { 0x4B65602F, 32, NDPI_PROTOCOL_TOR }, - { 0x4B7650AB, 32, NDPI_PROTOCOL_TOR }, - { 0x4B76EED4, 32, NDPI_PROTOCOL_TOR }, - { 0x4B77E8C9, 32, NDPI_PROTOCOL_TOR }, - { 0x4B7F0F49, 32, NDPI_PROTOCOL_TOR }, - { 0x4B82033A, 32, NDPI_PROTOCOL_TOR }, - { 0x4B849247, 32, NDPI_PROTOCOL_TOR }, - { 0x4B8567ED, 32, NDPI_PROTOCOL_TOR }, - { 0x4B8FB432, 32, NDPI_PROTOCOL_TOR }, - { 0x4B91CDB1, 32, NDPI_PROTOCOL_TOR }, - { 0x4B965B14, 32, NDPI_PROTOCOL_TOR }, - { 0x4B965B15, 32, NDPI_PROTOCOL_TOR }, - { 0x4BA665D5, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB117FE, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB38B1A, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB3AFC4, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB66C77, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB93208, 32, NDPI_PROTOCOL_TOR }, - { 0x4C0A8078, 32, NDPI_PROTOCOL_TOR }, - { 0x4C0CDB68, 32, NDPI_PROTOCOL_TOR }, - { 0x4C17D13D, 32, NDPI_PROTOCOL_TOR }, - { 0x4C1ACBF3, 32, NDPI_PROTOCOL_TOR }, - { 0x4C1CD1A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4C1CEA17, 32, NDPI_PROTOCOL_TOR }, - { 0x4C400D9B, 32, NDPI_PROTOCOL_TOR }, - { 0x4C490364, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4903AE, 32, NDPI_PROTOCOL_TOR }, - { 0x4C493996, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4AB2F6, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4ADB8A, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4C08E8, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4F2E66, 32, NDPI_PROTOCOL_TOR }, - { 0x4C55CFD4, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5BCBA2, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5BE269, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5CE1D8, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5DD733, 32, NDPI_PROTOCOL_TOR }, - { 0x4C63DE9C, 32, NDPI_PROTOCOL_TOR }, - { 0x4C66C7AA, 32, NDPI_PROTOCOL_TOR }, - { 0x4C6A2761, 32, NDPI_PROTOCOL_TOR }, - { 0x4C702F3C, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7153C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4C732D7C, 32, NDPI_PROTOCOL_TOR }, - { 0x4C73829B, 32, NDPI_PROTOCOL_TOR }, - { 0x4C778735, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7A13E6, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7BBBD2, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7C660E, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7CAF69, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7E0D52, 32, NDPI_PROTOCOL_TOR }, - { 0x4CAA4864, 32, NDPI_PROTOCOL_TOR }, - { 0x4CAEFDD2, 32, NDPI_PROTOCOL_TOR }, - { 0x4CB28C0E, 32, NDPI_PROTOCOL_TOR }, - { 0x4CB9120F, 32, NDPI_PROTOCOL_TOR }, - { 0x4CBAB2BC, 32, NDPI_PROTOCOL_TOR }, - { 0x4CBC4252, 32, NDPI_PROTOCOL_TOR }, - { 0x4CBFD7D7, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD11461, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD90D94, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD90D94, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD995F0, 32, NDPI_PROTOCOL_TOR }, - { 0x4D00C9A3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D01045C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D04EB00, 32, NDPI_PROTOCOL_TOR }, - { 0x4D06EDF4, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0A7CF0, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0AAEE8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0AD0A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C1CB8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C1CB8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C65BB, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C84CC, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0DB854, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0DBCEF, 32, NDPI_PROTOCOL_TOR }, - { 0x4D142DA8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D1430C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4D145762, 32, NDPI_PROTOCOL_TOR }, - { 0x4D149215, 32, NDPI_PROTOCOL_TOR }, - { 0x4D149784, 32, NDPI_PROTOCOL_TOR }, - { 0x4D14C9D3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D1505EA, 32, NDPI_PROTOCOL_TOR }, - { 0x4D15295E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D154971, 32, NDPI_PROTOCOL_TOR }, - { 0x4D154D67, 32, NDPI_PROTOCOL_TOR }, - { 0x4D15D971, 32, NDPI_PROTOCOL_TOR }, - { 0x4D170724, 32, NDPI_PROTOCOL_TOR }, - { 0x4D170A99, 32, NDPI_PROTOCOL_TOR }, - { 0x4D171AE2, 32, NDPI_PROTOCOL_TOR }, - { 0x4D176F1E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D250CBF, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2588A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4D25B87E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D25DA91, 32, NDPI_PROTOCOL_TOR }, - { 0x4D25F08E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D292F5B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2DFD87, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2F7D6F, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2FD16E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D32EB4C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D343FC5, 32, NDPI_PROTOCOL_TOR }, - { 0x4D3856DC, 32, NDPI_PROTOCOL_TOR }, - { 0x4D396860, 32, NDPI_PROTOCOL_TOR }, - { 0x4D3A033E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D3AD4A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4D40D46F, 32, NDPI_PROTOCOL_TOR }, - { 0x4D422DE3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D422E18, 32, NDPI_PROTOCOL_TOR }, - { 0x4D44245D, 32, NDPI_PROTOCOL_TOR }, - { 0x4D463F8D, 32, NDPI_PROTOCOL_TOR }, - { 0x4D48932F, 32, NDPI_PROTOCOL_TOR }, - { 0x4D489696, 32, NDPI_PROTOCOL_TOR }, - { 0x4D4E77D3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D51F029, 32, NDPI_PROTOCOL_TOR }, - { 0x4D56C546, 32, NDPI_PROTOCOL_TOR }, - { 0x4D56CC64, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6220E9, 32, NDPI_PROTOCOL_TOR }, - { 0x4D66D762, 32, NDPI_PROTOCOL_TOR }, - { 0x4D69D0D9, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8A2A, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8A2B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8A2C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B1A, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B1B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B1C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B57, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8D8A, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8D8B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8D8C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6DB99C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D765894, 32, NDPI_PROTOCOL_TOR }, - { 0x4D7B5606, 32, NDPI_PROTOCOL_TOR }, - { 0x4D834130, 32, NDPI_PROTOCOL_TOR }, - { 0x4D86A910, 32, NDPI_PROTOCOL_TOR }, - { 0x4D98FB30, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAA0102, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAE88F2, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAEB4C5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAEF986, 32, NDPI_PROTOCOL_TOR }, - { 0x4DC5A34D, 32, NDPI_PROTOCOL_TOR }, - { 0x4DCBDD5B, 32, NDPI_PROTOCOL_TOR }, - { 0x4DCF4DB2, 32, NDPI_PROTOCOL_TOR }, - { 0x4DCF6FCE, 32, NDPI_PROTOCOL_TOR }, - { 0x4DDF4BCF, 32, NDPI_PROTOCOL_TOR }, - { 0x4DE4A752, 32, NDPI_PROTOCOL_TOR }, - { 0x4DE4AF4A, 32, NDPI_PROTOCOL_TOR }, - { 0x4DE9EE82, 32, NDPI_PROTOCOL_TOR }, - { 0x4DEA31CE, 32, NDPI_PROTOCOL_TOR }, - { 0x4DEA947A, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF30962, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE3, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE4, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE6, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF6D813, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A2, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A3, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A3, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A4, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A6, 32, NDPI_PROTOCOL_TOR }, - { 0x4DFB6AF8, 32, NDPI_PROTOCOL_TOR }, - { 0x4DFEAE40, 32, NDPI_PROTOCOL_TOR }, - { 0x4E08A504, 32, NDPI_PROTOCOL_TOR }, - { 0x4E0D3D36, 32, NDPI_PROTOCOL_TOR }, - { 0x4E1506A1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E18DA8A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E1B6E57, 32, NDPI_PROTOCOL_TOR }, - { 0x4E1FA429, 32, NDPI_PROTOCOL_TOR }, - { 0x4E227847, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2917A2, 32, NDPI_PROTOCOL_TOR }, - { 0x4E29E9C0, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2A9D62, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2B689D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2B752E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2B8EB1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2D136A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E1188, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E2BDD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E2DF2, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E337C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E350B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E3C1E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E40F5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E4229, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E50F7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E512D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E5F14, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E69F1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E6A6F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E6B0F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E70DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E7B22, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E7BAC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E943A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E970B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E9713, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E989E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EA78D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EB0A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EC54B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EDA0B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EDC82, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EDD7D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EE185, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EEFB7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EF724, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EF729, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F0406, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F10A6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F126E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F1BF6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F2323, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F273C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F27BC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F297D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F2CBC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F2CD4, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F31EB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F325C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F35B7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F3DDE, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F405B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F49B6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5462, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5699, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5D0C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5DC8, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5F9C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F8606, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F8B62, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F9199, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F94AE, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F963D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FA559, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FA844, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FABA6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FACF4, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FAE9B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FBAF3, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FBC04, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FBFDD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FC5AC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FD81C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FDABE, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FDBA6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FDE4A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE0DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE208, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE568, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE56B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E301266, 32, NDPI_PROTOCOL_TOR }, - { 0x4E30213F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E30E5E7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E314714, 32, NDPI_PROTOCOL_TOR }, - { 0x4E337866, 32, NDPI_PROTOCOL_TOR }, - { 0x4E339FA4, 32, NDPI_PROTOCOL_TOR }, - { 0x4E341CCA, 32, NDPI_PROTOCOL_TOR }, - { 0x4E344588, 32, NDPI_PROTOCOL_TOR }, - { 0x4E345BC2, 32, NDPI_PROTOCOL_TOR }, - { 0x4E34709C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E3500BA, 32, NDPI_PROTOCOL_TOR }, - { 0x4E3543BB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E3578C0, 32, NDPI_PROTOCOL_TOR }, - { 0x4E35D113, 32, NDPI_PROTOCOL_TOR }, - { 0x4E36B32D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E36B849, 32, NDPI_PROTOCOL_TOR }, - { 0x4E37167F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E371BD3, 32, NDPI_PROTOCOL_TOR }, - { 0x4E37EECD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E382816, 32, NDPI_PROTOCOL_TOR }, - { 0x4E38837E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E448EF1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E455699, 32, NDPI_PROTOCOL_TOR }, - { 0x4E460AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E559863, 32, NDPI_PROTOCOL_TOR }, - { 0x4E55C395, 32, NDPI_PROTOCOL_TOR }, - { 0x4E582ECD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5A0FE5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5A8252, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5E71A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5EC2DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5EFD61, 32, NDPI_PROTOCOL_TOR }, - { 0x4E66CF73, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6A9813, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BE9E5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BED10, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BEFD5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BFE79, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6C3F2C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6C3F2E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6EA0B9, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6F4E8C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6FEE6B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E73B49D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E787A3F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E81891C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E81A639, 32, NDPI_PROTOCOL_TOR }, - { 0x4E81B421, 32, NDPI_PROTOCOL_TOR }, - { 0x4E833886, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8B7228, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8D50EC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8E8EF6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8E918D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8EAF46, 32, NDPI_PROTOCOL_TOR }, - { 0x4E91349D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9BA97A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9C75EC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9C77C8, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9DC871, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9F3CC3, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC0BD4C, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC0F14B, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC1067E, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC128CD, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC128FE, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC14F78, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC15603, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC1674D, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC1A442, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC6B4CD, 32, NDPI_PROTOCOL_TOR }, - { 0x4ECD5081, 32, NDPI_PROTOCOL_TOR }, - { 0x4EDA527F, 32, NDPI_PROTOCOL_TOR }, - { 0x4EDD8C72, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE030F7, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE0F0C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE2A060, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE588B8, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE96597, 32, NDPI_PROTOCOL_TOR }, - { 0x4EEC369E, 32, NDPI_PROTOCOL_TOR }, - { 0x4EEF7556, 32, NDPI_PROTOCOL_TOR }, - { 0x4EF7B665, 32, NDPI_PROTOCOL_TOR }, - { 0x4EF8D759, 32, NDPI_PROTOCOL_TOR }, - { 0x4F4771F0, 32, NDPI_PROTOCOL_TOR }, - { 0x4F501132, 32, NDPI_PROTOCOL_TOR }, - { 0x4F59660B, 32, NDPI_PROTOCOL_TOR }, - { 0x4F621F2A, 32, NDPI_PROTOCOL_TOR }, - { 0x4F660402, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6D109F, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6D94CB, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6F13C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6F51A0, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6FDA32, 32, NDPI_PROTOCOL_TOR }, - { 0x4F700984, 32, NDPI_PROTOCOL_TOR }, - { 0x4F716914, 32, NDPI_PROTOCOL_TOR }, - { 0x4F780A62, 32, NDPI_PROTOCOL_TOR }, - { 0x4F78282D, 32, NDPI_PROTOCOL_TOR }, - { 0x4F7851B7, 32, NDPI_PROTOCOL_TOR }, - { 0x4F825F7B, 32, NDPI_PROTOCOL_TOR }, - { 0x4F861BFF, 32, NDPI_PROTOCOL_TOR }, - { 0x4F86EAC8, 32, NDPI_PROTOCOL_TOR }, - { 0x4F86EB05, 32, NDPI_PROTOCOL_TOR }, - { 0x4F86FF23, 32, NDPI_PROTOCOL_TOR }, - { 0x4F87465A, 32, NDPI_PROTOCOL_TOR }, - { 0x4F881D2B, 32, NDPI_PROTOCOL_TOR }, - { 0x4F882ABE, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8BBDB9, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C27CA, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C2975, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C2976, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C4005, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8E6A54, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8FB36A, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8FB572, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8FBC46, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA04C99, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA0A26A, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA438F1, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA45FB4, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA5B4F3, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA5DFD1, 32, NDPI_PROTOCOL_TOR }, - { 0x4FAC1212, 32, NDPI_PROTOCOL_TOR }, - { 0x4FAC1CCD, 32, NDPI_PROTOCOL_TOR }, - { 0x4FACC120, 32, NDPI_PROTOCOL_TOR }, - { 0x4FACCC24, 32, NDPI_PROTOCOL_TOR }, - { 0x4FACF908, 32, NDPI_PROTOCOL_TOR }, - { 0x4FB73E97, 32, NDPI_PROTOCOL_TOR }, - { 0x4FBD0233, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC17B35, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC3BA9D, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC5C597, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC8C7B3, 32, NDPI_PROTOCOL_TOR }, - { 0x4FCA6B3A, 32, NDPI_PROTOCOL_TOR }, - { 0x4FCB519B, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD446F9, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD62F35, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD6C9C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD6E742, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD7DEA0, 32, NDPI_PROTOCOL_TOR }, - { 0x4FDCC79F, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE25CA4, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE2CDCD, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE2DAE6, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE3BBBF, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE478A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE4EA15, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE5C024, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE755CF, 32, NDPI_PROTOCOL_TOR }, - { 0x4FEA50ED, 32, NDPI_PROTOCOL_TOR }, - { 0x4FEB63B5, 32, NDPI_PROTOCOL_TOR }, - { 0x4FEC5A62, 32, NDPI_PROTOCOL_TOR }, - { 0x4FECD8B0, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF15810, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF19FF7, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF1D2DC, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF1D690, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF2515A, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF35735, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF5435F, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF58FAB, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF6CF32, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF77321, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF87986, 32, NDPI_PROTOCOL_TOR }, - { 0x4FFBF5CA, 32, NDPI_PROTOCOL_TOR }, - { 0x4FFF9947, 32, NDPI_PROTOCOL_TOR }, - { 0x50025741, 32, NDPI_PROTOCOL_TOR }, - { 0x5004F810, 32, NDPI_PROTOCOL_TOR }, - { 0x500593F5, 32, NDPI_PROTOCOL_TOR }, - { 0x500C5EB8, 32, NDPI_PROTOCOL_TOR }, - { 0x502A9965, 32, NDPI_PROTOCOL_TOR }, - { 0x502AA456, 32, NDPI_PROTOCOL_TOR }, - { 0x50390AA9, 32, NDPI_PROTOCOL_TOR }, - { 0x50393FB3, 32, NDPI_PROTOCOL_TOR }, - { 0x50397C3A, 32, NDPI_PROTOCOL_TOR }, - { 0x5042877B, 32, NDPI_PROTOCOL_TOR }, - { 0x5043AC13, 32, NDPI_PROTOCOL_TOR }, - { 0x504459B6, 32, NDPI_PROTOCOL_TOR }, - { 0x50445CF9, 32, NDPI_PROTOCOL_TOR }, - { 0x50478577, 32, NDPI_PROTOCOL_TOR }, - { 0x504786B5, 32, NDPI_PROTOCOL_TOR }, - { 0x5049D3D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5049F28E, 32, NDPI_PROTOCOL_TOR }, - { 0x504EF251, 32, NDPI_PROTOCOL_TOR }, - { 0x504EF656, 32, NDPI_PROTOCOL_TOR }, - { 0x504F1707, 32, NDPI_PROTOCOL_TOR }, - { 0x5051111F, 32, NDPI_PROTOCOL_TOR }, - { 0x5051F378, 32, NDPI_PROTOCOL_TOR }, - { 0x5051F3E2, 32, NDPI_PROTOCOL_TOR }, - { 0x5051F3EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5052D7D2, 32, NDPI_PROTOCOL_TOR }, - { 0x50555448, 32, NDPI_PROTOCOL_TOR }, - { 0x505554DE, 32, NDPI_PROTOCOL_TOR }, - { 0x505554F0, 32, NDPI_PROTOCOL_TOR }, - { 0x50565329, 32, NDPI_PROTOCOL_TOR }, - { 0x50565CB5, 32, NDPI_PROTOCOL_TOR }, - { 0x50565D80, 32, NDPI_PROTOCOL_TOR }, - { 0x5059C09E, 32, NDPI_PROTOCOL_TOR }, - { 0x505A2B81, 32, NDPI_PROTOCOL_TOR }, - { 0x505A2BDD, 32, NDPI_PROTOCOL_TOR }, - { 0x50631FF8, 32, NDPI_PROTOCOL_TOR }, - { 0x5063FE73, 32, NDPI_PROTOCOL_TOR }, - { 0x50642620, 32, NDPI_PROTOCOL_TOR }, - { 0x50642CDB, 32, NDPI_PROTOCOL_TOR }, - { 0x50642CFD, 32, NDPI_PROTOCOL_TOR }, - { 0x50642D9C, 32, NDPI_PROTOCOL_TOR }, - { 0x50648003, 32, NDPI_PROTOCOL_TOR }, - { 0x5064BD03, 32, NDPI_PROTOCOL_TOR }, - { 0x5064CC04, 32, NDPI_PROTOCOL_TOR }, - { 0x5064CE96, 32, NDPI_PROTOCOL_TOR }, - { 0x506573AA, 32, NDPI_PROTOCOL_TOR }, - { 0x506C8F13, 32, NDPI_PROTOCOL_TOR }, - { 0x506DA2EA, 32, NDPI_PROTOCOL_TOR }, - { 0x506DE134, 32, NDPI_PROTOCOL_TOR }, - { 0x506E2316, 32, NDPI_PROTOCOL_TOR }, - { 0x506E37C4, 32, NDPI_PROTOCOL_TOR }, - { 0x506FEC0F, 32, NDPI_PROTOCOL_TOR }, - { 0x50709921, 32, NDPI_PROTOCOL_TOR }, - { 0x5071010B, 32, NDPI_PROTOCOL_TOR }, - { 0x50743860, 32, NDPI_PROTOCOL_TOR }, - { 0x50764CC5, 32, NDPI_PROTOCOL_TOR }, - { 0x50807E83, 32, NDPI_PROTOCOL_TOR }, - { 0x50814072, 32, NDPI_PROTOCOL_TOR }, - { 0x50868F7F, 32, NDPI_PROTOCOL_TOR }, - { 0x5087E176, 32, NDPI_PROTOCOL_TOR }, - { 0x508874C1, 32, NDPI_PROTOCOL_TOR }, - { 0x50894240, 32, NDPI_PROTOCOL_TOR }, - { 0x508AEC03, 32, NDPI_PROTOCOL_TOR }, - { 0x508AEFF3, 32, NDPI_PROTOCOL_TOR }, - { 0x508B637B, 32, NDPI_PROTOCOL_TOR }, - { 0x508B727D, 32, NDPI_PROTOCOL_TOR }, - { 0x508C6003, 32, NDPI_PROTOCOL_TOR }, - { 0x508F6A3C, 32, NDPI_PROTOCOL_TOR }, - { 0x5093219D, 32, NDPI_PROTOCOL_TOR }, - { 0x509325F7, 32, NDPI_PROTOCOL_TOR }, - { 0x5098EF17, 32, NDPI_PROTOCOL_TOR }, - { 0x50990704, 32, NDPI_PROTOCOL_TOR }, - { 0x50A19C30, 32, NDPI_PROTOCOL_TOR }, - { 0x50A20720, 32, NDPI_PROTOCOL_TOR }, - { 0x50A32958, 32, NDPI_PROTOCOL_TOR }, - { 0x50A770EE, 32, NDPI_PROTOCOL_TOR }, - { 0x50AB1353, 32, NDPI_PROTOCOL_TOR }, - { 0x50AB285B, 32, NDPI_PROTOCOL_TOR }, - { 0x50C3B7F0, 32, NDPI_PROTOCOL_TOR }, - { 0x50CAAF5A, 32, NDPI_PROTOCOL_TOR }, - { 0x50CAEE20, 32, NDPI_PROTOCOL_TOR }, - { 0x50CB102E, 32, NDPI_PROTOCOL_TOR }, - { 0x50D4A2ED, 32, NDPI_PROTOCOL_TOR }, - { 0x50D87BFC, 32, NDPI_PROTOCOL_TOR }, - { 0x50DA9F57, 32, NDPI_PROTOCOL_TOR }, - { 0x50DAD94E, 32, NDPI_PROTOCOL_TOR }, - { 0x50DB0244, 32, NDPI_PROTOCOL_TOR }, - { 0x50DB8C29, 32, NDPI_PROTOCOL_TOR }, - { 0x50DC5274, 32, NDPI_PROTOCOL_TOR }, - { 0x50DCE66B, 32, NDPI_PROTOCOL_TOR }, - { 0x50DCF46B, 32, NDPI_PROTOCOL_TOR }, - { 0x50DFA940, 32, NDPI_PROTOCOL_TOR }, - { 0x50DFB670, 32, NDPI_PROTOCOL_TOR }, - { 0x50DFD0F6, 32, NDPI_PROTOCOL_TOR }, - { 0x50E500D2, 32, NDPI_PROTOCOL_TOR }, - { 0x50EDE24B, 32, NDPI_PROTOCOL_TOR }, - { 0x50EEE5A1, 32, NDPI_PROTOCOL_TOR }, - { 0x50F08096, 32, NDPI_PROTOCOL_TOR }, - { 0x50F080E9, 32, NDPI_PROTOCOL_TOR }, - { 0x50F086F6, 32, NDPI_PROTOCOL_TOR }, - { 0x50F08D97, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1D942, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DA9A, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DCDD, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DE24, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DE62, 32, NDPI_PROTOCOL_TOR }, - { 0x50F4F39E, 32, NDPI_PROTOCOL_TOR }, - { 0x50F63BE9, 32, NDPI_PROTOCOL_TOR }, - { 0x50F8D083, 32, NDPI_PROTOCOL_TOR }, - { 0x50FEDB30, 32, NDPI_PROTOCOL_TOR }, - { 0x50FF0BD3, 32, NDPI_PROTOCOL_TOR }, - { 0x50FF0BE0, 32, NDPI_PROTOCOL_TOR }, - { 0x50FF0BED, 32, NDPI_PROTOCOL_TOR }, - { 0x5102C521, 32, NDPI_PROTOCOL_TOR }, - { 0x5102ECA5, 32, NDPI_PROTOCOL_TOR }, - { 0x5104655D, 32, NDPI_PROTOCOL_TOR }, - { 0x5104676A, 32, NDPI_PROTOCOL_TOR }, - { 0x51046810, 32, NDPI_PROTOCOL_TOR }, - { 0x51046852, 32, NDPI_PROTOCOL_TOR }, - { 0x510469C0, 32, NDPI_PROTOCOL_TOR }, - { 0x51046B24, 32, NDPI_PROTOCOL_TOR }, - { 0x51046B44, 32, NDPI_PROTOCOL_TOR }, - { 0x51046BBE, 32, NDPI_PROTOCOL_TOR }, - { 0x51046BE3, 32, NDPI_PROTOCOL_TOR }, - { 0x51046CC7, 32, NDPI_PROTOCOL_TOR }, - { 0x51046D2F, 32, NDPI_PROTOCOL_TOR }, - { 0x51046D7D, 32, NDPI_PROTOCOL_TOR }, - { 0x51046DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x51046DFA, 32, NDPI_PROTOCOL_TOR }, - { 0x51046E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x51046E95, 32, NDPI_PROTOCOL_TOR }, - { 0x51046F6B, 32, NDPI_PROTOCOL_TOR }, - { 0x51047930, 32, NDPI_PROTOCOL_TOR }, - { 0x510479B4, 32, NDPI_PROTOCOL_TOR }, - { 0x510479DE, 32, NDPI_PROTOCOL_TOR }, - { 0x510479E0, 32, NDPI_PROTOCOL_TOR }, - { 0x510479F3, 32, NDPI_PROTOCOL_TOR }, - { 0x51047D81, 32, NDPI_PROTOCOL_TOR }, - { 0x51047E79, 32, NDPI_PROTOCOL_TOR }, - { 0x51070777, 32, NDPI_PROTOCOL_TOR }, - { 0x51070865, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A11, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A1D, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A1D, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A44, 32, NDPI_PROTOCOL_TOR }, - { 0x51070AFB, 32, NDPI_PROTOCOL_TOR }, - { 0x51070B46, 32, NDPI_PROTOCOL_TOR }, - { 0x51070BFD, 32, NDPI_PROTOCOL_TOR }, - { 0x51070D54, 32, NDPI_PROTOCOL_TOR }, - { 0x51070D5A, 32, NDPI_PROTOCOL_TOR }, - { 0x51070DF8, 32, NDPI_PROTOCOL_TOR }, - { 0x51070EF6, 32, NDPI_PROTOCOL_TOR }, - { 0x5107103B, 32, NDPI_PROTOCOL_TOR }, - { 0x510A9F12, 32, NDPI_PROTOCOL_TOR }, - { 0x511115F6, 32, NDPI_PROTOCOL_TOR }, - { 0x5114849E, 32, NDPI_PROTOCOL_TOR }, - { 0x51148B91, 32, NDPI_PROTOCOL_TOR }, - { 0x5115F642, 32, NDPI_PROTOCOL_TOR }, - { 0x511932A6, 32, NDPI_PROTOCOL_TOR }, - { 0x511CC585, 32, NDPI_PROTOCOL_TOR }, - { 0x511E9858, 32, NDPI_PROTOCOL_TOR }, - { 0x511E9858, 32, NDPI_PROTOCOL_TOR }, - { 0x511F5A52, 32, NDPI_PROTOCOL_TOR }, - { 0x513842D5, 32, NDPI_PROTOCOL_TOR }, - { 0x5139852A, 32, NDPI_PROTOCOL_TOR }, - { 0x5139D087, 32, NDPI_PROTOCOL_TOR }, - { 0x514080DE, 32, NDPI_PROTOCOL_TOR }, - { 0x5140E6FD, 32, NDPI_PROTOCOL_TOR }, - { 0x51475D6A, 32, NDPI_PROTOCOL_TOR }, - { 0x51533A04, 32, NDPI_PROTOCOL_TOR }, - { 0x51544C43, 32, NDPI_PROTOCOL_TOR }, - { 0x51569E1B, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C3, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C4, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C5, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C6, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C7, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C8, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C9, 32, NDPI_PROTOCOL_TOR }, - { 0x515900CA, 32, NDPI_PROTOCOL_TOR }, - { 0x515900CB, 32, NDPI_PROTOCOL_TOR }, - { 0x515900CC, 32, NDPI_PROTOCOL_TOR }, - { 0x51596058, 32, NDPI_PROTOCOL_TOR }, - { 0x51596059, 32, NDPI_PROTOCOL_TOR }, - { 0x51596535, 32, NDPI_PROTOCOL_TOR }, - { 0x515CACE7, 32, NDPI_PROTOCOL_TOR }, - { 0x515F0522, 32, NDPI_PROTOCOL_TOR }, - { 0x515F3444, 32, NDPI_PROTOCOL_TOR }, - { 0x5160DB54, 32, NDPI_PROTOCOL_TOR }, - { 0x5161B784, 32, NDPI_PROTOCOL_TOR }, - { 0x5163F715, 32, NDPI_PROTOCOL_TOR }, - { 0x51669B3F, 32, NDPI_PROTOCOL_TOR }, - { 0x5166F93D, 32, NDPI_PROTOCOL_TOR }, - { 0x516A0C3C, 32, NDPI_PROTOCOL_TOR }, - { 0x516B907F, 32, NDPI_PROTOCOL_TOR }, - { 0x516D69B6, 32, NDPI_PROTOCOL_TOR }, - { 0x51853556, 32, NDPI_PROTOCOL_TOR }, - { 0x518D6888, 32, NDPI_PROTOCOL_TOR }, - { 0x519840EA, 32, NDPI_PROTOCOL_TOR }, - { 0x519FC5DE, 32, NDPI_PROTOCOL_TOR }, - { 0x51A64037, 32, NDPI_PROTOCOL_TOR }, - { 0x51A98234, 32, NDPI_PROTOCOL_TOR }, - { 0x51A982D6, 32, NDPI_PROTOCOL_TOR }, - { 0x51A988CE, 32, NDPI_PROTOCOL_TOR }, - { 0x51A98D5C, 32, NDPI_PROTOCOL_TOR }, - { 0x51A98D5E, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9957C, 32, NDPI_PROTOCOL_TOR }, - { 0x51A99864, 32, NDPI_PROTOCOL_TOR }, - { 0x51A999A7, 32, NDPI_PROTOCOL_TOR }, - { 0x51A99F52, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9A86A, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9AFA4, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9B42B, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9B92C, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9D13A, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9D20B, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9D72F, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9FFEB, 32, NDPI_PROTOCOL_TOR }, - { 0x51AA95F0, 32, NDPI_PROTOCOL_TOR }, - { 0x51AAD96B, 32, NDPI_PROTOCOL_TOR }, - { 0x51AAFFB8, 32, NDPI_PROTOCOL_TOR }, - { 0x51AC174F, 32, NDPI_PROTOCOL_TOR }, - { 0x51ADF051, 32, NDPI_PROTOCOL_TOR }, - { 0x51AEE712, 32, NDPI_PROTOCOL_TOR }, - { 0x51B0E436, 32, NDPI_PROTOCOL_TOR }, - { 0x51B73F2E, 32, NDPI_PROTOCOL_TOR }, - { 0x51B8EB2B, 32, NDPI_PROTOCOL_TOR }, - { 0x51BAF377, 32, NDPI_PROTOCOL_TOR }, - { 0x51BB1C09, 32, NDPI_PROTOCOL_TOR }, - { 0x51BBD20D, 32, NDPI_PROTOCOL_TOR }, - { 0x51BF7137, 32, NDPI_PROTOCOL_TOR }, - { 0x51C93CED, 32, NDPI_PROTOCOL_TOR }, - { 0x51CB9655, 32, NDPI_PROTOCOL_TOR }, - { 0x51CD17DA, 32, NDPI_PROTOCOL_TOR }, - { 0x51D91056, 32, NDPI_PROTOCOL_TOR }, - { 0x51D974C6, 32, NDPI_PROTOCOL_TOR }, - { 0x51D987C8, 32, NDPI_PROTOCOL_TOR }, - { 0x51D99D5A, 32, NDPI_PROTOCOL_TOR }, - { 0x51DA5B9A, 32, NDPI_PROTOCOL_TOR }, - { 0x51DA6D6A, 32, NDPI_PROTOCOL_TOR }, - { 0x51DA6DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x51DAEBA2, 32, NDPI_PROTOCOL_TOR }, - { 0x51DB33CE, 32, NDPI_PROTOCOL_TOR }, - { 0x51DCA3CA, 32, NDPI_PROTOCOL_TOR }, - { 0x51DD555D, 32, NDPI_PROTOCOL_TOR }, - { 0x51DFD766, 32, NDPI_PROTOCOL_TOR }, - { 0x51E735A5, 32, NDPI_PROTOCOL_TOR }, - { 0x51E75573, 32, NDPI_PROTOCOL_TOR }, - { 0x51E7A4A1, 32, NDPI_PROTOCOL_TOR }, - { 0x51E7E226, 32, NDPI_PROTOCOL_TOR }, - { 0x51E9E3A1, 32, NDPI_PROTOCOL_TOR }, - { 0x51F285B4, 32, NDPI_PROTOCOL_TOR }, - { 0x51F6CAA9, 32, NDPI_PROTOCOL_TOR }, - { 0x51F777FC, 32, NDPI_PROTOCOL_TOR }, - { 0x52018046, 32, NDPI_PROTOCOL_TOR }, - { 0x5206BA74, 32, NDPI_PROTOCOL_TOR }, - { 0x5209EEF6, 32, NDPI_PROTOCOL_TOR }, - { 0x520CAF74, 32, NDPI_PROTOCOL_TOR }, - { 0x520DF0B2, 32, NDPI_PROTOCOL_TOR }, - { 0x5213FC52, 32, NDPI_PROTOCOL_TOR }, - { 0x52145714, 32, NDPI_PROTOCOL_TOR }, - { 0x52173C4E, 32, NDPI_PROTOCOL_TOR }, - { 0x5219BB97, 32, NDPI_PROTOCOL_TOR }, - { 0x521CC556, 32, NDPI_PROTOCOL_TOR }, - { 0x521E7362, 32, NDPI_PROTOCOL_TOR }, - { 0x521F29D7, 32, NDPI_PROTOCOL_TOR }, - { 0x52239D60, 32, NDPI_PROTOCOL_TOR }, - { 0x522BA860, 32, NDPI_PROTOCOL_TOR }, - { 0x522DB96B, 32, NDPI_PROTOCOL_TOR }, - { 0x522FE271, 32, NDPI_PROTOCOL_TOR }, - { 0x52303D0C, 32, NDPI_PROTOCOL_TOR }, - { 0x52343FD9, 32, NDPI_PROTOCOL_TOR }, - { 0x52424777, 32, NDPI_PROTOCOL_TOR }, - { 0x52449E7C, 32, NDPI_PROTOCOL_TOR }, - { 0x52450ECF, 32, NDPI_PROTOCOL_TOR }, - { 0x52453232, 32, NDPI_PROTOCOL_TOR }, - { 0x52462723, 32, NDPI_PROTOCOL_TOR }, - { 0x524805A4, 32, NDPI_PROTOCOL_TOR }, - { 0x52483D51, 32, NDPI_PROTOCOL_TOR }, - { 0x5248765A, 32, NDPI_PROTOCOL_TOR }, - { 0x52493309, 32, NDPI_PROTOCOL_TOR }, - { 0x5249DF9D, 32, NDPI_PROTOCOL_TOR }, - { 0x524A04F3, 32, NDPI_PROTOCOL_TOR }, - { 0x524C4802, 32, NDPI_PROTOCOL_TOR }, - { 0x52502163, 32, NDPI_PROTOCOL_TOR }, - { 0x525088B9, 32, NDPI_PROTOCOL_TOR }, - { 0x52532E63, 32, NDPI_PROTOCOL_TOR }, - { 0x525EF2DA, 32, NDPI_PROTOCOL_TOR }, - { 0x525EFBCB, 32, NDPI_PROTOCOL_TOR }, - { 0x525EFBCC, 32, NDPI_PROTOCOL_TOR }, - { 0x525EFBE3, 32, NDPI_PROTOCOL_TOR }, - { 0x525F42CB, 32, NDPI_PROTOCOL_TOR }, - { 0x525F6B33, 32, NDPI_PROTOCOL_TOR }, - { 0x525FEBF9, 32, NDPI_PROTOCOL_TOR }, - { 0x52624850, 32, NDPI_PROTOCOL_TOR }, - { 0x52668ED2, 32, NDPI_PROTOCOL_TOR }, - { 0x5270985F, 32, NDPI_PROTOCOL_TOR }, - { 0x52736339, 32, NDPI_PROTOCOL_TOR }, - { 0x52747803, 32, NDPI_PROTOCOL_TOR }, - { 0x52761386, 32, NDPI_PROTOCOL_TOR }, - { 0x5276F21E, 32, NDPI_PROTOCOL_TOR }, - { 0x5276F24F, 32, NDPI_PROTOCOL_TOR }, - { 0x527E663F, 32, NDPI_PROTOCOL_TOR }, - { 0x5280FFFC, 32, NDPI_PROTOCOL_TOR }, - { 0x52821A24, 32, NDPI_PROTOCOL_TOR }, - { 0x5282285C, 32, NDPI_PROTOCOL_TOR }, - { 0x52886403, 32, NDPI_PROTOCOL_TOR }, - { 0x528B5EFC, 32, NDPI_PROTOCOL_TOR }, - { 0x528B6271, 32, NDPI_PROTOCOL_TOR }, - { 0x52921BD1, 32, NDPI_PROTOCOL_TOR }, - { 0x529EEB26, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1321E, 32, NDPI_PROTOCOL_TOR }, - { 0x52A13526, 32, NDPI_PROTOCOL_TOR }, - { 0x52A15B0D, 32, NDPI_PROTOCOL_TOR }, - { 0x52A16D47, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1B614, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1D257, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1D4D1, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1DF89, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1EFB1, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1FCA2, 32, NDPI_PROTOCOL_TOR }, - { 0x52A41BE4, 32, NDPI_PROTOCOL_TOR }, - { 0x52A50F97, 32, NDPI_PROTOCOL_TOR }, - { 0x52A58E4F, 32, NDPI_PROTOCOL_TOR }, - { 0x52A5C581, 32, NDPI_PROTOCOL_TOR }, - { 0x52A898B2, 32, NDPI_PROTOCOL_TOR }, - { 0x52A92496, 32, NDPI_PROTOCOL_TOR }, - { 0x52A99B48, 32, NDPI_PROTOCOL_TOR }, - { 0x52B1EEF0, 32, NDPI_PROTOCOL_TOR }, - { 0x52B419BA, 32, NDPI_PROTOCOL_TOR }, - { 0x52B583A0, 32, NDPI_PROTOCOL_TOR }, - { 0x52B6B40F, 32, NDPI_PROTOCOL_TOR }, - { 0x52B70EC3, 32, NDPI_PROTOCOL_TOR }, - { 0x52C0F11E, 32, NDPI_PROTOCOL_TOR }, - { 0x52C409DF, 32, NDPI_PROTOCOL_TOR }, - { 0x52C40E41, 32, NDPI_PROTOCOL_TOR }, - { 0x52C5D42F, 32, NDPI_PROTOCOL_TOR }, - { 0x52C79B59, 32, NDPI_PROTOCOL_TOR }, - { 0x52C7C0A7, 32, NDPI_PROTOCOL_TOR }, - { 0x52CBC340, 32, NDPI_PROTOCOL_TOR }, - { 0x52D300C9, 32, NDPI_PROTOCOL_TOR }, - { 0x52D3138F, 32, NDPI_PROTOCOL_TOR }, - { 0x52D3C9BC, 32, NDPI_PROTOCOL_TOR }, - { 0x52D3DF03, 32, NDPI_PROTOCOL_TOR }, - { 0x52D8FE03, 32, NDPI_PROTOCOL_TOR }, - { 0x52D91190, 32, NDPI_PROTOCOL_TOR }, - { 0x52DB0959, 32, NDPI_PROTOCOL_TOR }, - { 0x52DC5914, 32, NDPI_PROTOCOL_TOR }, - { 0x52DD64C9, 32, NDPI_PROTOCOL_TOR }, - { 0x52DD6500, 32, NDPI_PROTOCOL_TOR }, - { 0x52DD693D, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF08FC, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF0A44, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF0B22, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF179B, 32, NDPI_PROTOCOL_TOR }, - { 0x52E08A09, 32, NDPI_PROTOCOL_TOR }, - { 0x52E33F62, 32, NDPI_PROTOCOL_TOR }, - { 0x52E4FC14, 32, NDPI_PROTOCOL_TOR }, - { 0x52E53CF5, 32, NDPI_PROTOCOL_TOR }, - { 0x52E58A1F, 32, NDPI_PROTOCOL_TOR }, - { 0x52E97597, 32, NDPI_PROTOCOL_TOR }, - { 0x52EA8DC5, 32, NDPI_PROTOCOL_TOR }, - { 0x52EBD32A, 32, NDPI_PROTOCOL_TOR }, - { 0x52EC7EF6, 32, NDPI_PROTOCOL_TOR }, - { 0x52EC89EB, 32, NDPI_PROTOCOL_TOR }, - { 0x52EDD8E9, 32, NDPI_PROTOCOL_TOR }, - { 0x52EED0AD, 32, NDPI_PROTOCOL_TOR }, - { 0x52EF14AE, 32, NDPI_PROTOCOL_TOR }, - { 0x52F1EC57, 32, NDPI_PROTOCOL_TOR }, - { 0x52F298D3, 32, NDPI_PROTOCOL_TOR }, - { 0x52F313CC, 32, NDPI_PROTOCOL_TOR }, - { 0x52F34F09, 32, NDPI_PROTOCOL_TOR }, - { 0x52F4B127, 32, NDPI_PROTOCOL_TOR }, - { 0x52F5C791, 32, NDPI_PROTOCOL_TOR }, - { 0x52F76775, 32, NDPI_PROTOCOL_TOR }, - { 0x52FA311C, 32, NDPI_PROTOCOL_TOR }, - { 0x5306C520, 32, NDPI_PROTOCOL_TOR }, - { 0x5306EE3D, 32, NDPI_PROTOCOL_TOR }, - { 0x531BFBEF, 32, NDPI_PROTOCOL_TOR }, - { 0x53244725, 32, NDPI_PROTOCOL_TOR }, - { 0x532CE6B0, 32, NDPI_PROTOCOL_TOR }, - { 0x5335F24A, 32, NDPI_PROTOCOL_TOR }, - { 0x5338EA93, 32, NDPI_PROTOCOL_TOR }, - { 0x53451C51, 32, NDPI_PROTOCOL_TOR }, - { 0x534C9E3E, 32, NDPI_PROTOCOL_TOR }, - { 0x534E1005, 32, NDPI_PROTOCOL_TOR }, - { 0x535269F0, 32, NDPI_PROTOCOL_TOR }, - { 0x5352C0E6, 32, NDPI_PROTOCOL_TOR }, - { 0x5352F4DB, 32, NDPI_PROTOCOL_TOR }, - { 0x53530B96, 32, NDPI_PROTOCOL_TOR }, - { 0x535352B4, 32, NDPI_PROTOCOL_TOR }, - { 0x53542E39, 32, NDPI_PROTOCOL_TOR }, - { 0x53556653, 32, NDPI_PROTOCOL_TOR }, - { 0x5355D16B, 32, NDPI_PROTOCOL_TOR }, - { 0x5355FC5B, 32, NDPI_PROTOCOL_TOR }, - { 0x5357C9F9, 32, NDPI_PROTOCOL_TOR }, - { 0x53591FF9, 32, NDPI_PROTOCOL_TOR }, - { 0x535D3740, 32, NDPI_PROTOCOL_TOR }, - { 0x53638E4F, 32, NDPI_PROTOCOL_TOR }, - { 0x53650553, 32, NDPI_PROTOCOL_TOR }, - { 0x5365431F, 32, NDPI_PROTOCOL_TOR }, - { 0x537560B2, 32, NDPI_PROTOCOL_TOR }, - { 0x53809409, 32, NDPI_PROTOCOL_TOR }, - { 0x5380C8F4, 32, NDPI_PROTOCOL_TOR }, - { 0x5382722D, 32, NDPI_PROTOCOL_TOR }, - { 0x53857F91, 32, NDPI_PROTOCOL_TOR }, - { 0x5386DFC1, 32, NDPI_PROTOCOL_TOR }, - { 0x5387F0D5, 32, NDPI_PROTOCOL_TOR }, - { 0x538C0BFC, 32, NDPI_PROTOCOL_TOR }, - { 0x538FDBD4, 32, NDPI_PROTOCOL_TOR }, - { 0x5390693A, 32, NDPI_PROTOCOL_TOR }, - { 0x5391EDE0, 32, NDPI_PROTOCOL_TOR }, - { 0x5391F1E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5391F3D7, 32, NDPI_PROTOCOL_TOR }, - { 0x539354E4, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C88, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C88, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C89, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C89, 32, NDPI_PROTOCOL_TOR }, - { 0x53957E1D, 32, NDPI_PROTOCOL_TOR }, - { 0x53957F8C, 32, NDPI_PROTOCOL_TOR }, - { 0x5395F9A5, 32, NDPI_PROTOCOL_TOR }, - { 0x5396023D, 32, NDPI_PROTOCOL_TOR }, - { 0x53961097, 32, NDPI_PROTOCOL_TOR }, - { 0x539610F4, 32, NDPI_PROTOCOL_TOR }, - { 0x53961184, 32, NDPI_PROTOCOL_TOR }, - { 0x5396527A, 32, NDPI_PROTOCOL_TOR }, - { 0x539C0058, 32, NDPI_PROTOCOL_TOR }, - { 0x53A05F63, 32, NDPI_PROTOCOL_TOR }, - { 0x53A19832, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2026F, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2BC64, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2C060, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2CD44, 32, NDPI_PROTOCOL_TOR }, - { 0x53A34DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x53A3C9A8, 32, NDPI_PROTOCOL_TOR }, - { 0x53A59347, 32, NDPI_PROTOCOL_TOR }, - { 0x53A6EA5C, 32, NDPI_PROTOCOL_TOR }, - { 0x53A6EA6C, 32, NDPI_PROTOCOL_TOR }, - { 0x53A7B923, 32, NDPI_PROTOCOL_TOR }, - { 0x53A7B964, 32, NDPI_PROTOCOL_TOR }, - { 0x53A7E46B, 32, NDPI_PROTOCOL_TOR }, - { 0x53A8C8CC, 32, NDPI_PROTOCOL_TOR }, - { 0x53A91607, 32, NDPI_PROTOCOL_TOR }, - { 0x53A92DE7, 32, NDPI_PROTOCOL_TOR }, - { 0x53AB9437, 32, NDPI_PROTOCOL_TOR }, - { 0x53ABBE6A, 32, NDPI_PROTOCOL_TOR }, - { 0x53AEFA7D, 32, NDPI_PROTOCOL_TOR }, - { 0x53D19271, 32, NDPI_PROTOCOL_TOR }, - { 0x53D454DF, 32, NDPI_PROTOCOL_TOR }, - { 0x53D460B7, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46270, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46344, 32, NDPI_PROTOCOL_TOR }, - { 0x53D4637B, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46612, 32, NDPI_PROTOCOL_TOR }, - { 0x53D4687C, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46891, 32, NDPI_PROTOCOL_TOR }, - { 0x53D47185, 32, NDPI_PROTOCOL_TOR }, - { 0x53D47ED3, 32, NDPI_PROTOCOL_TOR }, - { 0x53D4A8BA, 32, NDPI_PROTOCOL_TOR }, - { 0x53D8F8E0, 32, NDPI_PROTOCOL_TOR }, - { 0x53DE8DEB, 32, NDPI_PROTOCOL_TOR }, - { 0x53E2EEA8, 32, NDPI_PROTOCOL_TOR }, - { 0x53E334A8, 32, NDPI_PROTOCOL_TOR }, - { 0x53E45D4C, 32, NDPI_PROTOCOL_TOR }, - { 0x53E71225, 32, NDPI_PROTOCOL_TOR }, - { 0x53E941D6, 32, NDPI_PROTOCOL_TOR }, - { 0x53E98714, 32, NDPI_PROTOCOL_TOR }, - { 0x53E9A8E7, 32, NDPI_PROTOCOL_TOR }, - { 0x53ECD04E, 32, NDPI_PROTOCOL_TOR }, - { 0x53ED1577, 32, NDPI_PROTOCOL_TOR }, - { 0x53F03D90, 32, NDPI_PROTOCOL_TOR }, - { 0x53F042A6, 32, NDPI_PROTOCOL_TOR }, - { 0x53F077B0, 32, NDPI_PROTOCOL_TOR }, - { 0x53F65317, 32, NDPI_PROTOCOL_TOR }, - { 0x53F6A4BB, 32, NDPI_PROTOCOL_TOR }, - { 0x53F6D985, 32, NDPI_PROTOCOL_TOR }, - { 0x53F74E5A, 32, NDPI_PROTOCOL_TOR }, - { 0x53F80E85, 32, NDPI_PROTOCOL_TOR }, - { 0x53F88441, 32, NDPI_PROTOCOL_TOR }, - { 0x53F8A214, 32, NDPI_PROTOCOL_TOR }, - { 0x53F8B2D6, 32, NDPI_PROTOCOL_TOR }, - { 0x53F946BE, 32, NDPI_PROTOCOL_TOR }, - { 0x53FA5511, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB40E6, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB515D, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB5AA6, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB864C, 32, NDPI_PROTOCOL_TOR }, - { 0x53FD36CE, 32, NDPI_PROTOCOL_TOR }, - { 0x53FDBBDA, 32, NDPI_PROTOCOL_TOR }, - { 0x53FE5430, 32, NDPI_PROTOCOL_TOR }, - { 0x53FF6645, 32, NDPI_PROTOCOL_TOR }, - { 0x53FFCBAC, 32, NDPI_PROTOCOL_TOR }, - { 0x540A6F0A, 32, NDPI_PROTOCOL_TOR }, - { 0x5413B234, 32, NDPI_PROTOCOL_TOR }, - { 0x5413B3E5, 32, NDPI_PROTOCOL_TOR }, - { 0x5413B450, 32, NDPI_PROTOCOL_TOR }, - { 0x54162AF6, 32, NDPI_PROTOCOL_TOR }, - { 0x54191CBA, 32, NDPI_PROTOCOL_TOR }, - { 0x541B5EF7, 32, NDPI_PROTOCOL_TOR }, - { 0x541EBB28, 32, NDPI_PROTOCOL_TOR }, - { 0x541FC855, 32, NDPI_PROTOCOL_TOR }, - { 0x54284D55, 32, NDPI_PROTOCOL_TOR }, - { 0x542862BB, 32, NDPI_PROTOCOL_TOR }, - { 0x54287046, 32, NDPI_PROTOCOL_TOR }, - { 0x542AA5A2, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0A, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0C, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0D, 32, NDPI_PROTOCOL_TOR }, - { 0x542E3EBA, 32, NDPI_PROTOCOL_TOR }, - { 0x54303AC3, 32, NDPI_PROTOCOL_TOR }, - { 0x54321453, 32, NDPI_PROTOCOL_TOR }, - { 0x54380652, 32, NDPI_PROTOCOL_TOR }, - { 0x54382C54, 32, NDPI_PROTOCOL_TOR }, - { 0x5439BD00, 32, NDPI_PROTOCOL_TOR }, - { 0x543BE658, 32, NDPI_PROTOCOL_TOR }, - { 0x543C046D, 32, NDPI_PROTOCOL_TOR }, - { 0x544815A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5448B905, 32, NDPI_PROTOCOL_TOR }, - { 0x5448D5DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5448DFC7, 32, NDPI_PROTOCOL_TOR }, - { 0x544980C3, 32, NDPI_PROTOCOL_TOR }, - { 0x544A0BDE, 32, NDPI_PROTOCOL_TOR }, - { 0x544A7D55, 32, NDPI_PROTOCOL_TOR }, - { 0x544AACE8, 32, NDPI_PROTOCOL_TOR }, - { 0x544B0C49, 32, NDPI_PROTOCOL_TOR }, - { 0x5454D02F, 32, NDPI_PROTOCOL_TOR }, - { 0x545C18D5, 32, NDPI_PROTOCOL_TOR }, - { 0x545C18D6, 32, NDPI_PROTOCOL_TOR }, - { 0x545C6C78, 32, NDPI_PROTOCOL_TOR }, - { 0x54674A57, 32, NDPI_PROTOCOL_TOR }, - { 0x5468A93B, 32, NDPI_PROTOCOL_TOR }, - { 0x5469DCFF, 32, NDPI_PROTOCOL_TOR }, - { 0x546A4A9E, 32, NDPI_PROTOCOL_TOR }, - { 0x546CCDB5, 32, NDPI_PROTOCOL_TOR }, - { 0x5470EE3A, 32, NDPI_PROTOCOL_TOR }, - { 0x5470EE3A, 32, NDPI_PROTOCOL_TOR }, - { 0x54711102, 32, NDPI_PROTOCOL_TOR }, - { 0x5471F5B1, 32, NDPI_PROTOCOL_TOR }, - { 0x5472F1DF, 32, NDPI_PROTOCOL_TOR }, - { 0x54732E95, 32, NDPI_PROTOCOL_TOR }, - { 0x5475164A, 32, NDPI_PROTOCOL_TOR }, - { 0x54767531, 32, NDPI_PROTOCOL_TOR }, - { 0x547688FC, 32, NDPI_PROTOCOL_TOR }, - { 0x54779B30, 32, NDPI_PROTOCOL_TOR }, - { 0x5477EDED, 32, NDPI_PROTOCOL_TOR }, - { 0x547BB3B6, 32, NDPI_PROTOCOL_TOR }, - { 0x547D73EA, 32, NDPI_PROTOCOL_TOR }, - { 0x5481A36E, 32, NDPI_PROTOCOL_TOR }, - { 0x5481DC92, 32, NDPI_PROTOCOL_TOR }, - { 0x548524F3, 32, NDPI_PROTOCOL_TOR }, - { 0x548A010A, 32, NDPI_PROTOCOL_TOR }, - { 0x5493E1C8, 32, NDPI_PROTOCOL_TOR }, - { 0x54947094, 32, NDPI_PROTOCOL_TOR }, - { 0x5499DCA5, 32, NDPI_PROTOCOL_TOR }, - { 0x549CFEEC, 32, NDPI_PROTOCOL_TOR }, - { 0x549FE146, 32, NDPI_PROTOCOL_TOR }, - { 0x549FEA53, 32, NDPI_PROTOCOL_TOR }, - { 0x549FEA53, 32, NDPI_PROTOCOL_TOR }, - { 0x54A202DA, 32, NDPI_PROTOCOL_TOR }, - { 0x54AD608B, 32, NDPI_PROTOCOL_TOR }, - { 0x54AEB5BD, 32, NDPI_PROTOCOL_TOR }, - { 0x54AFCF54, 32, NDPI_PROTOCOL_TOR }, - { 0x54AFF159, 32, NDPI_PROTOCOL_TOR }, - { 0x54B35824, 32, NDPI_PROTOCOL_TOR }, - { 0x54B46D3C, 32, NDPI_PROTOCOL_TOR }, - { 0x54B67B82, 32, NDPI_PROTOCOL_TOR }, - { 0x54B75D03, 32, NDPI_PROTOCOL_TOR }, - { 0x54B77113, 32, NDPI_PROTOCOL_TOR }, - { 0x54B771CE, 32, NDPI_PROTOCOL_TOR }, - { 0x54B7F756, 32, NDPI_PROTOCOL_TOR }, - { 0x54BA9896, 32, NDPI_PROTOCOL_TOR }, - { 0x54BAD4B7, 32, NDPI_PROTOCOL_TOR }, - { 0x54C14BF3, 32, NDPI_PROTOCOL_TOR }, - { 0x54C80821, 32, NDPI_PROTOCOL_TOR }, - { 0x54C808AF, 32, NDPI_PROTOCOL_TOR }, - { 0x54C808CF, 32, NDPI_PROTOCOL_TOR }, - { 0x54C80AD1, 32, NDPI_PROTOCOL_TOR }, - { 0x54C849EE, 32, NDPI_PROTOCOL_TOR }, - { 0x54C84DF3, 32, NDPI_PROTOCOL_TOR }, - { 0x54C852A3, 32, NDPI_PROTOCOL_TOR }, - { 0x54C853D6, 32, NDPI_PROTOCOL_TOR }, - { 0x54C90487, 32, NDPI_PROTOCOL_TOR }, - { 0x54C923CE, 32, NDPI_PROTOCOL_TOR }, - { 0x54CA3612, 32, NDPI_PROTOCOL_TOR }, - { 0x54D08C30, 32, NDPI_PROTOCOL_TOR }, - { 0x54D10F3F, 32, NDPI_PROTOCOL_TOR }, - { 0x54D14924, 32, NDPI_PROTOCOL_TOR }, - { 0x54D358E2, 32, NDPI_PROTOCOL_TOR }, - { 0x54D7D347, 32, NDPI_PROTOCOL_TOR }, - { 0x54DBAAE7, 32, NDPI_PROTOCOL_TOR }, - { 0x54DBC1BA, 32, NDPI_PROTOCOL_TOR }, - { 0x54E26D6D, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B51, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B51, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B52, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B52, 32, NDPI_PROTOCOL_TOR }, - { 0x54F270BE, 32, NDPI_PROTOCOL_TOR }, - { 0x54F41F34, 32, NDPI_PROTOCOL_TOR }, - { 0x54F520C3, 32, NDPI_PROTOCOL_TOR }, - { 0x54F52108, 32, NDPI_PROTOCOL_TOR }, - { 0x54F8529C, 32, NDPI_PROTOCOL_TOR }, - { 0x54F86B2C, 32, NDPI_PROTOCOL_TOR }, - { 0x54F8805F, 32, NDPI_PROTOCOL_TOR }, - { 0x54F9C0D5, 32, NDPI_PROTOCOL_TOR }, - { 0x54FA6A0D, 32, NDPI_PROTOCOL_TOR }, - { 0x54FB736F, 32, NDPI_PROTOCOL_TOR }, - { 0x54FB7CF4, 32, NDPI_PROTOCOL_TOR }, - { 0x550180C4, 32, NDPI_PROTOCOL_TOR }, - { 0x5502F728, 32, NDPI_PROTOCOL_TOR }, - { 0x55037656, 32, NDPI_PROTOCOL_TOR }, - { 0x5504E453, 32, NDPI_PROTOCOL_TOR }, - { 0x55082B53, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC409, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC40C, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC6EC, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC8E6, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC92F, 32, NDPI_PROTOCOL_TOR }, - { 0x550ACA57, 32, NDPI_PROTOCOL_TOR }, - { 0x550ACB47, 32, NDPI_PROTOCOL_TOR }, - { 0x550ACBC5, 32, NDPI_PROTOCOL_TOR }, - { 0x550AD2C7, 32, NDPI_PROTOCOL_TOR }, - { 0x550AD335, 32, NDPI_PROTOCOL_TOR }, - { 0x550ADBA7, 32, NDPI_PROTOCOL_TOR }, - { 0x550AED68, 32, NDPI_PROTOCOL_TOR }, - { 0x550AF0FA, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF020, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF021, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF022, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF023, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5511185F, 32, NDPI_PROTOCOL_TOR }, - { 0x551184F5, 32, NDPI_PROTOCOL_TOR }, - { 0x551184F6, 32, NDPI_PROTOCOL_TOR }, - { 0x55118DAE, 32, NDPI_PROTOCOL_TOR }, - { 0x551194E6, 32, NDPI_PROTOCOL_TOR }, - { 0x5511A451, 32, NDPI_PROTOCOL_TOR }, - { 0x5511B149, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4D, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4D, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE52, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE53, 32, NDPI_PROTOCOL_TOR }, - { 0x5511F893, 32, NDPI_PROTOCOL_TOR }, - { 0x551590E2, 32, NDPI_PROTOCOL_TOR }, - { 0x5516679A, 32, NDPI_PROTOCOL_TOR }, - { 0x5517911A, 32, NDPI_PROTOCOL_TOR }, - { 0x5517F393, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D772, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D773, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D774, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D775, 32, NDPI_PROTOCOL_TOR }, - { 0x5519090B, 32, NDPI_PROTOCOL_TOR }, - { 0x55192D93, 32, NDPI_PROTOCOL_TOR }, - { 0x55192F35, 32, NDPI_PROTOCOL_TOR }, - { 0x55192FB4, 32, NDPI_PROTOCOL_TOR }, - { 0x5519305B, 32, NDPI_PROTOCOL_TOR }, - { 0x55195F5B, 32, NDPI_PROTOCOL_TOR }, - { 0x55195F95, 32, NDPI_PROTOCOL_TOR }, - { 0x55196777, 32, NDPI_PROTOCOL_TOR }, - { 0x5519829A, 32, NDPI_PROTOCOL_TOR }, - { 0x55198A5D, 32, NDPI_PROTOCOL_TOR }, - { 0x551995BF, 32, NDPI_PROTOCOL_TOR }, - { 0x55199678, 32, NDPI_PROTOCOL_TOR }, - { 0x5519994F, 32, NDPI_PROTOCOL_TOR }, - { 0x5519C155, 32, NDPI_PROTOCOL_TOR }, - { 0x5519C444, 32, NDPI_PROTOCOL_TOR }, - { 0x5519CB2A, 32, NDPI_PROTOCOL_TOR }, - { 0x5519D0C9, 32, NDPI_PROTOCOL_TOR }, - { 0x5519D256, 32, NDPI_PROTOCOL_TOR }, - { 0x551EA9E1, 32, NDPI_PROTOCOL_TOR }, - { 0x551EF8C1, 32, NDPI_PROTOCOL_TOR }, - { 0x551FBA5D, 32, NDPI_PROTOCOL_TOR }, - { 0x551FBAD3, 32, NDPI_PROTOCOL_TOR }, - { 0x551FBAFD, 32, NDPI_PROTOCOL_TOR }, - { 0x55455D2E, 32, NDPI_PROTOCOL_TOR }, - { 0x55496286, 32, NDPI_PROTOCOL_TOR }, - { 0x55510502, 32, NDPI_PROTOCOL_TOR }, - { 0x55513A3B, 32, NDPI_PROTOCOL_TOR }, - { 0x55580BF3, 32, NDPI_PROTOCOL_TOR }, - { 0x55581C88, 32, NDPI_PROTOCOL_TOR }, - { 0x555D1259, 32, NDPI_PROTOCOL_TOR }, - { 0x555DCBB6, 32, NDPI_PROTOCOL_TOR }, - { 0x555DDACC, 32, NDPI_PROTOCOL_TOR }, - { 0x55719152, 32, NDPI_PROTOCOL_TOR }, - { 0x55728560, 32, NDPI_PROTOCOL_TOR }, - { 0x55775204, 32, NDPI_PROTOCOL_TOR }, - { 0x5577532C, 32, NDPI_PROTOCOL_TOR }, - { 0x5577538D, 32, NDPI_PROTOCOL_TOR }, - { 0x557FC146, 32, NDPI_PROTOCOL_TOR }, - { 0x558DC913, 32, NDPI_PROTOCOL_TOR }, - { 0x558F5F32, 32, NDPI_PROTOCOL_TOR }, - { 0x5596D244, 32, NDPI_PROTOCOL_TOR }, - { 0x559F71E4, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD180, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD19A, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD2EF, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD337, 32, NDPI_PROTOCOL_TOR }, - { 0x55A452E7, 32, NDPI_PROTOCOL_TOR }, - { 0x55A8FF49, 32, NDPI_PROTOCOL_TOR }, - { 0x55A8FFCA, 32, NDPI_PROTOCOL_TOR }, - { 0x55AB1623, 32, NDPI_PROTOCOL_TOR }, - { 0x55B0BCF4, 32, NDPI_PROTOCOL_TOR }, - { 0x55B0E108, 32, NDPI_PROTOCOL_TOR }, - { 0x55B1669A, 32, NDPI_PROTOCOL_TOR }, - { 0x55B2425E, 32, NDPI_PROTOCOL_TOR }, - { 0x55B2CDC4, 32, NDPI_PROTOCOL_TOR }, - { 0x55B2F435, 32, NDPI_PROTOCOL_TOR }, - { 0x55B35A3B, 32, NDPI_PROTOCOL_TOR }, - { 0x55B42652, 32, NDPI_PROTOCOL_TOR }, - { 0x55B4F715, 32, NDPI_PROTOCOL_TOR }, - { 0x55C35D4D, 32, NDPI_PROTOCOL_TOR }, - { 0x55C51E77, 32, NDPI_PROTOCOL_TOR }, - { 0x55C6B4EF, 32, NDPI_PROTOCOL_TOR }, - { 0x55CAE1D1, 32, NDPI_PROTOCOL_TOR }, - { 0x55CC0B35, 32, NDPI_PROTOCOL_TOR }, - { 0x55D2AB44, 32, NDPI_PROTOCOL_TOR }, - { 0x55D408E8, 32, NDPI_PROTOCOL_TOR }, - { 0x55D414C0, 32, NDPI_PROTOCOL_TOR }, - { 0x55D42B5E, 32, NDPI_PROTOCOL_TOR }, - { 0x55D45466, 32, NDPI_PROTOCOL_TOR }, - { 0x55D610D4, 32, NDPI_PROTOCOL_TOR }, - { 0x55D617BC, 32, NDPI_PROTOCOL_TOR }, - { 0x55D61DD5, 32, NDPI_PROTOCOL_TOR }, - { 0x55D62891, 32, NDPI_PROTOCOL_TOR }, - { 0x55D62CAC, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6349C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D636FE, 32, NDPI_PROTOCOL_TOR }, - { 0x55D63E30, 32, NDPI_PROTOCOL_TOR }, - { 0x55D64469, 32, NDPI_PROTOCOL_TOR }, - { 0x55D646BC, 32, NDPI_PROTOCOL_TOR }, - { 0x55D64748, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6492C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D650F9, 32, NDPI_PROTOCOL_TOR }, - { 0x55D665E9, 32, NDPI_PROTOCOL_TOR }, - { 0x55D66C81, 32, NDPI_PROTOCOL_TOR }, - { 0x55D673D6, 32, NDPI_PROTOCOL_TOR }, - { 0x55D67EF9, 32, NDPI_PROTOCOL_TOR }, - { 0x55D680C7, 32, NDPI_PROTOCOL_TOR }, - { 0x55D68211, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6909F, 32, NDPI_PROTOCOL_TOR }, - { 0x55D69242, 32, NDPI_PROTOCOL_TOR }, - { 0x55D692DD, 32, NDPI_PROTOCOL_TOR }, - { 0x55D69748, 32, NDPI_PROTOCOL_TOR }, - { 0x55D69C1C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6C1EA, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6C3C6, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6CEDB, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6D38C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6DC01, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6E066, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6E20F, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6ECCF, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6F0DF, 32, NDPI_PROTOCOL_TOR }, - { 0x55D82298, 32, NDPI_PROTOCOL_TOR }, - { 0x55D84A33, 32, NDPI_PROTOCOL_TOR }, - { 0x55D85282, 32, NDPI_PROTOCOL_TOR }, - { 0x55D8EF08, 32, NDPI_PROTOCOL_TOR }, - { 0x55D96A51, 32, NDPI_PROTOCOL_TOR }, - { 0x55DA8B87, 32, NDPI_PROTOCOL_TOR }, - { 0x55DE7764, 32, NDPI_PROTOCOL_TOR }, - { 0x55E00DE3, 32, NDPI_PROTOCOL_TOR }, - { 0x55E23FF3, 32, NDPI_PROTOCOL_TOR }, - { 0x55E23FF3, 32, NDPI_PROTOCOL_TOR }, - { 0x55E272EC, 32, NDPI_PROTOCOL_TOR }, - { 0x55E3B85B, 32, NDPI_PROTOCOL_TOR }, - { 0x55E4C664, 32, NDPI_PROTOCOL_TOR }, - { 0x55E52799, 32, NDPI_PROTOCOL_TOR }, - { 0x55E56B0F, 32, NDPI_PROTOCOL_TOR }, - { 0x55E5DB15, 32, NDPI_PROTOCOL_TOR }, - { 0x55E6FB1B, 32, NDPI_PROTOCOL_TOR }, - { 0x55E9156D, 32, NDPI_PROTOCOL_TOR }, - { 0x55E92788, 32, NDPI_PROTOCOL_TOR }, - { 0x55E9EC02, 32, NDPI_PROTOCOL_TOR }, - { 0x55E9F05E, 32, NDPI_PROTOCOL_TOR }, - { 0x55EA0282, 32, NDPI_PROTOCOL_TOR }, - { 0x55F262DD, 32, NDPI_PROTOCOL_TOR }, - { 0x55F2F9AE, 32, NDPI_PROTOCOL_TOR }, - { 0x55F3CFC9, 32, NDPI_PROTOCOL_TOR }, - { 0x55F4D455, 32, NDPI_PROTOCOL_TOR }, - { 0x55F5023D, 32, NDPI_PROTOCOL_TOR }, - { 0x55FB5633, 32, NDPI_PROTOCOL_TOR }, - { 0x5600D6BA, 32, NDPI_PROTOCOL_TOR }, - { 0x56017832, 32, NDPI_PROTOCOL_TOR }, - { 0x5608E378, 32, NDPI_PROTOCOL_TOR }, - { 0x560DA7C3, 32, NDPI_PROTOCOL_TOR }, - { 0x56137EFA, 32, NDPI_PROTOCOL_TOR }, - { 0x5616F4E3, 32, NDPI_PROTOCOL_TOR }, - { 0x56187315, 32, NDPI_PROTOCOL_TOR }, - { 0x561BF297, 32, NDPI_PROTOCOL_TOR }, - { 0x562C1E07, 32, NDPI_PROTOCOL_TOR }, - { 0x5634AE44, 32, NDPI_PROTOCOL_TOR }, - { 0x5634AE44, 32, NDPI_PROTOCOL_TOR }, - { 0x56387108, 32, NDPI_PROTOCOL_TOR }, - { 0x5638E449, 32, NDPI_PROTOCOL_TOR }, - { 0x563A3DBE, 32, NDPI_PROTOCOL_TOR }, - { 0x563B1526, 32, NDPI_PROTOCOL_TOR }, - { 0x563B15A3, 32, NDPI_PROTOCOL_TOR }, - { 0x563B15FB, 32, NDPI_PROTOCOL_TOR }, - { 0x563B4616, 32, NDPI_PROTOCOL_TOR }, - { 0x563B7752, 32, NDPI_PROTOCOL_TOR }, - { 0x563B7753, 32, NDPI_PROTOCOL_TOR }, - { 0x563E75AB, 32, NDPI_PROTOCOL_TOR }, - { 0x5649B3AA, 32, NDPI_PROTOCOL_TOR }, - { 0x566187BA, 32, NDPI_PROTOCOL_TOR }, - { 0x56660386, 32, NDPI_PROTOCOL_TOR }, - { 0x56679157, 32, NDPI_PROTOCOL_TOR }, - { 0x5667972F, 32, NDPI_PROTOCOL_TOR }, - { 0x5667A17E, 32, NDPI_PROTOCOL_TOR }, - { 0x566A2A77, 32, NDPI_PROTOCOL_TOR }, - { 0x56791818, 32, NDPI_PROTOCOL_TOR }, - { 0x567B34BC, 32, NDPI_PROTOCOL_TOR }, - { 0x567EB91B, 32, NDPI_PROTOCOL_TOR }, - { 0x567FBE92, 32, NDPI_PROTOCOL_TOR }, - { 0x5681D4E1, 32, NDPI_PROTOCOL_TOR }, - { 0x5681D4E1, 32, NDPI_PROTOCOL_TOR }, - { 0x5697D436, 32, NDPI_PROTOCOL_TOR }, - { 0x569A0B2D, 32, NDPI_PROTOCOL_TOR }, - { 0x569BD0C5, 32, NDPI_PROTOCOL_TOR }, - { 0x569F0B08, 32, NDPI_PROTOCOL_TOR }, - { 0x56A1DCE0, 32, NDPI_PROTOCOL_TOR }, - { 0x56A2550C, 32, NDPI_PROTOCOL_TOR }, - { 0x56A27142, 32, NDPI_PROTOCOL_TOR }, - { 0x56AE29E4, 32, NDPI_PROTOCOL_TOR }, - { 0x56AF9CFB, 32, NDPI_PROTOCOL_TOR }, - { 0x56B00DD2, 32, NDPI_PROTOCOL_TOR }, - { 0x56B03E45, 32, NDPI_PROTOCOL_TOR }, - { 0x56B1719D, 32, NDPI_PROTOCOL_TOR }, - { 0x56B3ED06, 32, NDPI_PROTOCOL_TOR }, - { 0x56B43BD3, 32, NDPI_PROTOCOL_TOR }, - { 0x56B7FF53, 32, NDPI_PROTOCOL_TOR }, - { 0x56BABA50, 32, NDPI_PROTOCOL_TOR }, - { 0x56BDAAC7, 32, NDPI_PROTOCOL_TOR }, - { 0x56CDFD45, 32, NDPI_PROTOCOL_TOR }, - { 0x56D0805A, 32, NDPI_PROTOCOL_TOR }, - { 0x56D39F39, 32, NDPI_PROTOCOL_TOR }, - { 0x56D9692B, 32, NDPI_PROTOCOL_TOR }, - { 0x56EB2C1D, 32, NDPI_PROTOCOL_TOR }, - { 0x57214983, 32, NDPI_PROTOCOL_TOR }, - { 0x5740620E, 32, NDPI_PROTOCOL_TOR }, - { 0x5743BBE2, 32, NDPI_PROTOCOL_TOR }, - { 0x5743F359, 32, NDPI_PROTOCOL_TOR }, - { 0x574823EF, 32, NDPI_PROTOCOL_TOR }, - { 0x574849E7, 32, NDPI_PROTOCOL_TOR }, - { 0x574855D9, 32, NDPI_PROTOCOL_TOR }, - { 0x574855D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5748EFBB, 32, NDPI_PROTOCOL_TOR }, - { 0x574933FE, 32, NDPI_PROTOCOL_TOR }, - { 0x574A4C6A, 32, NDPI_PROTOCOL_TOR }, - { 0x574E6298, 32, NDPI_PROTOCOL_TOR }, - { 0x574F4F5E, 32, NDPI_PROTOCOL_TOR }, - { 0x574FA117, 32, NDPI_PROTOCOL_TOR }, - { 0x574FBE6A, 32, NDPI_PROTOCOL_TOR }, - { 0x574FE6A9, 32, NDPI_PROTOCOL_TOR }, - { 0x57518B76, 32, NDPI_PROTOCOL_TOR }, - { 0x5751943D, 32, NDPI_PROTOCOL_TOR }, - { 0x575C404F, 32, NDPI_PROTOCOL_TOR }, - { 0x575C7E3B, 32, NDPI_PROTOCOL_TOR }, - { 0x57628430, 32, NDPI_PROTOCOL_TOR }, - { 0x57629FE7, 32, NDPI_PROTOCOL_TOR }, - { 0x5762B23D, 32, NDPI_PROTOCOL_TOR }, - { 0x5762B905, 32, NDPI_PROTOCOL_TOR }, - { 0x5762CE46, 32, NDPI_PROTOCOL_TOR }, - { 0x5762FADE, 32, NDPI_PROTOCOL_TOR }, - { 0x5762FAF4, 32, NDPI_PROTOCOL_TOR }, - { 0x57660FD8, 32, NDPI_PROTOCOL_TOR }, - { 0x576837CB, 32, NDPI_PROTOCOL_TOR }, - { 0x57686A90, 32, NDPI_PROTOCOL_TOR }, - { 0x57688562, 32, NDPI_PROTOCOL_TOR }, - { 0x576A0364, 32, NDPI_PROTOCOL_TOR }, - { 0x576A0E9F, 32, NDPI_PROTOCOL_TOR }, - { 0x576A10D6, 32, NDPI_PROTOCOL_TOR }, - { 0x576A1108, 32, NDPI_PROTOCOL_TOR }, - { 0x576A120D, 32, NDPI_PROTOCOL_TOR }, - { 0x576A14F6, 32, NDPI_PROTOCOL_TOR }, - { 0x576A154D, 32, NDPI_PROTOCOL_TOR }, - { 0x576A20BA, 32, NDPI_PROTOCOL_TOR }, - { 0x576A2567, 32, NDPI_PROTOCOL_TOR }, - { 0x576A2FBE, 32, NDPI_PROTOCOL_TOR }, - { 0x576A3528, 32, NDPI_PROTOCOL_TOR }, - { 0x576A3786, 32, NDPI_PROTOCOL_TOR }, - { 0x576A8C18, 32, NDPI_PROTOCOL_TOR }, - { 0x576A945A, 32, NDPI_PROTOCOL_TOR }, - { 0x576ABDEE, 32, NDPI_PROTOCOL_TOR }, - { 0x576ABF5F, 32, NDPI_PROTOCOL_TOR }, - { 0x576ABF9D, 32, NDPI_PROTOCOL_TOR }, - { 0x576AD0EC, 32, NDPI_PROTOCOL_TOR }, - { 0x576AF976, 32, NDPI_PROTOCOL_TOR }, - { 0x576AF9F8, 32, NDPI_PROTOCOL_TOR }, - { 0x57706F89, 32, NDPI_PROTOCOL_TOR }, - { 0x5772AA67, 32, NDPI_PROTOCOL_TOR }, - { 0x5775DB84, 32, NDPI_PROTOCOL_TOR }, - { 0x5775DB8C, 32, NDPI_PROTOCOL_TOR }, - { 0x57765454, 32, NDPI_PROTOCOL_TOR }, - { 0x577654B5, 32, NDPI_PROTOCOL_TOR }, - { 0x577654F6, 32, NDPI_PROTOCOL_TOR }, - { 0x577658DB, 32, NDPI_PROTOCOL_TOR }, - { 0x57765B8C, 32, NDPI_PROTOCOL_TOR }, - { 0x57765D7A, 32, NDPI_PROTOCOL_TOR }, - { 0x57765EE7, 32, NDPI_PROTOCOL_TOR }, - { 0x577670AD, 32, NDPI_PROTOCOL_TOR }, - { 0x57767286, 32, NDPI_PROTOCOL_TOR }, - { 0x577674E3, 32, NDPI_PROTOCOL_TOR }, - { 0x5776760C, 32, NDPI_PROTOCOL_TOR }, - { 0x5777BA76, 32, NDPI_PROTOCOL_TOR }, - { 0x5779348B, 32, NDPI_PROTOCOL_TOR }, - { 0x57793492, 32, NDPI_PROTOCOL_TOR }, - { 0x57793497, 32, NDPI_PROTOCOL_TOR }, - { 0x577FA5F4, 32, NDPI_PROTOCOL_TOR }, - { 0x578B21D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5791BA0E, 32, NDPI_PROTOCOL_TOR }, - { 0x5792CEEC, 32, NDPI_PROTOCOL_TOR }, - { 0x57954623, 32, NDPI_PROTOCOL_TOR }, - { 0x57969A86, 32, NDPI_PROTOCOL_TOR }, - { 0x5796CE37, 32, NDPI_PROTOCOL_TOR }, - { 0x579737CB, 32, NDPI_PROTOCOL_TOR }, - { 0x5798EDA7, 32, NDPI_PROTOCOL_TOR }, - { 0x579B0B3B, 32, NDPI_PROTOCOL_TOR }, - { 0x579E1829, 32, NDPI_PROTOCOL_TOR }, - { 0x579E8E9E, 32, NDPI_PROTOCOL_TOR }, - { 0x579F41E5, 32, NDPI_PROTOCOL_TOR }, - { 0x579FA892, 32, NDPI_PROTOCOL_TOR }, - { 0x57A0D2C2, 32, NDPI_PROTOCOL_TOR }, - { 0x57A2CCAC, 32, NDPI_PROTOCOL_TOR }, - { 0x57A3F603, 32, NDPI_PROTOCOL_TOR }, - { 0x57A47E10, 32, NDPI_PROTOCOL_TOR }, - { 0x57A62B46, 32, NDPI_PROTOCOL_TOR }, - { 0x57A87901, 32, NDPI_PROTOCOL_TOR }, - { 0x57A97C46, 32, NDPI_PROTOCOL_TOR }, - { 0x57AC1458, 32, NDPI_PROTOCOL_TOR }, - { 0x57AE61DF, 32, NDPI_PROTOCOL_TOR }, - { 0x57AE69FB, 32, NDPI_PROTOCOL_TOR }, - { 0x57AEE582, 32, NDPI_PROTOCOL_TOR }, - { 0x57AEEF6C, 32, NDPI_PROTOCOL_TOR }, - { 0x57AEF49C, 32, NDPI_PROTOCOL_TOR }, - { 0x57B2A7F3, 32, NDPI_PROTOCOL_TOR }, - { 0x57B362F3, 32, NDPI_PROTOCOL_TOR }, - { 0x57B38736, 32, NDPI_PROTOCOL_TOR }, - { 0x57BA1D87, 32, NDPI_PROTOCOL_TOR }, - { 0x57BC52C0, 32, NDPI_PROTOCOL_TOR }, - { 0x57BC6D89, 32, NDPI_PROTOCOL_TOR }, - { 0x57BCC2CB, 32, NDPI_PROTOCOL_TOR }, - { 0x57BD56C4, 32, NDPI_PROTOCOL_TOR }, - { 0x57C1B3EE, 32, NDPI_PROTOCOL_TOR }, - { 0x57C1D00E, 32, NDPI_PROTOCOL_TOR }, - { 0x57C62255, 32, NDPI_PROTOCOL_TOR }, - { 0x57CBC2D4, 32, NDPI_PROTOCOL_TOR }, - { 0x57CFD9D4, 32, NDPI_PROTOCOL_TOR }, - { 0x57D430C9, 32, NDPI_PROTOCOL_TOR }, - { 0x57D8ABB3, 32, NDPI_PROTOCOL_TOR }, - { 0x57D93E0E, 32, NDPI_PROTOCOL_TOR }, - { 0x57DAA8EC, 32, NDPI_PROTOCOL_TOR }, - { 0x57E0D2F3, 32, NDPI_PROTOCOL_TOR }, - { 0x57E43BBD, 32, NDPI_PROTOCOL_TOR }, - { 0x57E611F5, 32, NDPI_PROTOCOL_TOR }, - { 0x57E6196D, 32, NDPI_PROTOCOL_TOR }, - { 0x57E619AC, 32, NDPI_PROTOCOL_TOR }, - { 0x57E6335F, 32, NDPI_PROTOCOL_TOR }, - { 0x57E64E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x57E70AEB, 32, NDPI_PROTOCOL_TOR }, - { 0x57E77410, 32, NDPI_PROTOCOL_TOR }, - { 0x57EC1B9B, 32, NDPI_PROTOCOL_TOR }, - { 0x57ECC3B9, 32, NDPI_PROTOCOL_TOR }, - { 0x57ECC7A9, 32, NDPI_PROTOCOL_TOR }, - { 0x57ECD389, 32, NDPI_PROTOCOL_TOR }, - { 0x57EFA26E, 32, NDPI_PROTOCOL_TOR }, - { 0x57F38E21, 32, NDPI_PROTOCOL_TOR }, - { 0x57F4FFDA, 32, NDPI_PROTOCOL_TOR }, - { 0x57FB8C5D, 32, NDPI_PROTOCOL_TOR }, - { 0x57FE635F, 32, NDPI_PROTOCOL_TOR }, - { 0x580F9CD8, 32, NDPI_PROTOCOL_TOR }, - { 0x5811212D, 32, NDPI_PROTOCOL_TOR }, - { 0x58401AEB, 32, NDPI_PROTOCOL_TOR }, - { 0x58404EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5840805B, 32, NDPI_PROTOCOL_TOR }, - { 0x58412604, 32, NDPI_PROTOCOL_TOR }, - { 0x5841F49C, 32, NDPI_PROTOCOL_TOR }, - { 0x5843639C, 32, NDPI_PROTOCOL_TOR }, - { 0x58458580, 32, NDPI_PROTOCOL_TOR }, - { 0x584862F4, 32, NDPI_PROTOCOL_TOR }, - { 0x584931A8, 32, NDPI_PROTOCOL_TOR }, - { 0x58493380, 32, NDPI_PROTOCOL_TOR }, - { 0x584C5C8E, 32, NDPI_PROTOCOL_TOR }, - { 0x584D2F56, 32, NDPI_PROTOCOL_TOR }, - { 0x584DC1AC, 32, NDPI_PROTOCOL_TOR }, - { 0x584DCB92, 32, NDPI_PROTOCOL_TOR }, - { 0x584E47B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5850B95D, 32, NDPI_PROTOCOL_TOR }, - { 0x5850D6BD, 32, NDPI_PROTOCOL_TOR }, - { 0x58526C1A, 32, NDPI_PROTOCOL_TOR }, - { 0x5856D7D5, 32, NDPI_PROTOCOL_TOR }, - { 0x58574E68, 32, NDPI_PROTOCOL_TOR }, - { 0x585BD594, 32, NDPI_PROTOCOL_TOR }, - { 0x58614DFF, 32, NDPI_PROTOCOL_TOR }, - { 0x58690051, 32, NDPI_PROTOCOL_TOR }, - { 0x58719D6B, 32, NDPI_PROTOCOL_TOR }, - { 0x58726D58, 32, NDPI_PROTOCOL_TOR }, - { 0x5872759B, 32, NDPI_PROTOCOL_TOR }, - { 0x5872E33E, 32, NDPI_PROTOCOL_TOR }, - { 0x587E6C2D, 32, NDPI_PROTOCOL_TOR }, - { 0x587F6026, 32, NDPI_PROTOCOL_TOR }, - { 0x588201AE, 32, NDPI_PROTOCOL_TOR }, - { 0x58823273, 32, NDPI_PROTOCOL_TOR }, - { 0x58864FB5, 32, NDPI_PROTOCOL_TOR }, - { 0x588678F8, 32, NDPI_PROTOCOL_TOR }, - { 0x58869115, 32, NDPI_PROTOCOL_TOR }, - { 0x58894FA1, 32, NDPI_PROTOCOL_TOR }, - { 0x58959A20, 32, NDPI_PROTOCOL_TOR }, - { 0x58982F2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5898FFF5, 32, NDPI_PROTOCOL_TOR }, - { 0x58996247, 32, NDPI_PROTOCOL_TOR }, - { 0x5899A4FF, 32, NDPI_PROTOCOL_TOR }, - { 0x5899AB6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5899B4A5, 32, NDPI_PROTOCOL_TOR }, - { 0x589F4697, 32, NDPI_PROTOCOL_TOR }, - { 0x589F53F4, 32, NDPI_PROTOCOL_TOR }, - { 0x58A3E58B, 32, NDPI_PROTOCOL_TOR }, - { 0x58A5F4A9, 32, NDPI_PROTOCOL_TOR }, - { 0x58A6C0B5, 32, NDPI_PROTOCOL_TOR }, - { 0x58A8F257, 32, NDPI_PROTOCOL_TOR }, - { 0x58B0042F, 32, NDPI_PROTOCOL_TOR }, - { 0x58B0B407, 32, NDPI_PROTOCOL_TOR }, - { 0x58B256CA, 32, NDPI_PROTOCOL_TOR }, - { 0x58B99B86, 32, NDPI_PROTOCOL_TOR }, - { 0x58B9E31D, 32, NDPI_PROTOCOL_TOR }, - { 0x58BA120C, 32, NDPI_PROTOCOL_TOR }, - { 0x58BB785A, 32, NDPI_PROTOCOL_TOR }, - { 0x58BBBAD8, 32, NDPI_PROTOCOL_TOR }, - { 0x58BBE53B, 32, NDPI_PROTOCOL_TOR }, - { 0x58BD8A61, 32, NDPI_PROTOCOL_TOR }, - { 0x58C3CF75, 32, NDPI_PROTOCOL_TOR }, - { 0x58C60910, 32, NDPI_PROTOCOL_TOR }, - { 0x58C61304, 32, NDPI_PROTOCOL_TOR }, - { 0x58C617B3, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6194C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6195C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C628A5, 32, NDPI_PROTOCOL_TOR }, - { 0x58C63352, 32, NDPI_PROTOCOL_TOR }, - { 0x58C63436, 32, NDPI_PROTOCOL_TOR }, - { 0x58C636D4, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6388C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C64689, 32, NDPI_PROTOCOL_TOR }, - { 0x58C664E6, 32, NDPI_PROTOCOL_TOR }, - { 0x58C664E8, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66D95, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66DE5, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66E98, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66F77, 32, NDPI_PROTOCOL_TOR }, - { 0x58C67565, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6789B, 32, NDPI_PROTOCOL_TOR }, - { 0x58C67FE6, 32, NDPI_PROTOCOL_TOR }, - { 0x58C682D4, 32, NDPI_PROTOCOL_TOR }, - { 0x58C69A70, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6A363, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6A364, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6AF4C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6C187, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6C259, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6C633, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6CFDE, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6D6E9, 32, NDPI_PROTOCOL_TOR }, - { 0x58C8F312, 32, NDPI_PROTOCOL_TOR }, - { 0x58CC71BD, 32, NDPI_PROTOCOL_TOR }, - { 0x58D0CD8A, 32, NDPI_PROTOCOL_TOR }, - { 0x58D90267, 32, NDPI_PROTOCOL_TOR }, - { 0x58D92CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x58D94FCA, 32, NDPI_PROTOCOL_TOR }, - { 0x58D98F35, 32, NDPI_PROTOCOL_TOR }, - { 0x58D9ABE1, 32, NDPI_PROTOCOL_TOR }, - { 0x58E44C31, 32, NDPI_PROTOCOL_TOR }, - { 0x59004F17, 32, NDPI_PROTOCOL_TOR }, - { 0x5900641C, 32, NDPI_PROTOCOL_TOR }, - { 0x5900878D, 32, NDPI_PROTOCOL_TOR }, - { 0x5900AD14, 32, NDPI_PROTOCOL_TOR }, - { 0x5900E463, 32, NDPI_PROTOCOL_TOR }, - { 0x5900E570, 32, NDPI_PROTOCOL_TOR }, - { 0x5900EA67, 32, NDPI_PROTOCOL_TOR }, - { 0x5900EC30, 32, NDPI_PROTOCOL_TOR }, - { 0x5900F2EF, 32, NDPI_PROTOCOL_TOR }, - { 0x5900F7A3, 32, NDPI_PROTOCOL_TOR }, - { 0x59039E31, 32, NDPI_PROTOCOL_TOR }, - { 0x590CF9FD, 32, NDPI_PROTOCOL_TOR }, - { 0x590D5330, 32, NDPI_PROTOCOL_TOR }, - { 0x590E57D6, 32, NDPI_PROTOCOL_TOR }, - { 0x590F649D, 32, NDPI_PROTOCOL_TOR }, - { 0x590F6BF1, 32, NDPI_PROTOCOL_TOR }, - { 0x590FC872, 32, NDPI_PROTOCOL_TOR }, - { 0x59108C47, 32, NDPI_PROTOCOL_TOR }, - { 0x5910B09E, 32, NDPI_PROTOCOL_TOR }, - { 0x59122A65, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AC8B, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AD29, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AE45, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AE56, 32, NDPI_PROTOCOL_TOR }, - { 0x5912BE6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5916602F, 32, NDPI_PROTOCOL_TOR }, - { 0x5916613A, 32, NDPI_PROTOCOL_TOR }, - { 0x591661C1, 32, NDPI_PROTOCOL_TOR }, - { 0x591B0DD9, 32, NDPI_PROTOCOL_TOR }, - { 0x591B4114, 32, NDPI_PROTOCOL_TOR }, - { 0x591B5146, 32, NDPI_PROTOCOL_TOR }, - { 0x591F3905, 32, NDPI_PROTOCOL_TOR }, - { 0x5924EB42, 32, NDPI_PROTOCOL_TOR }, - { 0x59284795, 32, NDPI_PROTOCOL_TOR }, - { 0x592E64A2, 32, NDPI_PROTOCOL_TOR }, - { 0x592E6524, 32, NDPI_PROTOCOL_TOR }, - { 0x592E65B5, 32, NDPI_PROTOCOL_TOR }, - { 0x59410727, 32, NDPI_PROTOCOL_TOR }, - { 0x59412546, 32, NDPI_PROTOCOL_TOR }, - { 0x59438C76, 32, NDPI_PROTOCOL_TOR }, - { 0x59438C76, 32, NDPI_PROTOCOL_TOR }, - { 0x5943B32A, 32, NDPI_PROTOCOL_TOR }, - { 0x5943FE26, 32, NDPI_PROTOCOL_TOR }, - { 0x5944BDD0, 32, NDPI_PROTOCOL_TOR }, - { 0x594669E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5949B1EC, 32, NDPI_PROTOCOL_TOR }, - { 0x5949D520, 32, NDPI_PROTOCOL_TOR }, - { 0x594A6CCE, 32, NDPI_PROTOCOL_TOR }, - { 0x594D88AE, 32, NDPI_PROTOCOL_TOR }, - { 0x5959FD25, 32, NDPI_PROTOCOL_TOR }, - { 0x5962E64C, 32, NDPI_PROTOCOL_TOR }, - { 0x59639B85, 32, NDPI_PROTOCOL_TOR }, - { 0x59669393, 32, NDPI_PROTOCOL_TOR }, - { 0x5967B502, 32, NDPI_PROTOCOL_TOR }, - { 0x5967B832, 32, NDPI_PROTOCOL_TOR }, - { 0x5969C582, 32, NDPI_PROTOCOL_TOR }, - { 0x596AF415, 32, NDPI_PROTOCOL_TOR }, - { 0x596C560B, 32, NDPI_PROTOCOL_TOR }, - { 0x596C58E3, 32, NDPI_PROTOCOL_TOR }, - { 0x596E9CF7, 32, NDPI_PROTOCOL_TOR }, - { 0x596F1444, 32, NDPI_PROTOCOL_TOR }, - { 0x5978777D, 32, NDPI_PROTOCOL_TOR }, - { 0x59829E95, 32, NDPI_PROTOCOL_TOR }, - { 0x59845CDA, 32, NDPI_PROTOCOL_TOR }, - { 0x5985A952, 32, NDPI_PROTOCOL_TOR }, - { 0x598619DA, 32, NDPI_PROTOCOL_TOR }, - { 0x59869680, 32, NDPI_PROTOCOL_TOR }, - { 0x59879056, 32, NDPI_PROTOCOL_TOR }, - { 0x598C623C, 32, NDPI_PROTOCOL_TOR }, - { 0x598E23D1, 32, NDPI_PROTOCOL_TOR }, - { 0x59910E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x599B990F, 32, NDPI_PROTOCOL_TOR }, - { 0x599C3EBE, 32, NDPI_PROTOCOL_TOR }, - { 0x599C5DDC, 32, NDPI_PROTOCOL_TOR }, - { 0x599ED03F, 32, NDPI_PROTOCOL_TOR }, - { 0x599F568B, 32, NDPI_PROTOCOL_TOR }, - { 0x59A0DE85, 32, NDPI_PROTOCOL_TOR }, - { 0x59A257B4, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3ABFA, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3B9BA, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3D14F, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3D14F, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3DD97, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3DD97, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E00A, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E0A8, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E0BB, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E31C, 32, NDPI_PROTOCOL_TOR }, - { 0x59A6EAF6, 32, NDPI_PROTOCOL_TOR }, - { 0x59A9A5E9, 32, NDPI_PROTOCOL_TOR }, - { 0x59B08CBE, 32, NDPI_PROTOCOL_TOR }, - { 0x59B08D09, 32, NDPI_PROTOCOL_TOR }, - { 0x59B34E19, 32, NDPI_PROTOCOL_TOR }, - { 0x59B37F7C, 32, NDPI_PROTOCOL_TOR }, - { 0x59B3F11E, 32, NDPI_PROTOCOL_TOR }, - { 0x59B891D7, 32, NDPI_PROTOCOL_TOR }, - { 0x59BA8F86, 32, NDPI_PROTOCOL_TOR }, - { 0x59BB8ED0, 32, NDPI_PROTOCOL_TOR }, - { 0x59BC6DD2, 32, NDPI_PROTOCOL_TOR }, - { 0x59BFC7F5, 32, NDPI_PROTOCOL_TOR }, - { 0x59CF8537, 32, NDPI_PROTOCOL_TOR }, - { 0x59CF8799, 32, NDPI_PROTOCOL_TOR }, - { 0x59E31A37, 32, NDPI_PROTOCOL_TOR }, - { 0x59E7763D, 32, NDPI_PROTOCOL_TOR }, - { 0x59EA8D65, 32, NDPI_PROTOCOL_TOR }, - { 0x59EA9DFE, 32, NDPI_PROTOCOL_TOR }, - { 0x59EA9DFE, 32, NDPI_PROTOCOL_TOR }, - { 0x59EE455D, 32, NDPI_PROTOCOL_TOR }, - { 0x59EE4D04, 32, NDPI_PROTOCOL_TOR }, - { 0x59EE4E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x59EEAC6C, 32, NDPI_PROTOCOL_TOR }, - { 0x59EFDAB4, 32, NDPI_PROTOCOL_TOR }, - { 0x59F8A679, 32, NDPI_PROTOCOL_TOR }, - { 0x59F8AC10, 32, NDPI_PROTOCOL_TOR }, - { 0x59F985A5, 32, NDPI_PROTOCOL_TOR }, - { 0x59FB968E, 32, NDPI_PROTOCOL_TOR }, - { 0x59FC0125, 32, NDPI_PROTOCOL_TOR }, - { 0x59FC028C, 32, NDPI_PROTOCOL_TOR }, - { 0x5A09C850, 32, NDPI_PROTOCOL_TOR }, - { 0x5A0A8BC7, 32, NDPI_PROTOCOL_TOR }, - { 0x5A0B5036, 32, NDPI_PROTOCOL_TOR }, - { 0x5A18B154, 32, NDPI_PROTOCOL_TOR }, - { 0x5A1B3C6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5A1D82F0, 32, NDPI_PROTOCOL_TOR }, - { 0x5A1D9B54, 32, NDPI_PROTOCOL_TOR }, - { 0x5A20BA49, 32, NDPI_PROTOCOL_TOR }, - { 0x5A28F78E, 32, NDPI_PROTOCOL_TOR }, - { 0x5A3CABF0, 32, NDPI_PROTOCOL_TOR }, - { 0x5A3FA178, 32, NDPI_PROTOCOL_TOR }, - { 0x5A914577, 32, NDPI_PROTOCOL_TOR }, - { 0x5A921D38, 32, NDPI_PROTOCOL_TOR }, - { 0x5A92B569, 32, NDPI_PROTOCOL_TOR }, - { 0x5A951B7A, 32, NDPI_PROTOCOL_TOR }, - { 0x5A95517A, 32, NDPI_PROTOCOL_TOR }, - { 0x5A9B17DA, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB0A48F, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB50D30, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB88EE0, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8A455, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8DE74, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8DE75, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8DE76, 32, NDPI_PROTOCOL_TOR }, - { 0x5AC04EC5, 32, NDPI_PROTOCOL_TOR }, - { 0x5ADB84FD, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE14054, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE150DB, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE1558C, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE2B287, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE4CA9F, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE7989F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B025570, 32, NDPI_PROTOCOL_TOR }, - { 0x5B02F637, 32, NDPI_PROTOCOL_TOR }, - { 0x5B041823, 32, NDPI_PROTOCOL_TOR }, - { 0x5B05878B, 32, NDPI_PROTOCOL_TOR }, - { 0x5B06757C, 32, NDPI_PROTOCOL_TOR }, - { 0x5B09C013, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0A081A, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0A45D7, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0A7B54, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0CD9A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0CEB4D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0D634C, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0E755F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0F4794, 32, NDPI_PROTOCOL_TOR }, - { 0x5B120251, 32, NDPI_PROTOCOL_TOR }, - { 0x5B129DE3, 32, NDPI_PROTOCOL_TOR }, - { 0x5B152C3D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B21CED5, 32, NDPI_PROTOCOL_TOR }, - { 0x5B225C74, 32, NDPI_PROTOCOL_TOR }, - { 0x5B25E831, 32, NDPI_PROTOCOL_TOR }, - { 0x5B265CAF, 32, NDPI_PROTOCOL_TOR }, - { 0x5B2C7D98, 32, NDPI_PROTOCOL_TOR }, - { 0x5B2DE1A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3249DA, 32, NDPI_PROTOCOL_TOR }, - { 0x5B334FF1, 32, NDPI_PROTOCOL_TOR }, - { 0x5B336B45, 32, NDPI_PROTOCOL_TOR }, - { 0x5B33E422, 32, NDPI_PROTOCOL_TOR }, - { 0x5B33FBDE, 32, NDPI_PROTOCOL_TOR }, - { 0x5B343F6F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B36DE01, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3B5350, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3D4574, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3D52E4, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3DF13E, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3EE54E, 32, NDPI_PROTOCOL_TOR }, - { 0x5B406D9B, 32, NDPI_PROTOCOL_TOR }, - { 0x5B406F83, 32, NDPI_PROTOCOL_TOR }, - { 0x5B40EADB, 32, NDPI_PROTOCOL_TOR }, - { 0x5B41538E, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4160F6, 32, NDPI_PROTOCOL_TOR }, - { 0x5B424E8B, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4254DB, 32, NDPI_PROTOCOL_TOR }, - { 0x5B42CC01, 32, NDPI_PROTOCOL_TOR }, - { 0x5B434C46, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4D127A, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4F6E29, 32, NDPI_PROTOCOL_TOR }, - { 0x5B52ED7F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B605C06, 32, NDPI_PROTOCOL_TOR }, - { 0x5B60BC9F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B614084, 32, NDPI_PROTOCOL_TOR }, - { 0x5B6DF7AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5B711952, 32, NDPI_PROTOCOL_TOR }, - { 0x5B77D141, 32, NDPI_PROTOCOL_TOR }, - { 0x5B77E5A1, 32, NDPI_PROTOCOL_TOR }, - { 0x5B790114, 32, NDPI_PROTOCOL_TOR }, - { 0x5B791043, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7915E0, 32, NDPI_PROTOCOL_TOR }, - { 0x5B791C40, 32, NDPI_PROTOCOL_TOR }, - { 0x5B794CCC, 32, NDPI_PROTOCOL_TOR }, - { 0x5B794CCF, 32, NDPI_PROTOCOL_TOR }, - { 0x5B795210, 32, NDPI_PROTOCOL_TOR }, - { 0x5B795219, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79545C, 32, NDPI_PROTOCOL_TOR }, - { 0x5B795582, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7964C8, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7968A8, 32, NDPI_PROTOCOL_TOR }, - { 0x5B796AB2, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79734F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B797422, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799255, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799275, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799341, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799FC4, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79A5DF, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79A698, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79A921, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79B857, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79C584, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79CF22, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79E9F2, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7A640D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7BC8A8, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7BC8EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7EFFCD, 32, NDPI_PROTOCOL_TOR }, - { 0x5B88A44D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B8A448F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B8A9B09, 32, NDPI_PROTOCOL_TOR }, - { 0x5B8C31D6, 32, NDPI_PROTOCOL_TOR }, - { 0x5B917635, 32, NDPI_PROTOCOL_TOR }, - { 0x5B927903, 32, NDPI_PROTOCOL_TOR }, - { 0x5B927A2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B95AD4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B9A9932, 32, NDPI_PROTOCOL_TOR }, - { 0x5B9BBD6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BB9C8DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5BB9E123, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBA2710, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBC7D80, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBDB576, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBE754D, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC2546A, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC25A27, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC25A67, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC7C54C, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC85544, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCA2D9C, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCBD4EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCDAD52, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCE8E46, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD05448, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD26A1B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD33ED4, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD5082B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD50854, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD50859, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD50874, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD508EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD508EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD508EC, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD6A8F0, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD6CB90, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD6CBE9, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBED13, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBED6E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDCF, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDDA, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDE5, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEEDD, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDCA33E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDD6F07, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDEDA85, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE09509, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE09521, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE0952D, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE09537, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE25911, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE434BA, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE49734, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE4B382, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE5141B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE6CCC6, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE8D912, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE97444, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEA1630, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEAE223, 32, NDPI_PROTOCOL_TOR }, - { 0x5BECEF87, 32, NDPI_PROTOCOL_TOR }, - { 0x5BECEF8C, 32, NDPI_PROTOCOL_TOR }, - { 0x5BED34AA, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEDF43E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEDF73E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEE3C64, 32, NDPI_PROTOCOL_TOR }, - { 0x5BF0E5C3, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFA7026, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFA73B9, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFAF20A, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFAF267, 32, NDPI_PROTOCOL_TOR }, - { 0x5C002464, 32, NDPI_PROTOCOL_TOR }, - { 0x5C0124D4, 32, NDPI_PROTOCOL_TOR }, - { 0x5C01DCB8, 32, NDPI_PROTOCOL_TOR }, - { 0x5C07A833, 32, NDPI_PROTOCOL_TOR }, - { 0x5C0A3BD5, 32, NDPI_PROTOCOL_TOR }, - { 0x5C0EC83C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C14074D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C14CB4C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C15F357, 32, NDPI_PROTOCOL_TOR }, - { 0x5C18851F, 32, NDPI_PROTOCOL_TOR }, - { 0x5C18851F, 32, NDPI_PROTOCOL_TOR }, - { 0x5C27F38B, 32, NDPI_PROTOCOL_TOR }, - { 0x5C27F62D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C2869CC, 32, NDPI_PROTOCOL_TOR }, - { 0x5C32581A, 32, NDPI_PROTOCOL_TOR }, - { 0x5C34249B, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3C05EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3C05EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3F582D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3F582F, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3F6E7C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAB2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FABCF, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAC96, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAE24, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAE46, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAE47, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAF05, 32, NDPI_PROTOCOL_TOR }, - { 0x5C484CE3, 32, NDPI_PROTOCOL_TOR }, - { 0x5C487B89, 32, NDPI_PROTOCOL_TOR }, - { 0x5C48FF4A, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4A357A, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4AE372, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4B0EC2, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4C7C06, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4CC040, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4D2D74, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4DB1FE, 32, NDPI_PROTOCOL_TOR }, - { 0x5C59AD55, 32, NDPI_PROTOCOL_TOR }, - { 0x5C5B7942, 32, NDPI_PROTOCOL_TOR }, - { 0x5C5B9C44, 32, NDPI_PROTOCOL_TOR }, - { 0x5C645773, 32, NDPI_PROTOCOL_TOR }, - { 0x5C647BD0, 32, NDPI_PROTOCOL_TOR }, - { 0x5C68349B, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6893A0, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6977C0, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6AE25D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6C364C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6C7829, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6D0707, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6F8E21, 32, NDPI_PROTOCOL_TOR }, - { 0x5C81AF11, 32, NDPI_PROTOCOL_TOR }, - { 0x5C83BD03, 32, NDPI_PROTOCOL_TOR }, - { 0x5C89D859, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC240C3, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC328D6, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC941B7, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC94BCD, 32, NDPI_PROTOCOL_TOR }, - { 0x5CCA214F, 32, NDPI_PROTOCOL_TOR }, - { 0x5CCD15C1, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD13085, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD3AE6A, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD6A588, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD6ADD8, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE016C, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0352, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0466, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE04B2, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0935, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0946, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1385, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1482, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1625, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1671, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE19E1, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1A24, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1A51, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1C5A, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1C8F, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1CF3, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1D22, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE2211, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE2643, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE27B7, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE2DC7, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE45BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE9993, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEA236, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEACE5, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEB57B, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEC022, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDECC60, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE09A94, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE0A09F, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE0B392, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE10C0D, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE169B5, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE389A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE4B19B, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE52412, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE59221, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE68415, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE86216, 32, NDPI_PROTOCOL_TOR }, - { 0x5CED16DA, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF31ED0, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF34569, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF3BC10, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF6147E, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF733A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF79DB0, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF96241, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF98F77, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF9BCF6, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFC2031, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFE18CB, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFE3951, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFEB874, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFFC311, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFFCF59, 32, NDPI_PROTOCOL_TOR }, - { 0x5D134D18, 32, NDPI_PROTOCOL_TOR }, - { 0x5D1F9BAF, 32, NDPI_PROTOCOL_TOR }, - { 0x5D328CAA, 32, NDPI_PROTOCOL_TOR }, - { 0x5D48650E, 32, NDPI_PROTOCOL_TOR }, - { 0x5D515FF8, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5A73BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5B3291, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5CCC06, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5E922B, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE37F, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE3F5, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE405, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE433, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE452, 32, NDPI_PROTOCOL_TOR }, - { 0x5D63058C, 32, NDPI_PROTOCOL_TOR }, - { 0x5D64A738, 32, NDPI_PROTOCOL_TOR }, - { 0x5D6797A7, 32, NDPI_PROTOCOL_TOR }, - { 0x5D688049, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68A671, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D13D, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D19E, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D3A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D4FD, 32, NDPI_PROTOCOL_TOR }, - { 0x5D73569C, 32, NDPI_PROTOCOL_TOR }, - { 0x5D735EF3, 32, NDPI_PROTOCOL_TOR }, - { 0x5D735EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5D73F102, 32, NDPI_PROTOCOL_TOR }, - { 0x5D760C01, 32, NDPI_PROTOCOL_TOR }, - { 0x5D7C3305, 32, NDPI_PROTOCOL_TOR }, - { 0x5D7E65DF, 32, NDPI_PROTOCOL_TOR }, - { 0x5D804CF1, 32, NDPI_PROTOCOL_TOR }, - { 0x5D81945A, 32, NDPI_PROTOCOL_TOR }, - { 0x5D8456CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5D84AC51, 32, NDPI_PROTOCOL_TOR }, - { 0x5D867771, 32, NDPI_PROTOCOL_TOR }, - { 0x5D8712F4, 32, NDPI_PROTOCOL_TOR }, - { 0x5D8BDD63, 32, NDPI_PROTOCOL_TOR }, - { 0x5D98C554, 32, NDPI_PROTOCOL_TOR }, - { 0x5D9C28A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5D9C4AEF, 32, NDPI_PROTOCOL_TOR }, - { 0x5DA33850, 32, NDPI_PROTOCOL_TOR }, - { 0x5DA7F5B2, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAE5A1E, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAE5D15, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAE5D3F, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAF0C52, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49A5E, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49C54, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49C63, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49D28, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49D9A, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB81566, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB842E3, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB9654C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB965AC, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB96DBF, 32, NDPI_PROTOCOL_TOR }, - { 0x5DBAC8D5, 32, NDPI_PROTOCOL_TOR }, - { 0x5DBCA2EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5DBF0D22, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC06F39, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC0AAC8, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC0CA0C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC16D99, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC2904C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC5E303, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC5F098, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC8C66B, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCBFB93, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCD0C3A, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCF14E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCF46AC, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD3F085, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD47CEB, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD71649, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD740AF, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDA6C31, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDB7692, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDC0F3B, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDC7449, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDCD36F, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDCEB0C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDF509D, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDFCC89, 32, NDPI_PROTOCOL_TOR }, - { 0x5DE44D4E, 32, NDPI_PROTOCOL_TOR }, - { 0x5DE62635, 32, NDPI_PROTOCOL_TOR }, - { 0x5DE95360, 32, NDPI_PROTOCOL_TOR }, - { 0x5E05D57B, 32, NDPI_PROTOCOL_TOR }, - { 0x5E09C10C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E104BE2, 32, NDPI_PROTOCOL_TOR }, - { 0x5E137BC2, 32, NDPI_PROTOCOL_TOR }, - { 0x5E160545, 32, NDPI_PROTOCOL_TOR }, - { 0x5E168F9E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E16A01D, 32, NDPI_PROTOCOL_TOR }, - { 0x5E170291, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1712A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17141C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1714BE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17194E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E171E35, 32, NDPI_PROTOCOL_TOR }, - { 0x5E172434, 32, NDPI_PROTOCOL_TOR }, - { 0x5E172599, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1730BA, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17360C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17381F, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1746DE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E175892, 32, NDPI_PROTOCOL_TOR }, - { 0x5E176919, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17A2E3, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17AB60, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17C221, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17C636, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17CCAF, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17D0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17D2A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17ECBB, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17FC1F, 32, NDPI_PROTOCOL_TOR }, - { 0x5E188C4A, 32, NDPI_PROTOCOL_TOR }, - { 0x5E22964B, 32, NDPI_PROTOCOL_TOR }, - { 0x5E29C2EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E2D3BF0, 32, NDPI_PROTOCOL_TOR }, - { 0x5E33CEA8, 32, NDPI_PROTOCOL_TOR }, - { 0x5E46889C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E4BCF64, 32, NDPI_PROTOCOL_TOR }, - { 0x5E4F89B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5E4FB906, 32, NDPI_PROTOCOL_TOR }, - { 0x5E6412A2, 32, NDPI_PROTOCOL_TOR }, - { 0x5E6635B1, 32, NDPI_PROTOCOL_TOR }, - { 0x5E663CAC, 32, NDPI_PROTOCOL_TOR }, - { 0x5E67AF55, 32, NDPI_PROTOCOL_TOR }, - { 0x5E716902, 32, NDPI_PROTOCOL_TOR }, - { 0x5E71E6DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5E7CF603, 32, NDPI_PROTOCOL_TOR }, - { 0x5E7EB201, 32, NDPI_PROTOCOL_TOR }, - { 0x5E878697, 32, NDPI_PROTOCOL_TOR }, - { 0x5E88612A, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8DACF0, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF18A, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF1F1, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF21E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF5CE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF5E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9B5D2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9ED927, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9FCE6E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9FDCF2, 32, NDPI_PROTOCOL_TOR }, - { 0x5EAE9EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB4D2CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB4D8D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB4E868, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB51414, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB95202, 32, NDPI_PROTOCOL_TOR }, - { 0x5EBC1C88, 32, NDPI_PROTOCOL_TOR }, - { 0x5EBC39EC, 32, NDPI_PROTOCOL_TOR }, - { 0x5EBEE03A, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC6440D, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC66247, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC66411, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC73365, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED0E3DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED2001C, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED2BE2C, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED3C0CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED61659, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED6179F, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED9C67E, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED9FE19, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDA142C, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDC49D6, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDD6472, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDD9651, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE19A57, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE4560B, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE4DEC0, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE6CB1F, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE72228, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF23915, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF23926, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239A4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239C4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239D4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF23A46, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2C6A4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2CC84, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2D178, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2D1F4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2DE1B, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2DED7, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F342, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F3A2, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F617, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F618, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FB70, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FC29, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FE51, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FE51, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FEBF, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF72982, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFD0E62, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFD4CD2, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFE1877, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFE30C2, 32, NDPI_PROTOCOL_TOR }, - { 0x5F122587, 32, NDPI_PROTOCOL_TOR }, - { 0x5F17F611, 32, NDPI_PROTOCOL_TOR }, - { 0x5F182884, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1931B0, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1BE179, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1C5963, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1EAD45, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1F1B6C, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1F2E02, 32, NDPI_PROTOCOL_TOR }, - { 0x5F25A84D, 32, NDPI_PROTOCOL_TOR }, - { 0x5F40CB0E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F477EE6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F480939, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4892AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F491AE8, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4931BA, 32, NDPI_PROTOCOL_TOR }, - { 0x5F49EB59, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4D914B, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4E3856, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4F19B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4F605F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4F89F8, 32, NDPI_PROTOCOL_TOR }, - { 0x5F500A2E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F52F5EA, 32, NDPI_PROTOCOL_TOR }, - { 0x5F549049, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5494AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F54C634, 32, NDPI_PROTOCOL_TOR }, - { 0x5F54C806, 32, NDPI_PROTOCOL_TOR }, - { 0x5F54D17E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F550367, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5503BF, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5505D3, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55075A, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5508E2, 32, NDPI_PROTOCOL_TOR }, - { 0x5F550A47, 32, NDPI_PROTOCOL_TOR }, - { 0x5F550E4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F551449, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55150E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5517BD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F552522, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55256F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F552673, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55271C, 32, NDPI_PROTOCOL_TOR }, - { 0x5F552A24, 32, NDPI_PROTOCOL_TOR }, - { 0x5F553605, 32, NDPI_PROTOCOL_TOR }, - { 0x5F553C17, 32, NDPI_PROTOCOL_TOR }, - { 0x5F594A54, 32, NDPI_PROTOCOL_TOR }, - { 0x5F599862, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5A0C37, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5B83B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F61A0CC, 32, NDPI_PROTOCOL_TOR }, - { 0x5F69A188, 32, NDPI_PROTOCOL_TOR }, - { 0x5F6A1BC6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F6D7A90, 32, NDPI_PROTOCOL_TOR }, - { 0x5F7008D0, 32, NDPI_PROTOCOL_TOR }, - { 0x5F71E203, 32, NDPI_PROTOCOL_TOR }, - { 0x5F72385D, 32, NDPI_PROTOCOL_TOR }, - { 0x5F741FDB, 32, NDPI_PROTOCOL_TOR }, - { 0x5F76808A, 32, NDPI_PROTOCOL_TOR }, - { 0x5F802BA4, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8137AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F81CD53, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820959, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820959, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820979, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8209BE, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820A0F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B05, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B0F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B2A, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B2E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B93, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820BA2, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820BAA, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820BD6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820C2F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820C77, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820F60, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820F61, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFB, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFC, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFE, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8387B3, 32, NDPI_PROTOCOL_TOR }, - { 0x5F83EA02, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8429AB, 32, NDPI_PROTOCOL_TOR }, - { 0x5F843460, 32, NDPI_PROTOCOL_TOR }, - { 0x5F851927, 32, NDPI_PROTOCOL_TOR }, - { 0x5F872D77, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8BE024, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8C2AB7, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8D5392, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8DE895, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8EA13F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8EAD12, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FACD4, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FACD6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FACF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FC191, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FE1C6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F91E0D0, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9A1849, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9A58FC, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9A6A86, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9D0C83, 32, NDPI_PROTOCOL_TOR }, - { 0x5FA01056, 32, NDPI_PROTOCOL_TOR }, - { 0x5FA9BC67, 32, NDPI_PROTOCOL_TOR }, - { 0x5FAAB5D0, 32, NDPI_PROTOCOL_TOR }, - { 0x5FACEC76, 32, NDPI_PROTOCOL_TOR }, - { 0x5FAEE547, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3079E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD31B0A, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD349ED, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3629F, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD38811, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD38A1B, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3A923, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3CD97, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3D865, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3DE93, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E1A7, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E408, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E59E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E781, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3F153, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD701B5, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C66, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C69, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C6E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C6F, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C7A, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C91, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CBA, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CBB, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CBD, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CC2, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CE8, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CF9, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D2F, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D41, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D44, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D80, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D8E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72DBC, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72DC5, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E24, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E54, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E5A, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E67, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E7B, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E96, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F75, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F80, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F8B, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F96, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FB1, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FBB, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FC7, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FCE, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FD8, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FF2, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDC69CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDC822D, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDE9C03, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDE9C04, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDEE336, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDFD887, 32, NDPI_PROTOCOL_TOR }, - { 0x5FEEE099, 32, NDPI_PROTOCOL_TOR }, - { 0x5FEFE676, 32, NDPI_PROTOCOL_TOR }, - { 0x601390C6, 32, NDPI_PROTOCOL_TOR }, - { 0x601CBD5E, 32, NDPI_PROTOCOL_TOR }, - { 0x601F430F, 32, NDPI_PROTOCOL_TOR }, - { 0x60210687, 32, NDPI_PROTOCOL_TOR }, - { 0x60238283, 32, NDPI_PROTOCOL_TOR }, - { 0x60253C3F, 32, NDPI_PROTOCOL_TOR }, - { 0x6028292D, 32, NDPI_PROTOCOL_TOR }, - { 0x60290DA2, 32, NDPI_PROTOCOL_TOR }, - { 0x6029718C, 32, NDPI_PROTOCOL_TOR }, - { 0x602A211B, 32, NDPI_PROTOCOL_TOR }, - { 0x602CBD64, 32, NDPI_PROTOCOL_TOR }, - { 0x602CBD65, 32, NDPI_PROTOCOL_TOR }, - { 0x602CBD66, 32, NDPI_PROTOCOL_TOR }, - { 0x602F411A, 32, NDPI_PROTOCOL_TOR }, - { 0x602FE214, 32, NDPI_PROTOCOL_TOR }, - { 0x602FE215, 32, NDPI_PROTOCOL_TOR }, - { 0x602FE216, 32, NDPI_PROTOCOL_TOR }, - { 0x602FEC7E, 32, NDPI_PROTOCOL_TOR }, - { 0x60303837, 32, NDPI_PROTOCOL_TOR }, - { 0x60341169, 32, NDPI_PROTOCOL_TOR }, - { 0x60362A0F, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6009, 32, NDPI_PROTOCOL_TOR }, - { 0x607E605A, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6688, 32, NDPI_PROTOCOL_TOR }, - { 0x607E69DB, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6E3C, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6E3C, 32, NDPI_PROTOCOL_TOR }, - { 0x607E76E3, 32, NDPI_PROTOCOL_TOR }, - { 0x607E7AA6, 32, NDPI_PROTOCOL_TOR }, - { 0x607E7F58, 32, NDPI_PROTOCOL_TOR }, - { 0x60E26D05, 32, NDPI_PROTOCOL_TOR }, - { 0x60E29C48, 32, NDPI_PROTOCOL_TOR }, - { 0x60E53297, 32, NDPI_PROTOCOL_TOR }, - { 0x60E6398D, 32, NDPI_PROTOCOL_TOR }, - { 0x60E85742, 32, NDPI_PROTOCOL_TOR }, - { 0x60E932CF, 32, NDPI_PROTOCOL_TOR }, - { 0x60EE056F, 32, NDPI_PROTOCOL_TOR }, - { 0x60EE23B4, 32, NDPI_PROTOCOL_TOR }, - { 0x60F19A42, 32, NDPI_PROTOCOL_TOR }, - { 0x60FA5604, 32, NDPI_PROTOCOL_TOR }, - { 0x60FD4E6B, 32, NDPI_PROTOCOL_TOR }, - { 0x60FF47C9, 32, NDPI_PROTOCOL_TOR }, - { 0x6155B286, 32, NDPI_PROTOCOL_TOR }, - { 0x61570E0F, 32, NDPI_PROTOCOL_TOR }, - { 0x61573D40, 32, NDPI_PROTOCOL_TOR }, - { 0x615D1FB9, 32, NDPI_PROTOCOL_TOR }, - { 0x615F20B2, 32, NDPI_PROTOCOL_TOR }, - { 0x61664AC2, 32, NDPI_PROTOCOL_TOR }, - { 0x61664F0E, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8418, 32, NDPI_PROTOCOL_TOR }, - { 0x616B867F, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8A44, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8B1C, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8B6C, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8E85, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8EDA, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8EEA, 32, NDPI_PROTOCOL_TOR }, - { 0x61761E24, 32, NDPI_PROTOCOL_TOR }, - { 0x62181813, 32, NDPI_PROTOCOL_TOR }, - { 0x62185496, 32, NDPI_PROTOCOL_TOR }, - { 0x621CA618, 32, NDPI_PROTOCOL_TOR }, - { 0x621CF5EC, 32, NDPI_PROTOCOL_TOR }, - { 0x6241C4D2, 32, NDPI_PROTOCOL_TOR }, - { 0x6245AA0A, 32, NDPI_PROTOCOL_TOR }, - { 0x626538B2, 32, NDPI_PROTOCOL_TOR }, - { 0x626D3882, 32, NDPI_PROTOCOL_TOR }, - { 0x626D7511, 32, NDPI_PROTOCOL_TOR }, - { 0x62726199, 32, NDPI_PROTOCOL_TOR }, - { 0x6274DF81, 32, NDPI_PROTOCOL_TOR }, - { 0x627C74C6, 32, NDPI_PROTOCOL_TOR }, - { 0x628E2F36, 32, NDPI_PROTOCOL_TOR }, - { 0x6296DFDD, 32, NDPI_PROTOCOL_TOR }, - { 0x629B1EED, 32, NDPI_PROTOCOL_TOR }, - { 0x629D1940, 32, NDPI_PROTOCOL_TOR }, - { 0x629D41CC, 32, NDPI_PROTOCOL_TOR }, - { 0x62B436C1, 32, NDPI_PROTOCOL_TOR }, - { 0x62B790F7, 32, NDPI_PROTOCOL_TOR }, - { 0x62C1C54A, 32, NDPI_PROTOCOL_TOR }, - { 0x62C774D0, 32, NDPI_PROTOCOL_TOR }, - { 0x62C925BF, 32, NDPI_PROTOCOL_TOR }, - { 0x62C99217, 32, NDPI_PROTOCOL_TOR }, - { 0x62CEB470, 32, NDPI_PROTOCOL_TOR }, - { 0x62CEB64E, 32, NDPI_PROTOCOL_TOR }, - { 0x62D2A4C6, 32, NDPI_PROTOCOL_TOR }, - { 0x62D6F355, 32, NDPI_PROTOCOL_TOR }, - { 0x62D8A86C, 32, NDPI_PROTOCOL_TOR }, - { 0x62D99D4C, 32, NDPI_PROTOCOL_TOR }, - { 0x62DA3282, 32, NDPI_PROTOCOL_TOR }, - { 0x62DA372F, 32, NDPI_PROTOCOL_TOR }, - { 0x62E0DAEE, 32, NDPI_PROTOCOL_TOR }, - { 0x62E7895E, 32, NDPI_PROTOCOL_TOR }, - { 0x62E818A7, 32, NDPI_PROTOCOL_TOR }, - { 0x62EC4BEC, 32, NDPI_PROTOCOL_TOR }, - { 0x62F5A7CC, 32, NDPI_PROTOCOL_TOR }, - { 0x62F62CE0, 32, NDPI_PROTOCOL_TOR }, - { 0x62F81DE9, 32, NDPI_PROTOCOL_TOR }, - { 0x62FC8D6B, 32, NDPI_PROTOCOL_TOR }, - { 0x62FFC9AB, 32, NDPI_PROTOCOL_TOR }, - { 0x630615BE, 32, NDPI_PROTOCOL_TOR }, - { 0x633F1919, 32, NDPI_PROTOCOL_TOR }, - { 0x635AD476, 32, NDPI_PROTOCOL_TOR }, - { 0x635F8924, 32, NDPI_PROTOCOL_TOR }, - { 0x6363E834, 32, NDPI_PROTOCOL_TOR }, - { 0x6366B2AD, 32, NDPI_PROTOCOL_TOR }, - { 0x63E1049C, 32, NDPI_PROTOCOL_TOR }, - { 0x63E4AB0B, 32, NDPI_PROTOCOL_TOR }, - { 0x63EA2BA0, 32, NDPI_PROTOCOL_TOR }, - { 0x6424B8E6, 32, NDPI_PROTOCOL_TOR }, - { 0x6425681C, 32, NDPI_PROTOCOL_TOR }, - { 0x65339B42, 32, NDPI_PROTOCOL_TOR }, - { 0x6562AEE2, 32, NDPI_PROTOCOL_TOR }, - { 0x65634096, 32, NDPI_PROTOCOL_TOR }, - { 0x658CD912, 32, NDPI_PROTOCOL_TOR }, - { 0x658EC26D, 32, NDPI_PROTOCOL_TOR }, - { 0x65B090B8, 32, NDPI_PROTOCOL_TOR }, - { 0x65BB0480, 32, NDPI_PROTOCOL_TOR }, - { 0x6706D5C6, 32, NDPI_PROTOCOL_TOR }, - { 0x670AC532, 32, NDPI_PROTOCOL_TOR }, - { 0x670AC764, 32, NDPI_PROTOCOL_TOR }, - { 0x67101A47, 32, NDPI_PROTOCOL_TOR }, - { 0x67193810, 32, NDPI_PROTOCOL_TOR }, - { 0x67298435, 32, NDPI_PROTOCOL_TOR }, - { 0x67F05B07, 32, NDPI_PROTOCOL_TOR }, - { 0x67FAB895, 32, NDPI_PROTOCOL_TOR }, - { 0x68091CA1, 32, NDPI_PROTOCOL_TOR }, - { 0x6820195D, 32, NDPI_PROTOCOL_TOR }, - { 0x68218AAE, 32, NDPI_PROTOCOL_TOR }, - { 0x6828018F, 32, NDPI_PROTOCOL_TOR }, - { 0x68288AA6, 32, NDPI_PROTOCOL_TOR }, - { 0x6829028B, 32, NDPI_PROTOCOL_TOR }, - { 0x68311642, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6B, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6B, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x6880AB3E, 32, NDPI_PROTOCOL_TOR }, - { 0x6880E1CB, 32, NDPI_PROTOCOL_TOR }, - { 0x68821999, 32, NDPI_PROTOCOL_TOR }, - { 0x68830974, 32, NDPI_PROTOCOL_TOR }, - { 0x68830C8B, 32, NDPI_PROTOCOL_TOR }, - { 0x68830EAF, 32, NDPI_PROTOCOL_TOR }, - { 0x68831377, 32, NDPI_PROTOCOL_TOR }, - { 0x68831C36, 32, NDPI_PROTOCOL_TOR }, - { 0x68831E06, 32, NDPI_PROTOCOL_TOR }, - { 0x688322AA, 32, NDPI_PROTOCOL_TOR }, - { 0x688322AC, 32, NDPI_PROTOCOL_TOR }, - { 0x68832D66, 32, NDPI_PROTOCOL_TOR }, - { 0x6883335D, 32, NDPI_PROTOCOL_TOR }, - { 0x6883378D, 32, NDPI_PROTOCOL_TOR }, - { 0x688337B8, 32, NDPI_PROTOCOL_TOR }, - { 0x6883387F, 32, NDPI_PROTOCOL_TOR }, - { 0x68833A42, 32, NDPI_PROTOCOL_TOR }, - { 0x68833F50, 32, NDPI_PROTOCOL_TOR }, - { 0x68833F8F, 32, NDPI_PROTOCOL_TOR }, - { 0x688341E1, 32, NDPI_PROTOCOL_TOR }, - { 0x688342C2, 32, NDPI_PROTOCOL_TOR }, - { 0x68834956, 32, NDPI_PROTOCOL_TOR }, - { 0x68834ACF, 32, NDPI_PROTOCOL_TOR }, - { 0x68835F18, 32, NDPI_PROTOCOL_TOR }, - { 0x68836C07, 32, NDPI_PROTOCOL_TOR }, - { 0x68836ED5, 32, NDPI_PROTOCOL_TOR }, - { 0x6883722B, 32, NDPI_PROTOCOL_TOR }, - { 0x68837248, 32, NDPI_PROTOCOL_TOR }, - { 0x688375E7, 32, NDPI_PROTOCOL_TOR }, - { 0x68837B10, 32, NDPI_PROTOCOL_TOR }, - { 0x68837D54, 32, NDPI_PROTOCOL_TOR }, - { 0x6883811E, 32, NDPI_PROTOCOL_TOR }, - { 0x68838182, 32, NDPI_PROTOCOL_TOR }, - { 0x6883862F, 32, NDPI_PROTOCOL_TOR }, - { 0x68839A74, 32, NDPI_PROTOCOL_TOR }, - { 0x6883A6F3, 32, NDPI_PROTOCOL_TOR }, - { 0x6883AC2E, 32, NDPI_PROTOCOL_TOR }, - { 0x6883B5AE, 32, NDPI_PROTOCOL_TOR }, - { 0x6883CC93, 32, NDPI_PROTOCOL_TOR }, - { 0x6883CE17, 32, NDPI_PROTOCOL_TOR }, - { 0x6883D523, 32, NDPI_PROTOCOL_TOR }, - { 0x6883E7F1, 32, NDPI_PROTOCOL_TOR }, - { 0x6883F0A8, 32, NDPI_PROTOCOL_TOR }, - { 0x6883F537, 32, NDPI_PROTOCOL_TOR }, - { 0x689C39C7, 32, NDPI_PROTOCOL_TOR }, - { 0x689C6F36, 32, NDPI_PROTOCOL_TOR }, - { 0x689CE01C, 32, NDPI_PROTOCOL_TOR }, - { 0x689CE053, 32, NDPI_PROTOCOL_TOR }, - { 0x689CEE74, 32, NDPI_PROTOCOL_TOR }, - { 0x689CFD47, 32, NDPI_PROTOCOL_TOR }, - { 0x68A2167C, 32, NDPI_PROTOCOL_TOR }, - { 0x68A762FD, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76304, 32, NDPI_PROTOCOL_TOR }, - { 0x68A7630C, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76458, 32, NDPI_PROTOCOL_TOR }, - { 0x68A764A8, 32, NDPI_PROTOCOL_TOR }, - { 0x68A766F4, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76734, 32, NDPI_PROTOCOL_TOR }, - { 0x68A7695C, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76A2D, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76B8E, 32, NDPI_PROTOCOL_TOR }, - { 0x68A823A8, 32, NDPI_PROTOCOL_TOR }, - { 0x68AE61BA, 32, NDPI_PROTOCOL_TOR }, - { 0x68C81056, 32, NDPI_PROTOCOL_TOR }, - { 0x68C81056, 32, NDPI_PROTOCOL_TOR }, - { 0x68C812B6, 32, NDPI_PROTOCOL_TOR }, - { 0x68C812B6, 32, NDPI_PROTOCOL_TOR }, - { 0x68C8148E, 32, NDPI_PROTOCOL_TOR }, - { 0x68C81841, 32, NDPI_PROTOCOL_TOR }, - { 0x68CEC114, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF802A, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF846D, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF84C9, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF92C8, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF940C, 32, NDPI_PROTOCOL_TOR }, - { 0x68DBB8A6, 32, NDPI_PROTOCOL_TOR }, - { 0x68DD4C83, 32, NDPI_PROTOCOL_TOR }, - { 0x68E0AF68, 32, NDPI_PROTOCOL_TOR }, - { 0x68E80163, 32, NDPI_PROTOCOL_TOR }, - { 0x68E80321, 32, NDPI_PROTOCOL_TOR }, - { 0x68E80323, 32, NDPI_PROTOCOL_TOR }, - { 0x68EADC47, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC0067, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC0658, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC084A, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC1197, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC191C, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC239C, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC26E7, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC27DB, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC2CD2, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC323E, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC3672, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC5353, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC5629, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC575A, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC5DE1, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC6452, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC6E0D, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC8E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC95F9, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECAE0E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECB3DA, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECB3F0, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECB847, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECD5C1, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECE860, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECFDEC, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8054, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8134, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8134, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED814E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED818E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED818E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED834B, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED834B, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED836B, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8D6D, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8DC1, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED98C3, 32, NDPI_PROTOCOL_TOR }, - { 0x68F44B5B, 32, NDPI_PROTOCOL_TOR }, - { 0x68F4DFCC, 32, NDPI_PROTOCOL_TOR }, - { 0x68F5274A, 32, NDPI_PROTOCOL_TOR }, - { 0x68FBD208, 32, NDPI_PROTOCOL_TOR }, - { 0x699551A4, 32, NDPI_PROTOCOL_TOR }, - { 0x699AB5D4, 32, NDPI_PROTOCOL_TOR }, - { 0x69EDDE72, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91C19, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91C71, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91C71, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91CAA, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91D5D, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91EEE, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91F81, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91F81, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB92697, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB9273A, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB9273A, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB930D6, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB930D6, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA109A, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1228, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA12F2, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1892, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA18FE, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1C21, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1D04, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1D2A, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1E34, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA7229, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA7541, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA7541, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB23EC, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB24B7, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB259E, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB259E, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB26C6, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2974, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2B6E, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2D9C, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2F11, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB3444, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB37EF, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB5EFE, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB5EFE, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB60FA, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB6773, 32, NDPI_PROTOCOL_TOR }, - { 0x6B021E0D, 32, NDPI_PROTOCOL_TOR }, - { 0x6B060491, 32, NDPI_PROTOCOL_TOR }, - { 0x6B14B34B, 32, NDPI_PROTOCOL_TOR }, - { 0x6B812529, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9614F1, 32, NDPI_PROTOCOL_TOR }, - { 0x6B961BC8, 32, NDPI_PROTOCOL_TOR }, - { 0x6B961F6B, 32, NDPI_PROTOCOL_TOR }, - { 0x6B962336, 32, NDPI_PROTOCOL_TOR }, - { 0x6B96268A, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9635B2, 32, NDPI_PROTOCOL_TOR }, - { 0x6B96AA3A, 32, NDPI_PROTOCOL_TOR }, - { 0x6B988F3E, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9B748F, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF15, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF15, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF16, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF16, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA150C3, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA151BB, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA151D0, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA154B9, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA19E11, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA1B357, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA2047, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA3234, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA330E, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA41C5, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA4E2A, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA4F93, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5C89, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5CED, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5D0D, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5D20, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5D75, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA60EB, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA676F, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA6CDE, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA72CC, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA78D6, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA8F75, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA9607, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA9950, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA9ED4, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAABC9B, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAC021, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAC442, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAACC21, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAE84B, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAF57F, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAF6CC, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAF721, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAFBB6, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB5A60B, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB5AE16, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB613F9, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB68374, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB68388, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB683CF, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB683D3, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF2C9A, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF2ECC, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF3FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF6245, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF6CCB, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF7EB8, 32, NDPI_PROTOCOL_TOR }, - { 0x6BC4142E, 32, NDPI_PROTOCOL_TOR }, - { 0x6BCB324B, 32, NDPI_PROTOCOL_TOR }, - { 0x6C009C8F, 32, NDPI_PROTOCOL_TOR }, - { 0x6C00C1EF, 32, NDPI_PROTOCOL_TOR }, - { 0x6C00CFF0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C00DF0E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C071024, 32, NDPI_PROTOCOL_TOR }, - { 0x6C0724B4, 32, NDPI_PROTOCOL_TOR }, - { 0x6C0CB2EB, 32, NDPI_PROTOCOL_TOR }, - { 0x6C0E531F, 32, NDPI_PROTOCOL_TOR }, - { 0x6C137138, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1D6B46, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1D75F5, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1E388E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1E3970, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1F2805, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1FDC6E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C203114, 32, NDPI_PROTOCOL_TOR }, - { 0x6C2D5D5E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C309E93, 32, NDPI_PROTOCOL_TOR }, - { 0x6C32EBB6, 32, NDPI_PROTOCOL_TOR }, - { 0x6C33B8DC, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3504D1, 32, NDPI_PROTOCOL_TOR }, - { 0x6C35822A, 32, NDPI_PROTOCOL_TOR }, - { 0x6C36A4AF, 32, NDPI_PROTOCOL_TOR }, - { 0x6C38BD9D, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3A90E8, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3B02D0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3B0BE1, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA16F, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA1E3, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA457, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA539, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA646, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA6C7, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA7F0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA82C, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB16E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB1C3, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB22E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB233, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB2D8, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB3D8, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB691, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB6EC, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB91A, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB988, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DBCB4, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC563, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC6A6, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC6CF, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC7B0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC7CA, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD0AB, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD150, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD27B, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD35E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD466, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DF237, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DFB84, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DFCED, 32, NDPI_PROTOCOL_TOR }, - { 0x6C45A572, 32, NDPI_PROTOCOL_TOR }, - { 0x6C59AF93, 32, NDPI_PROTOCOL_TOR }, - { 0x6C6FAA05, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA6A1BA, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA6A89E, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA6A8A7, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA8033C, 32, NDPI_PROTOCOL_TOR }, - { 0x6CAA8A76, 32, NDPI_PROTOCOL_TOR }, - { 0x6CB49FFC, 32, NDPI_PROTOCOL_TOR }, - { 0x6CB9E23E, 32, NDPI_PROTOCOL_TOR }, - { 0x6CCC2E0E, 32, NDPI_PROTOCOL_TOR }, - { 0x6CD0E579, 32, NDPI_PROTOCOL_TOR }, - { 0x6CD20668, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF0B68C, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF72296, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF7F4CC, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF857F2, 32, NDPI_PROTOCOL_TOR }, - { 0x6D00AA2D, 32, NDPI_PROTOCOL_TOR }, - { 0x6D00DC98, 32, NDPI_PROTOCOL_TOR }, - { 0x6D163429, 32, NDPI_PROTOCOL_TOR }, - { 0x6D44AE3C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D44BF85, 32, NDPI_PROTOCOL_TOR }, - { 0x6D454311, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4565A5, 32, NDPI_PROTOCOL_TOR }, - { 0x6D49345A, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4A0058, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4A9795, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC247, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC27C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC3BE, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC865, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4ACC77, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4ACE0C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4ACE15, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4BB84D, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4BBD44, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5A17DD, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5AFAB0, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B68E8, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B6C94, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B7013, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B7DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5E6002, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5FD279, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5FD442, 32, NDPI_PROTOCOL_TOR }, - { 0x6D646686, 32, NDPI_PROTOCOL_TOR }, - { 0x6D64FC83, 32, NDPI_PROTOCOL_TOR }, - { 0x6D682CD1, 32, NDPI_PROTOCOL_TOR }, - { 0x6D696DA2, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6A38E4, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6B239A, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6CDE14, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6F9E13, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78943C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78AD30, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78B4F5, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78B611, 32, NDPI_PROTOCOL_TOR }, - { 0x6D824D50, 32, NDPI_PROTOCOL_TOR }, - { 0x6D825345, 32, NDPI_PROTOCOL_TOR }, - { 0x6D984A8C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D9BDAB1, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA1226E, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3E9A9, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA02, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA04, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA05, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA07, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA08, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA09, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EBF6, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EBFC, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA4ECE7, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA78802, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA9001D, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA917CA, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA921A3, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA92DE2, 32, NDPI_PROTOCOL_TOR }, - { 0x6DAD3BB4, 32, NDPI_PROTOCOL_TOR }, - { 0x6DB6971F, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBD0643, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBD834C, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBD8F96, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBDB40F, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBE4755, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBE6DE4, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC074AE, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC0CFE9, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC16B54, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC18057, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC2D95A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC41236, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC50D36, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC53F2D, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC95A10, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC9830B, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC99A8D, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC9C2DB, 32, NDPI_PROTOCOL_TOR }, - { 0x6DCB6C42, 32, NDPI_PROTOCOL_TOR }, - { 0x6DCEBA61, 32, NDPI_PROTOCOL_TOR }, - { 0x6DD412CD, 32, NDPI_PROTOCOL_TOR }, - { 0x6DD414AD, 32, NDPI_PROTOCOL_TOR }, - { 0x6DDA7515, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE4963C, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6E02A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6EC59, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6EC5F, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6ECAD, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE97B2C, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE97FE9, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEB32A3, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEC568A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF301A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF3098, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF30AE, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF3103, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF3C35, 32, NDPI_PROTOCOL_TOR }, - { 0x6DF150E7, 32, NDPI_PROTOCOL_TOR }, - { 0x6DF63848, 32, NDPI_PROTOCOL_TOR }, - { 0x6DFB8A1A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DFF2ED7, 32, NDPI_PROTOCOL_TOR }, - { 0x6DFF69AD, 32, NDPI_PROTOCOL_TOR }, - { 0x6E42E657, 32, NDPI_PROTOCOL_TOR }, - { 0x6E42E657, 32, NDPI_PROTOCOL_TOR }, - { 0x6E5D17AA, 32, NDPI_PROTOCOL_TOR }, - { 0x6EAE2B88, 32, NDPI_PROTOCOL_TOR }, - { 0x6EAFF9CA, 32, NDPI_PROTOCOL_TOR }, - { 0x6F458D7B, 32, NDPI_PROTOCOL_TOR }, - { 0x6F45A280, 32, NDPI_PROTOCOL_TOR }, - { 0x6F59A849, 32, NDPI_PROTOCOL_TOR }, - { 0x6F677B5E, 32, NDPI_PROTOCOL_TOR }, - { 0x6F67ACCD, 32, NDPI_PROTOCOL_TOR }, - { 0x6F76B165, 32, NDPI_PROTOCOL_TOR }, - { 0x6FF8167F, 32, NDPI_PROTOCOL_TOR }, - { 0x70769CA3, 32, NDPI_PROTOCOL_TOR }, - { 0x7078955A, 32, NDPI_PROTOCOL_TOR }, - { 0x707899D7, 32, NDPI_PROTOCOL_TOR }, - { 0x70CDFABD, 32, NDPI_PROTOCOL_TOR }, - { 0x71A37584, 32, NDPI_PROTOCOL_TOR }, - { 0x7225CECB, 32, NDPI_PROTOCOL_TOR }, - { 0x724DE973, 32, NDPI_PROTOCOL_TOR }, - { 0x72860615, 32, NDPI_PROTOCOL_TOR }, - { 0x72BD691E, 32, NDPI_PROTOCOL_TOR }, - { 0x7342A640, 32, NDPI_PROTOCOL_TOR }, - { 0x7346F182, 32, NDPI_PROTOCOL_TOR }, - { 0x73BB4A5B, 32, NDPI_PROTOCOL_TOR }, - { 0x73BB9A6B, 32, NDPI_PROTOCOL_TOR }, - { 0x75124BEB, 32, NDPI_PROTOCOL_TOR }, - { 0x751263F9, 32, NDPI_PROTOCOL_TOR }, - { 0x760C8552, 32, NDPI_PROTOCOL_TOR }, - { 0x768D03A4, 32, NDPI_PROTOCOL_TOR }, - { 0x76AC0D55, 32, NDPI_PROTOCOL_TOR }, - { 0x76C1C25F, 32, NDPI_PROTOCOL_TOR }, - { 0x76D0C22A, 32, NDPI_PROTOCOL_TOR }, - { 0x76D0F817, 32, NDPI_PROTOCOL_TOR }, - { 0x76D3C1BE, 32, NDPI_PROTOCOL_TOR }, - { 0x76D3C2E6, 32, NDPI_PROTOCOL_TOR }, - { 0x77092F46, 32, NDPI_PROTOCOL_TOR }, - { 0x77EDA418, 32, NDPI_PROTOCOL_TOR }, - { 0x77F64734, 32, NDPI_PROTOCOL_TOR }, - { 0x781DD933, 32, NDPI_PROTOCOL_TOR }, - { 0x78339DD3, 32, NDPI_PROTOCOL_TOR }, - { 0x7839A32E, 32, NDPI_PROTOCOL_TOR }, - { 0x783B2AC8, 32, NDPI_PROTOCOL_TOR }, - { 0x783BA789, 32, NDPI_PROTOCOL_TOR }, - { 0x784AE0A4, 32, NDPI_PROTOCOL_TOR }, - { 0x7890BEA2, 32, NDPI_PROTOCOL_TOR }, - { 0x7936AF32, 32, NDPI_PROTOCOL_TOR }, - { 0x794953C0, 32, NDPI_PROTOCOL_TOR }, - { 0x7954959D, 32, NDPI_PROTOCOL_TOR }, - { 0x79623AD3, 32, NDPI_PROTOCOL_TOR }, - { 0x79628113, 32, NDPI_PROTOCOL_TOR }, - { 0x7963582E, 32, NDPI_PROTOCOL_TOR }, - { 0x7963B8C8, 32, NDPI_PROTOCOL_TOR }, - { 0x7972B51D, 32, NDPI_PROTOCOL_TOR }, - { 0x797AA193, 32, NDPI_PROTOCOL_TOR }, - { 0x79D1E5D4, 32, NDPI_PROTOCOL_TOR }, - { 0x79D34C57, 32, NDPI_PROTOCOL_TOR }, - { 0x79D3C2E6, 32, NDPI_PROTOCOL_TOR }, - { 0x7A744433, 32, NDPI_PROTOCOL_TOR }, - { 0x7B01A089, 32, NDPI_PROTOCOL_TOR }, - { 0x7B64357A, 32, NDPI_PROTOCOL_TOR }, - { 0x7B6CE046, 32, NDPI_PROTOCOL_TOR }, - { 0x7BDDB10E, 32, NDPI_PROTOCOL_TOR }, - { 0x7C0DAC95, 32, NDPI_PROTOCOL_TOR }, - { 0x7C18F2DD, 32, NDPI_PROTOCOL_TOR }, - { 0x7C67D84F, 32, NDPI_PROTOCOL_TOR }, - { 0x7C6DE896, 32, NDPI_PROTOCOL_TOR }, - { 0x7C951525, 32, NDPI_PROTOCOL_TOR }, - { 0x7CA9666D, 32, NDPI_PROTOCOL_TOR }, - { 0x7CA981CA, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9F5, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9F7, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9FA, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9FD, 32, NDPI_PROTOCOL_TOR }, - { 0x7D1E5578, 32, NDPI_PROTOCOL_TOR }, - { 0x7D352C26, 32, NDPI_PROTOCOL_TOR }, - { 0x7D83BD18, 32, NDPI_PROTOCOL_TOR }, - { 0x7D83BD2C, 32, NDPI_PROTOCOL_TOR }, - { 0x7DECCCB2, 32, NDPI_PROTOCOL_TOR }, - { 0x7DFF021E, 32, NDPI_PROTOCOL_TOR }, - { 0x7E08CD97, 32, NDPI_PROTOCOL_TOR }, - { 0x7E460792, 32, NDPI_PROTOCOL_TOR }, - { 0x7E57F79D, 32, NDPI_PROTOCOL_TOR }, - { 0x8006E06B, 32, NDPI_PROTOCOL_TOR }, - { 0x800CB13B, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE238, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE238, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE252, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE252, 32, NDPI_PROTOCOL_TOR }, - { 0x801F0022, 32, NDPI_PROTOCOL_TOR }, - { 0x801F0022, 32, NDPI_PROTOCOL_TOR }, - { 0x801F0027, 32, NDPI_PROTOCOL_TOR }, - { 0x80270844, 32, NDPI_PROTOCOL_TOR }, - { 0x80278E14, 32, NDPI_PROTOCOL_TOR }, - { 0x80278E15, 32, NDPI_PROTOCOL_TOR }, - { 0x80348069, 32, NDPI_PROTOCOL_TOR }, - { 0x8034A014, 32, NDPI_PROTOCOL_TOR }, - { 0x80392F1E, 32, NDPI_PROTOCOL_TOR }, - { 0x803B1279, 32, NDPI_PROTOCOL_TOR }, - { 0x804490CE, 32, NDPI_PROTOCOL_TOR }, - { 0x80473391, 32, NDPI_PROTOCOL_TOR }, - { 0x804910C0, 32, NDPI_PROTOCOL_TOR }, - { 0x804F35F4, 32, NDPI_PROTOCOL_TOR }, - { 0x804FBA39, 32, NDPI_PROTOCOL_TOR }, - { 0x80752B5C, 32, NDPI_PROTOCOL_TOR }, - { 0x80752B61, 32, NDPI_PROTOCOL_TOR }, - { 0x80752B61, 32, NDPI_PROTOCOL_TOR }, - { 0x807F2860, 32, NDPI_PROTOCOL_TOR }, - { 0x8082CC5B, 32, NDPI_PROTOCOL_TOR }, - { 0x8087BD74, 32, NDPI_PROTOCOL_TOR }, - { 0x80AD374E, 32, NDPI_PROTOCOL_TOR }, - { 0x80B1AA5A, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7227A, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72305, 32, NDPI_PROTOCOL_TOR }, - { 0x80C723BF, 32, NDPI_PROTOCOL_TOR }, - { 0x80C729EE, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72A6C, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72C2E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72EDC, 32, NDPI_PROTOCOL_TOR }, - { 0x80C733D0, 32, NDPI_PROTOCOL_TOR }, - { 0x80C737CF, 32, NDPI_PROTOCOL_TOR }, - { 0x80C73947, 32, NDPI_PROTOCOL_TOR }, - { 0x80C73F21, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7404F, 32, NDPI_PROTOCOL_TOR }, - { 0x80C74471, 32, NDPI_PROTOCOL_TOR }, - { 0x80C748B6, 32, NDPI_PROTOCOL_TOR }, - { 0x80C74AE2, 32, NDPI_PROTOCOL_TOR }, - { 0x80C753BB, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7579B, 32, NDPI_PROTOCOL_TOR }, - { 0x80C75F79, 32, NDPI_PROTOCOL_TOR }, - { 0x80C75F7E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C76AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x80C77A68, 32, NDPI_PROTOCOL_TOR }, - { 0x80C77A76, 32, NDPI_PROTOCOL_TOR }, - { 0x80C77B13, 32, NDPI_PROTOCOL_TOR }, - { 0x80C782E3, 32, NDPI_PROTOCOL_TOR }, - { 0x80C78407, 32, NDPI_PROTOCOL_TOR }, - { 0x80C78548, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7859A, 32, NDPI_PROTOCOL_TOR }, - { 0x80C78BEC, 32, NDPI_PROTOCOL_TOR }, - { 0x80C79053, 32, NDPI_PROTOCOL_TOR }, - { 0x80C794F3, 32, NDPI_PROTOCOL_TOR }, - { 0x80C797C2, 32, NDPI_PROTOCOL_TOR }, - { 0x80C79A84, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7A56E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7A5D4, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7A88E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7AEF7, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7AF45, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7B364, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7B654, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7B73B, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7D4DC, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7D647, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7D9F3, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7E434, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7ECBE, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7F0C1, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7F24B, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7F4CE, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7FA9F, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7FCC5, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7FD9C, 32, NDPI_PROTOCOL_TOR }, - { 0x80D002E9, 32, NDPI_PROTOCOL_TOR }, - { 0x80DF5C53, 32, NDPI_PROTOCOL_TOR }, - { 0x80E81239, 32, NDPI_PROTOCOL_TOR }, - { 0x80ED9D72, 32, NDPI_PROTOCOL_TOR }, - { 0x810A78C1, 32, NDPI_PROTOCOL_TOR }, - { 0x811583C0, 32, NDPI_PROTOCOL_TOR }, - { 0x81400893, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0706, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0706, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0707, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0707, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0708, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0708, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0727, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0727, 32, NDPI_PROTOCOL_TOR }, - { 0x817FFED5, 32, NDPI_PROTOCOL_TOR }, - { 0x818200B7, 32, NDPI_PROTOCOL_TOR }, - { 0x8185081F, 32, NDPI_PROTOCOL_TOR }, - { 0x81BB3621, 32, NDPI_PROTOCOL_TOR }, - { 0x81F1A1FA, 32, NDPI_PROTOCOL_TOR }, - { 0x81F480A9, 32, NDPI_PROTOCOL_TOR }, - { 0x820FBD2D, 32, NDPI_PROTOCOL_TOR }, - { 0x82192C69, 32, NDPI_PROTOCOL_TOR }, - { 0x823FAD7E, 32, NDPI_PROTOCOL_TOR }, - { 0x824B51FB, 32, NDPI_PROTOCOL_TOR }, - { 0x824BB225, 32, NDPI_PROTOCOL_TOR }, - { 0x827B031B, 32, NDPI_PROTOCOL_TOR }, - { 0x827E8EAB, 32, NDPI_PROTOCOL_TOR }, - { 0x8284B17E, 32, NDPI_PROTOCOL_TOR }, - { 0x82950E1F, 32, NDPI_PROTOCOL_TOR }, - { 0x8295C80C, 32, NDPI_PROTOCOL_TOR }, - { 0x8295CB6B, 32, NDPI_PROTOCOL_TOR }, - { 0x8295DC7D, 32, NDPI_PROTOCOL_TOR }, - { 0x82B417E6, 32, NDPI_PROTOCOL_TOR }, - { 0x82B43F96, 32, NDPI_PROTOCOL_TOR }, - { 0x82B84B76, 32, NDPI_PROTOCOL_TOR }, - { 0x82FD157B, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF48A4, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF49CA, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF49CA, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF8242, 32, NDPI_PROTOCOL_TOR }, - { 0x83488818, 32, NDPI_PROTOCOL_TOR }, - { 0x83488A0B, 32, NDPI_PROTOCOL_TOR }, - { 0x83AD8008, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC180E, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC28BC, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC28BD, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC28BD, 32, NDPI_PROTOCOL_TOR }, - { 0x83D79EED, 32, NDPI_PROTOCOL_TOR }, - { 0x83D7A8F2, 32, NDPI_PROTOCOL_TOR }, - { 0x83D7ACD6, 32, NDPI_PROTOCOL_TOR }, - { 0x83D7B062, 32, NDPI_PROTOCOL_TOR }, - { 0x84D83602, 32, NDPI_PROTOCOL_TOR }, - { 0x84E69651, 32, NDPI_PROTOCOL_TOR }, - { 0x84F81E0C, 32, NDPI_PROTOCOL_TOR }, - { 0x84FBE6E3, 32, NDPI_PROTOCOL_TOR }, - { 0x86001A20, 32, NDPI_PROTOCOL_TOR }, - { 0x86036F77, 32, NDPI_PROTOCOL_TOR }, - { 0x8603C987, 32, NDPI_PROTOCOL_TOR }, - { 0x8603EA32, 32, NDPI_PROTOCOL_TOR }, - { 0x86227D25, 32, NDPI_PROTOCOL_TOR }, - { 0x86227D44, 32, NDPI_PROTOCOL_TOR }, - { 0x862293AF, 32, NDPI_PROTOCOL_TOR }, - { 0x8622D0E9, 32, NDPI_PROTOCOL_TOR }, - { 0x8631E0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x865B4E8F, 32, NDPI_PROTOCOL_TOR }, - { 0x865D88B1, 32, NDPI_PROTOCOL_TOR }, - { 0x86604111, 32, NDPI_PROTOCOL_TOR }, - { 0x866370A8, 32, NDPI_PROTOCOL_TOR }, - { 0x8666C865, 32, NDPI_PROTOCOL_TOR }, - { 0x866A03FE, 32, NDPI_PROTOCOL_TOR }, - { 0x867703A4, 32, NDPI_PROTOCOL_TOR }, - { 0x8679405D, 32, NDPI_PROTOCOL_TOR }, - { 0x8679436A, 32, NDPI_PROTOCOL_TOR }, - { 0x86A95CDB, 32, NDPI_PROTOCOL_TOR }, - { 0x86E2441D, 32, NDPI_PROTOCOL_TOR }, - { 0x86F993AE, 32, NDPI_PROTOCOL_TOR }, - { 0x86FFEF3D, 32, NDPI_PROTOCOL_TOR }, - { 0x88A8C999, 32, NDPI_PROTOCOL_TOR }, - { 0x88F307AF, 32, NDPI_PROTOCOL_TOR }, - { 0x88F30E86, 32, NDPI_PROTOCOL_TOR }, - { 0x88F3E072, 32, NDPI_PROTOCOL_TOR }, - { 0x88F3E072, 32, NDPI_PROTOCOL_TOR }, - { 0x898708E9, 32, NDPI_PROTOCOL_TOR }, - { 0x899306B0, 32, NDPI_PROTOCOL_TOR }, - { 0x89CD25DB, 32, NDPI_PROTOCOL_TOR }, - { 0x89CD7C23, 32, NDPI_PROTOCOL_TOR }, - { 0x89E0E221, 32, NDPI_PROTOCOL_TOR }, - { 0x89E23B7F, 32, NDPI_PROTOCOL_TOR }, - { 0x89E2952B, 32, NDPI_PROTOCOL_TOR }, - { 0x89F87A44, 32, NDPI_PROTOCOL_TOR }, - { 0x8A640AD1, 32, NDPI_PROTOCOL_TOR }, - { 0x8A6E2D26, 32, NDPI_PROTOCOL_TOR }, - { 0x8A807C37, 32, NDPI_PROTOCOL_TOR }, - { 0x8A80A9EC, 32, NDPI_PROTOCOL_TOR }, - { 0x8B0E0DEC, 32, NDPI_PROTOCOL_TOR }, - { 0x8B4E8DF7, 32, NDPI_PROTOCOL_TOR }, - { 0x8B5B466B, 32, NDPI_PROTOCOL_TOR }, - { 0x8C716E0B, 32, NDPI_PROTOCOL_TOR }, - { 0x8C795022, 32, NDPI_PROTOCOL_TOR }, - { 0x8C79502A, 32, NDPI_PROTOCOL_TOR }, - { 0x8CB4BEBF, 32, NDPI_PROTOCOL_TOR }, - { 0x8CBA4630, 32, NDPI_PROTOCOL_TOR }, - { 0x8CC0DA8B, 32, NDPI_PROTOCOL_TOR }, - { 0x8D0015F2, 32, NDPI_PROTOCOL_TOR }, - { 0x8D009B6D, 32, NDPI_PROTOCOL_TOR }, - { 0x8D00AF95, 32, NDPI_PROTOCOL_TOR }, - { 0x8D142144, 32, NDPI_PROTOCOL_TOR }, - { 0x8D142145, 32, NDPI_PROTOCOL_TOR }, - { 0x8D14214F, 32, NDPI_PROTOCOL_TOR }, - { 0x8D369FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x8D466911, 32, NDPI_PROTOCOL_TOR }, - { 0x8D8A8A88, 32, NDPI_PROTOCOL_TOR }, - { 0x8D8A8DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x8D8AC2E4, 32, NDPI_PROTOCOL_TOR }, - { 0x8DFFA58A, 32, NDPI_PROTOCOL_TOR }, - { 0x8DFFA77A, 32, NDPI_PROTOCOL_TOR }, - { 0x8DFFBDA1, 32, NDPI_PROTOCOL_TOR }, - { 0x8E0420C4, 32, NDPI_PROTOCOL_TOR }, - { 0x8E0433E4, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04CF3B, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D0A7, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D519, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D571, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D726, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D757, 32, NDPI_PROTOCOL_TOR }, - { 0x8E36B0B2, 32, NDPI_PROTOCOL_TOR }, - { 0x8E69D044, 32, NDPI_PROTOCOL_TOR }, - { 0x8FB128C0, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0626, 32, NDPI_PROTOCOL_TOR }, - { 0x904C063B, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0849, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0B64, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0E91, 32, NDPI_PROTOCOL_TOR }, - { 0x904C1DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x904C1EA7, 32, NDPI_PROTOCOL_TOR }, - { 0x904C25F2, 32, NDPI_PROTOCOL_TOR }, - { 0x904C27CA, 32, NDPI_PROTOCOL_TOR }, - { 0x904C2879, 32, NDPI_PROTOCOL_TOR }, - { 0x904C3225, 32, NDPI_PROTOCOL_TOR }, - { 0x904C357D, 32, NDPI_PROTOCOL_TOR }, - { 0x904C3635, 32, NDPI_PROTOCOL_TOR }, - { 0x904C4042, 32, NDPI_PROTOCOL_TOR }, - { 0x904C498C, 32, NDPI_PROTOCOL_TOR }, - { 0x904C5044, 32, NDPI_PROTOCOL_TOR }, - { 0x904C5B87, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6007, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6439, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6E67, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6E67, 32, NDPI_PROTOCOL_TOR }, - { 0x904C7055, 32, NDPI_PROTOCOL_TOR }, - { 0x904C7EB3, 32, NDPI_PROTOCOL_TOR }, - { 0x904C7FA5, 32, NDPI_PROTOCOL_TOR }, - { 0x904C8023, 32, NDPI_PROTOCOL_TOR }, - { 0x904C832A, 32, NDPI_PROTOCOL_TOR }, - { 0x904C95CB, 32, NDPI_PROTOCOL_TOR }, - { 0x904C9C65, 32, NDPI_PROTOCOL_TOR }, - { 0x904CA35D, 32, NDPI_PROTOCOL_TOR }, - { 0x904CB037, 32, NDPI_PROTOCOL_TOR }, - { 0x904CB6CA, 32, NDPI_PROTOCOL_TOR }, - { 0x904CC3E4, 32, NDPI_PROTOCOL_TOR }, - { 0x904CC728, 32, NDPI_PROTOCOL_TOR }, - { 0x904CCB75, 32, NDPI_PROTOCOL_TOR }, - { 0x904CF413, 32, NDPI_PROTOCOL_TOR }, - { 0x904CFD04, 32, NDPI_PROTOCOL_TOR }, - { 0x91DC000F, 32, NDPI_PROTOCOL_TOR }, - { 0x92002090, 32, NDPI_PROTOCOL_TOR }, - { 0x92002A3A, 32, NDPI_PROTOCOL_TOR }, - { 0x92002A6E, 32, NDPI_PROTOCOL_TOR }, - { 0x920048B4, 32, NDPI_PROTOCOL_TOR }, - { 0x920049B2, 32, NDPI_PROTOCOL_TOR }, - { 0x923434C7, 32, NDPI_PROTOCOL_TOR }, - { 0x9234419F, 32, NDPI_PROTOCOL_TOR }, - { 0x92344BB3, 32, NDPI_PROTOCOL_TOR }, - { 0x923490FC, 32, NDPI_PROTOCOL_TOR }, - { 0x92349273, 32, NDPI_PROTOCOL_TOR }, - { 0x925A1CB7, 32, NDPI_PROTOCOL_TOR }, - { 0x9273A850, 32, NDPI_PROTOCOL_TOR }, - { 0x92B915A6, 32, NDPI_PROTOCOL_TOR }, - { 0x92B983AF, 32, NDPI_PROTOCOL_TOR }, - { 0x92B983EF, 32, NDPI_PROTOCOL_TOR }, - { 0x92B988DF, 32, NDPI_PROTOCOL_TOR }, - { 0x92B98D39, 32, NDPI_PROTOCOL_TOR }, - { 0x92B98F90, 32, NDPI_PROTOCOL_TOR }, - { 0x92B996DB, 32, NDPI_PROTOCOL_TOR }, - { 0x92B99939, 32, NDPI_PROTOCOL_TOR }, - { 0x92B99FF1, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9A2EB, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9B440, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9B70D, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9B99A, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9BDC5, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9FB5A, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9FDCA, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9FDCA, 32, NDPI_PROTOCOL_TOR }, - { 0x92FF39E4, 32, NDPI_PROTOCOL_TOR }, - { 0x93459FC4, 32, NDPI_PROTOCOL_TOR }, - { 0x93660115, 32, NDPI_PROTOCOL_TOR }, - { 0x9366D8F2, 32, NDPI_PROTOCOL_TOR }, - { 0x93AFBB8F, 32, NDPI_PROTOCOL_TOR }, - { 0x93DEA58B, 32, NDPI_PROTOCOL_TOR }, - { 0x93E5081A, 32, NDPI_PROTOCOL_TOR }, - { 0x946429FB, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB1431, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB2832, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB2BE9, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB2D87, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB431B, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB4566, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB4D64, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB53C4, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB5884, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB71E6, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB7DD3, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB809C, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB97BD, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBBEE5, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBCE86, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBCF24, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBD7E9, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBD7F4, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBE30E, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBED4F, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBF597, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBFEE5, 32, NDPI_PROTOCOL_TOR }, - { 0x9509001B, 32, NDPI_PROTOCOL_TOR }, - { 0x9509003B, 32, NDPI_PROTOCOL_TOR }, - { 0x9509003C, 32, NDPI_PROTOCOL_TOR }, - { 0x951436DA, 32, NDPI_PROTOCOL_TOR }, - { 0x958405BD, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9810, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9879, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9A92, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9D50, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9E7A, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9EE4, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9F57, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9FAC, 32, NDPI_PROTOCOL_TOR }, - { 0x95ACC7F4, 32, NDPI_PROTOCOL_TOR }, - { 0x95D2AB45, 32, NDPI_PROTOCOL_TOR }, - { 0x95D2ADF7, 32, NDPI_PROTOCOL_TOR }, - { 0x95D2BAC6, 32, NDPI_PROTOCOL_TOR }, - { 0x95FF6DC9, 32, NDPI_PROTOCOL_TOR }, - { 0x96659DFA, 32, NDPI_PROTOCOL_TOR }, - { 0x968C0522, 32, NDPI_PROTOCOL_TOR }, - { 0x971B08A4, 32, NDPI_PROTOCOL_TOR }, - { 0x971DFD3F, 32, NDPI_PROTOCOL_TOR }, - { 0x971FA3B8, 32, NDPI_PROTOCOL_TOR }, - { 0x9741F79A, 32, NDPI_PROTOCOL_TOR }, - { 0x97507745, 32, NDPI_PROTOCOL_TOR }, - { 0x97507758, 32, NDPI_PROTOCOL_TOR }, - { 0x9750800C, 32, NDPI_PROTOCOL_TOR }, - { 0x9750A491, 32, NDPI_PROTOCOL_TOR }, - { 0x97E04B76, 32, NDPI_PROTOCOL_TOR }, - { 0x97E2D38D, 32, NDPI_PROTOCOL_TOR }, - { 0x97E5201B, 32, NDPI_PROTOCOL_TOR }, - { 0x97E65FF1, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC049E, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0506, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC061B, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0670, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC06C2, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC06C6, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC07B1, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0B72, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0E61, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC160C, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC171F, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC172C, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC1839, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC18E4, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDA43, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDD2C, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDE1B, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDE1B, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDED9, 32, NDPI_PROTOCOL_TOR }, - { 0x97FC2A46, 32, NDPI_PROTOCOL_TOR }, - { 0x99782A89, 32, NDPI_PROTOCOL_TOR }, - { 0x997925A6, 32, NDPI_PROTOCOL_TOR }, - { 0x997938DD, 32, NDPI_PROTOCOL_TOR }, - { 0x99793A49, 32, NDPI_PROTOCOL_TOR }, - { 0x997FFB43, 32, NDPI_PROTOCOL_TOR }, - { 0x9A23AFE1, 32, NDPI_PROTOCOL_TOR }, - { 0x9A7F3C42, 32, NDPI_PROTOCOL_TOR }, - { 0x9A7F3D62, 32, NDPI_PROTOCOL_TOR }, - { 0x9A7F3D8D, 32, NDPI_PROTOCOL_TOR }, - { 0x9B5EA7C4, 32, NDPI_PROTOCOL_TOR }, - { 0x9BD2EF58, 32, NDPI_PROTOCOL_TOR }, - { 0x9C38FAE3, 32, NDPI_PROTOCOL_TOR }, - { 0x9D0757B8, 32, NDPI_PROTOCOL_TOR }, - { 0x9D07CA47, 32, NDPI_PROTOCOL_TOR }, - { 0x9D07D224, 32, NDPI_PROTOCOL_TOR }, - { 0x9D07DEE2, 32, NDPI_PROTOCOL_TOR }, - { 0x9D0EF604, 32, NDPI_PROTOCOL_TOR }, - { 0x9E3AA97E, 32, NDPI_PROTOCOL_TOR }, - { 0x9E554D57, 32, NDPI_PROTOCOL_TOR }, - { 0x9EB53326, 32, NDPI_PROTOCOL_TOR }, - { 0x9EB552B2, 32, NDPI_PROTOCOL_TOR }, - { 0x9EB560E3, 32, NDPI_PROTOCOL_TOR }, - { 0x9EDE8F19, 32, NDPI_PROTOCOL_TOR }, - { 0x9EFFD4B3, 32, NDPI_PROTOCOL_TOR }, - { 0x9EFFD729, 32, NDPI_PROTOCOL_TOR }, - { 0x9F94B55A, 32, NDPI_PROTOCOL_TOR }, - { 0xA0612F1E, 32, NDPI_PROTOCOL_TOR }, - { 0xA1357425, 32, NDPI_PROTOCOL_TOR }, - { 0xA1357898, 32, NDPI_PROTOCOL_TOR }, - { 0xA135A068, 32, NDPI_PROTOCOL_TOR }, - { 0xA2D3D985, 32, NDPI_PROTOCOL_TOR }, - { 0xA2D3E0E9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2D813ED, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DA417E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DA760C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DAD084, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DAE92B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DB02B1, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DC2FB8, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DC38BA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DCD94C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DCDA6D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DCF1DF, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DDC939, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DEA01D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F307B4, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F317DD, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F320CA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F323FB, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F32725, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F328A1, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F33089, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F33543, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3354B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F33EEF, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F348C6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3499C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F35F80, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F364E1, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3656E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F367AE, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F371B6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F37479, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F37734, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F377F6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F37BDC, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F386E0, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F38B4E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F38E6B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3969C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F396E5, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3971B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F39C7A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3A25C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3F878, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3FD76, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F418ED, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F419BA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F419D6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F41A09, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F41A9D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F41D7C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F422A9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F52912, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F5D9D0, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F5DC86, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F5DC8C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F74807, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F7481B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748C7, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748C8, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748C9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D5, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D8, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F7494A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F749CC, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F749CE, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F809ED, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F80B06, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F80BB0, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F88C65, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F88E67, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F88F29, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A033, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A053, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A090, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A097, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A1D5, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A3CA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A50E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FAE9C2, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FAEA7D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FB463A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FB463A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCCC3E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCF079, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCF17B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCF20D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FE4436, 32, NDPI_PROTOCOL_TOR }, - { 0xA40FA707, 32, NDPI_PROTOCOL_TOR }, - { 0xA4272AFE, 32, NDPI_PROTOCOL_TOR }, - { 0xA57B94C7, 32, NDPI_PROTOCOL_TOR }, - { 0xA5FEFF10, 32, NDPI_PROTOCOL_TOR }, - { 0xA5FEFF10, 32, NDPI_PROTOCOL_TOR }, - { 0xA6460F0E, 32, NDPI_PROTOCOL_TOR }, - { 0xA6465E6A, 32, NDPI_PROTOCOL_TOR }, - { 0xA646CF02, 32, NDPI_PROTOCOL_TOR }, - { 0xA646D4B5, 32, NDPI_PROTOCOL_TOR }, - { 0xA64E0721, 32, NDPI_PROTOCOL_TOR }, - { 0xA65215C8, 32, NDPI_PROTOCOL_TOR }, - { 0xA6540737, 32, NDPI_PROTOCOL_TOR }, - { 0xA6540794, 32, NDPI_PROTOCOL_TOR }, - { 0xA7397143, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582348, 32, NDPI_PROTOCOL_TOR }, - { 0xA758283F, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582898, 32, NDPI_PROTOCOL_TOR }, - { 0xA75828C8, 32, NDPI_PROTOCOL_TOR }, - { 0xA75829BB, 32, NDPI_PROTOCOL_TOR }, - { 0xA75829C2, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582BF6, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582C32, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582C33, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582C34, 32, NDPI_PROTOCOL_TOR }, - { 0xA7587066, 32, NDPI_PROTOCOL_TOR }, - { 0xA7587D43, 32, NDPI_PROTOCOL_TOR }, - { 0xA77202C0, 32, NDPI_PROTOCOL_TOR }, - { 0xA7720390, 32, NDPI_PROTOCOL_TOR }, - { 0xA77203A6, 32, NDPI_PROTOCOL_TOR }, - { 0xA772243E, 32, NDPI_PROTOCOL_TOR }, - { 0xA7722489, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D3, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D3, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA772423D, 32, NDPI_PROTOCOL_TOR }, - { 0xA77243CC, 32, NDPI_PROTOCOL_TOR }, - { 0xA77243D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA7724418, 32, NDPI_PROTOCOL_TOR }, - { 0xA7724726, 32, NDPI_PROTOCOL_TOR }, - { 0xA77247BD, 32, NDPI_PROTOCOL_TOR }, - { 0xA7726116, 32, NDPI_PROTOCOL_TOR }, - { 0xA772629A, 32, NDPI_PROTOCOL_TOR }, - { 0xA772712E, 32, NDPI_PROTOCOL_TOR }, - { 0xA7727130, 32, NDPI_PROTOCOL_TOR }, - { 0xA7727288, 32, NDPI_PROTOCOL_TOR }, - { 0xA77272D1, 32, NDPI_PROTOCOL_TOR }, - { 0xA7729864, 32, NDPI_PROTOCOL_TOR }, - { 0xA7A02CC2, 32, NDPI_PROTOCOL_TOR }, - { 0xA7A02CE2, 32, NDPI_PROTOCOL_TOR }, - { 0xA7A0A39A, 32, NDPI_PROTOCOL_TOR }, - { 0xA83ED9D8, 32, NDPI_PROTOCOL_TOR }, - { 0xA867C3FA, 32, NDPI_PROTOCOL_TOR }, - { 0xA896FB0F, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB91AF, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9238, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9239, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB935E, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9361, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9664, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9A60, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9CA2, 32, NDPI_PROTOCOL_TOR }, - { 0xA9E57D1B, 32, NDPI_PROTOCOL_TOR }, - { 0xA9E57D1B, 32, NDPI_PROTOCOL_TOR }, - { 0xAA4BA251, 32, NDPI_PROTOCOL_TOR }, - { 0xAA4BA257, 32, NDPI_PROTOCOL_TOR }, - { 0xAA4BA3B4, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C109, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C114, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C14D, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C14E, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C1EB, 32, NDPI_PROTOCOL_TOR }, - { 0xAB655D88, 32, NDPI_PROTOCOL_TOR }, - { 0xAC07A4C5, 32, NDPI_PROTOCOL_TOR }, - { 0xACF51678, 32, NDPI_PROTOCOL_TOR }, - { 0xACF520B9, 32, NDPI_PROTOCOL_TOR }, - { 0xACF520BA, 32, NDPI_PROTOCOL_TOR }, - { 0xACF521F9, 32, NDPI_PROTOCOL_TOR }, - { 0xACF52416, 32, NDPI_PROTOCOL_TOR }, - { 0xACF53C64, 32, NDPI_PROTOCOL_TOR }, - { 0xACF5DB85, 32, NDPI_PROTOCOL_TOR }, - { 0xACFE0D7C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD08664C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD0B116C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD0D8D1C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD10B454, 32, NDPI_PROTOCOL_TOR }, - { 0xAD12E604, 32, NDPI_PROTOCOL_TOR }, - { 0xAD16F0E2, 32, NDPI_PROTOCOL_TOR }, - { 0xAD172ADB, 32, NDPI_PROTOCOL_TOR }, - { 0xAD1C491B, 32, NDPI_PROTOCOL_TOR }, - { 0xAD2C23B2, 32, NDPI_PROTOCOL_TOR }, - { 0xAD2C3ACA, 32, NDPI_PROTOCOL_TOR }, - { 0xAD2DE436, 32, NDPI_PROTOCOL_TOR }, - { 0xAD304BF6, 32, NDPI_PROTOCOL_TOR }, - { 0xAD30B617, 32, NDPI_PROTOCOL_TOR }, - { 0xAD335037, 32, NDPI_PROTOCOL_TOR }, - { 0xAD33C620, 32, NDPI_PROTOCOL_TOR }, - { 0xAD36711E, 32, NDPI_PROTOCOL_TOR }, - { 0xAD40C757, 32, NDPI_PROTOCOL_TOR }, - { 0xAD427043, 32, NDPI_PROTOCOL_TOR }, - { 0xAD45B52A, 32, NDPI_PROTOCOL_TOR }, - { 0xAD469914, 32, NDPI_PROTOCOL_TOR }, - { 0xAD46DD71, 32, NDPI_PROTOCOL_TOR }, - { 0xAD4717F9, 32, NDPI_PROTOCOL_TOR }, - { 0xAD479C14, 32, NDPI_PROTOCOL_TOR }, - { 0xAD49717D, 32, NDPI_PROTOCOL_TOR }, - { 0xAD4CA387, 32, NDPI_PROTOCOL_TOR }, - { 0xAD5980AC, 32, NDPI_PROTOCOL_TOR }, - { 0xADA0B4BD, 32, NDPI_PROTOCOL_TOR }, - { 0xADA103A9, 32, NDPI_PROTOCOL_TOR }, - { 0xADA48BC3, 32, NDPI_PROTOCOL_TOR }, - { 0xADA4CEB5, 32, NDPI_PROTOCOL_TOR }, - { 0xADA4DBFA, 32, NDPI_PROTOCOL_TOR }, - { 0xADA5F099, 32, NDPI_PROTOCOL_TOR }, - { 0xADA71245, 32, NDPI_PROTOCOL_TOR }, - { 0xADC769FE, 32, NDPI_PROTOCOL_TOR }, - { 0xADD0C4D7, 32, NDPI_PROTOCOL_TOR }, - { 0xADD0FBB2, 32, NDPI_PROTOCOL_TOR }, - { 0xADD56C74, 32, NDPI_PROTOCOL_TOR }, - { 0xADD5719B, 32, NDPI_PROTOCOL_TOR }, - { 0xADE45AE0, 32, NDPI_PROTOCOL_TOR }, - { 0xADE45B5B, 32, NDPI_PROTOCOL_TOR }, - { 0xADE65550, 32, NDPI_PROTOCOL_TOR }, - { 0xADE68199, 32, NDPI_PROTOCOL_TOR }, - { 0xADE683CF, 32, NDPI_PROTOCOL_TOR }, - { 0xADE683CF, 32, NDPI_PROTOCOL_TOR }, - { 0xADE686EE, 32, NDPI_PROTOCOL_TOR }, - { 0xADE68ABF, 32, NDPI_PROTOCOL_TOR }, - { 0xADE68E82, 32, NDPI_PROTOCOL_TOR }, - { 0xADE694EC, 32, NDPI_PROTOCOL_TOR }, - { 0xADE69504, 32, NDPI_PROTOCOL_TOR }, - { 0xADE69A5A, 32, NDPI_PROTOCOL_TOR }, - { 0xADE69AB8, 32, NDPI_PROTOCOL_TOR }, - { 0xADECF938, 32, NDPI_PROTOCOL_TOR }, - { 0xADECFAD3, 32, NDPI_PROTOCOL_TOR }, - { 0xADECFF8E, 32, NDPI_PROTOCOL_TOR }, - { 0xADEF4FD2, 32, NDPI_PROTOCOL_TOR }, - { 0xADF279C7, 32, NDPI_PROTOCOL_TOR }, - { 0xADF66823, 32, NDPI_PROTOCOL_TOR }, - { 0xADF6FE86, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED0A8, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED842, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED843, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED844, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED845, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFC24D, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFC41E, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFCD71, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFD1B5, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFD2CD, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFD3AF, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFDA6A, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFDCAB, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFDD60, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE28E, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE455, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE459, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE486, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE8C0, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE93C, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFED6B, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFED6B, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFEDA5, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF217, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF259, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF574, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF64E, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF6A2, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF7F7, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF812, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF869, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF9DE, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFFAF0, 32, NDPI_PROTOCOL_TOR }, - { 0xAE03A82A, 32, NDPI_PROTOCOL_TOR }, - { 0xAE064AC1, 32, NDPI_PROTOCOL_TOR }, - { 0xAE15F745, 32, NDPI_PROTOCOL_TOR }, - { 0xAE1D40A4, 32, NDPI_PROTOCOL_TOR }, - { 0xAE2DB58A, 32, NDPI_PROTOCOL_TOR }, - { 0xAE32F679, 32, NDPI_PROTOCOL_TOR }, - { 0xAE3E4833, 32, NDPI_PROTOCOL_TOR }, - { 0xAE3F713C, 32, NDPI_PROTOCOL_TOR }, - { 0xAE463C5C, 32, NDPI_PROTOCOL_TOR }, - { 0xAE475A25, 32, NDPI_PROTOCOL_TOR }, - { 0xAE5F6BA7, 32, NDPI_PROTOCOL_TOR }, - { 0xAE60D6AE, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6208CA, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6328BE, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6C43BC, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6D6112, 32, NDPI_PROTOCOL_TOR }, - { 0xAE7E102D, 32, NDPI_PROTOCOL_TOR }, - { 0xAE886956, 32, NDPI_PROTOCOL_TOR }, - { 0xAE8AC693, 32, NDPI_PROTOCOL_TOR }, - { 0xAE8FF3F7, 32, NDPI_PROTOCOL_TOR }, - { 0xAF648B8C, 32, NDPI_PROTOCOL_TOR }, - { 0xAF8741DE, 32, NDPI_PROTOCOL_TOR }, - { 0xB00901D3, 32, NDPI_PROTOCOL_TOR }, - { 0xB00904CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB0090574, 32, NDPI_PROTOCOL_TOR }, - { 0xB0091051, 32, NDPI_PROTOCOL_TOR }, - { 0xB0091948, 32, NDPI_PROTOCOL_TOR }, - { 0xB00926C6, 32, NDPI_PROTOCOL_TOR }, - { 0xB0092E8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB00932F0, 32, NDPI_PROTOCOL_TOR }, - { 0xB009368E, 32, NDPI_PROTOCOL_TOR }, - { 0xB0095425, 32, NDPI_PROTOCOL_TOR }, - { 0xB009558D, 32, NDPI_PROTOCOL_TOR }, - { 0xB0095AD7, 32, NDPI_PROTOCOL_TOR }, - { 0xB0096708, 32, NDPI_PROTOCOL_TOR }, - { 0xB0096714, 32, NDPI_PROTOCOL_TOR }, - { 0xB0096B68, 32, NDPI_PROTOCOL_TOR }, - { 0xB00977A7, 32, NDPI_PROTOCOL_TOR }, - { 0xB0097DD1, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098BFC, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098C6C, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098FC8, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098FD0, 32, NDPI_PROTOCOL_TOR }, - { 0xB00991C2, 32, NDPI_PROTOCOL_TOR }, - { 0xB0099344, 32, NDPI_PROTOCOL_TOR }, - { 0xB00994B0, 32, NDPI_PROTOCOL_TOR }, - { 0xB0099D4D, 32, NDPI_PROTOCOL_TOR }, - { 0xB009B42F, 32, NDPI_PROTOCOL_TOR }, - { 0xB009C0AB, 32, NDPI_PROTOCOL_TOR }, - { 0xB009ED02, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C8, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C8, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C9, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C9, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CA, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CA, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CB, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CB, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CC, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CC, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CD, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CD, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CF, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CF, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D0, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D0, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A6BB4, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A74A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB00AFA4F, 32, NDPI_PROTOCOL_TOR }, - { 0xB00AFDDB, 32, NDPI_PROTOCOL_TOR }, - { 0xB00AFE87, 32, NDPI_PROTOCOL_TOR }, - { 0xB00C1D0C, 32, NDPI_PROTOCOL_TOR }, - { 0xB00C6B1E, 32, NDPI_PROTOCOL_TOR }, - { 0xB00E717E, 32, NDPI_PROTOCOL_TOR }, - { 0xB00F49B5, 32, NDPI_PROTOCOL_TOR }, - { 0xB00FBBA1, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C0978, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C0B2A, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C1F79, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C305E, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C36D5, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F1C3F, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F2395, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F323D, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F4255, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F7158, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F7494, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F7827, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F989F, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F9CC7, 32, NDPI_PROTOCOL_TOR }, - { 0xB01FB509, 32, NDPI_PROTOCOL_TOR }, - { 0xB01FBF1A, 32, NDPI_PROTOCOL_TOR }, - { 0xB024237E, 32, NDPI_PROTOCOL_TOR }, - { 0xB0245D6B, 32, NDPI_PROTOCOL_TOR }, - { 0xB02496F6, 32, NDPI_PROTOCOL_TOR }, - { 0xB0249F29, 32, NDPI_PROTOCOL_TOR }, - { 0xB0268C0D, 32, NDPI_PROTOCOL_TOR }, - { 0xB03515A2, 32, NDPI_PROTOCOL_TOR }, - { 0xB0357FC2, 32, NDPI_PROTOCOL_TOR }, - { 0xB035E825, 32, NDPI_PROTOCOL_TOR }, - { 0xB038EC53, 32, NDPI_PROTOCOL_TOR }, - { 0xB038ECAD, 32, NDPI_PROTOCOL_TOR }, - { 0xB038ED5A, 32, NDPI_PROTOCOL_TOR }, - { 0xB038EDBF, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A59BC, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A60C7, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A61C9, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6462, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6711, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6A59, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6AC0, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A7317, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A7816, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A799F, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A9FAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB03D89DD, 32, NDPI_PROTOCOL_TOR }, - { 0xB043AC1E, 32, NDPI_PROTOCOL_TOR }, - { 0xB049E604, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D1A58, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D226A, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D2746, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D29B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB05019F4, 32, NDPI_PROTOCOL_TOR }, - { 0xB063C782, 32, NDPI_PROTOCOL_TOR }, - { 0xB0678035, 32, NDPI_PROTOCOL_TOR }, - { 0xB06A3636, 32, NDPI_PROTOCOL_TOR }, - { 0xB06A6B2F, 32, NDPI_PROTOCOL_TOR }, - { 0xB06CA0F1, 32, NDPI_PROTOCOL_TOR }, - { 0xB06CA0F2, 32, NDPI_PROTOCOL_TOR }, - { 0xB06CA0FD, 32, NDPI_PROTOCOL_TOR }, - { 0xB072F82F, 32, NDPI_PROTOCOL_TOR }, - { 0xB0744531, 32, NDPI_PROTOCOL_TOR }, - { 0xB0746831, 32, NDPI_PROTOCOL_TOR }, - { 0xB075128D, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B065E, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B0665, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B1C1F, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B1C22, 32, NDPI_PROTOCOL_TOR }, - { 0xB07EF45B, 32, NDPI_PROTOCOL_TOR }, - { 0xB07EFC0B, 32, NDPI_PROTOCOL_TOR }, - { 0xB07EFC0C, 32, NDPI_PROTOCOL_TOR }, - { 0xB0BCDE53, 32, NDPI_PROTOCOL_TOR }, - { 0xB0BD2641, 32, NDPI_PROTOCOL_TOR }, - { 0xB0BD77B6, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C17D30, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C20E92, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C62CC4, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C65C86, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C6642D, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C67537, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C7E07F, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C7E590, 32, NDPI_PROTOCOL_TOR }, - { 0xB0D496A3, 32, NDPI_PROTOCOL_TOR }, - { 0xB0DD2E35, 32, NDPI_PROTOCOL_TOR }, - { 0xB0DECAC3, 32, NDPI_PROTOCOL_TOR }, - { 0xB0E2DAFF, 32, NDPI_PROTOCOL_TOR }, - { 0xB10648C6, 32, NDPI_PROTOCOL_TOR }, - { 0xB12F6D15, 32, NDPI_PROTOCOL_TOR }, - { 0xB15C1B98, 32, NDPI_PROTOCOL_TOR }, - { 0xB18D1209, 32, NDPI_PROTOCOL_TOR }, - { 0xB194ACC4, 32, NDPI_PROTOCOL_TOR }, - { 0xB1BC41E6, 32, NDPI_PROTOCOL_TOR }, - { 0xB1CD10C8, 32, NDPI_PROTOCOL_TOR }, - { 0xB2011DB1, 32, NDPI_PROTOCOL_TOR }, - { 0xB202DFF0, 32, NDPI_PROTOCOL_TOR }, - { 0xB202E307, 32, NDPI_PROTOCOL_TOR }, - { 0xB2031B59, 32, NDPI_PROTOCOL_TOR }, - { 0xB204CFB7, 32, NDPI_PROTOCOL_TOR }, - { 0xB2067327, 32, NDPI_PROTOCOL_TOR }, - { 0xB2070DE7, 32, NDPI_PROTOCOL_TOR }, - { 0xB20BA25E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2102D5A, 32, NDPI_PROTOCOL_TOR }, - { 0xB210D038, 32, NDPI_PROTOCOL_TOR }, - { 0xB210D039, 32, NDPI_PROTOCOL_TOR }, - { 0xB211AA0B, 32, NDPI_PROTOCOL_TOR }, - { 0xB211AA13, 32, NDPI_PROTOCOL_TOR }, - { 0xB212106C, 32, NDPI_PROTOCOL_TOR }, - { 0xB21211CC, 32, NDPI_PROTOCOL_TOR }, - { 0xB21211EA, 32, NDPI_PROTOCOL_TOR }, - { 0xB21253D7, 32, NDPI_PROTOCOL_TOR }, - { 0xB2128308, 32, NDPI_PROTOCOL_TOR }, - { 0xB2143710, 32, NDPI_PROTOCOL_TOR }, - { 0xB2143712, 32, NDPI_PROTOCOL_TOR }, - { 0xB2151456, 32, NDPI_PROTOCOL_TOR }, - { 0xB2157245, 32, NDPI_PROTOCOL_TOR }, - { 0xB21572B9, 32, NDPI_PROTOCOL_TOR }, - { 0xB2182081, 32, NDPI_PROTOCOL_TOR }, - { 0xB218CF5C, 32, NDPI_PROTOCOL_TOR }, - { 0xB21944AC, 32, NDPI_PROTOCOL_TOR }, - { 0xB21968A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB2198DE6, 32, NDPI_PROTOCOL_TOR }, - { 0xB21A57B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB21A76A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB21A8269, 32, NDPI_PROTOCOL_TOR }, - { 0xB21AB707, 32, NDPI_PROTOCOL_TOR }, - { 0xB21AC341, 32, NDPI_PROTOCOL_TOR }, - { 0xB21B383A, 32, NDPI_PROTOCOL_TOR }, - { 0xB21B78E5, 32, NDPI_PROTOCOL_TOR }, - { 0xB21B7ACB, 32, NDPI_PROTOCOL_TOR }, - { 0xB220225B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2202C9D, 32, NDPI_PROTOCOL_TOR }, - { 0xB2203E91, 32, NDPI_PROTOCOL_TOR }, - { 0xB22064D7, 32, NDPI_PROTOCOL_TOR }, - { 0xB220784B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2207A41, 32, NDPI_PROTOCOL_TOR }, - { 0xB2208FAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB2208FAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B560, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B561, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B562, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B563, 32, NDPI_PROTOCOL_TOR }, - { 0xB220D861, 32, NDPI_PROTOCOL_TOR }, - { 0xB220D892, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DBC5, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DC0C, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DC18, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DD97, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DDCF, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DE15, 32, NDPI_PROTOCOL_TOR }, - { 0xB220EE9E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2212397, 32, NDPI_PROTOCOL_TOR }, - { 0xB22170AB, 32, NDPI_PROTOCOL_TOR }, - { 0xB22EA34B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E0999, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E0E7F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E0E97, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E102A, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E12D7, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E1384, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E1A53, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E2520, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E27CA, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E2E07, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E3405, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E354B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E36E3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E38A3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E3910, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E3A50, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E414D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E4DB6, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E4E51, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E507C, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5660, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E56CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5A6F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5D24, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5EF3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E60A0, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E64C1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6892, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6DA4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6E8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6F30, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E7047, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E769A, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E83D8, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E9871, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E9E9C, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EA3E3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EA7B2, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EADCB, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EB2E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EB893, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EBA9B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EBD4F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC4B1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC658, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC6D5, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC7E2, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC927, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ECC5B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ECC63, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED1FC, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED47B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED986, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED9E9, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EDAA0, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EDE81, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EE525, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EE5D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EE707, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EEA99, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EEB68, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EEE78, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EF11E, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EF140, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EF877, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EFB08, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EFC52, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EFCEA, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F00A1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F1030, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F2E61, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F3D43, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F41B3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F4AC4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F4AF5, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F5E90, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F604F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F6122, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F65C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F6E97, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F749D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F91E2, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F9A5D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23FA2D4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23FD133, 32, NDPI_PROTOCOL_TOR }, - { 0xB24021FC, 32, NDPI_PROTOCOL_TOR }, - { 0xB246D353, 32, NDPI_PROTOCOL_TOR }, - { 0xB248584D, 32, NDPI_PROTOCOL_TOR }, - { 0xB249D276, 32, NDPI_PROTOCOL_TOR }, - { 0xB249D2F0, 32, NDPI_PROTOCOL_TOR }, - { 0xB24A67E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB24D627C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24D7B29, 32, NDPI_PROTOCOL_TOR }, - { 0xB24ED425, 32, NDPI_PROTOCOL_TOR }, - { 0xB24EEAC3, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8540, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8623, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F86B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F86B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F86C4, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F88E6, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8B11, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8B2E, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8D6C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8EE0, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F901C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F901C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9D24, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9D24, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9F93, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9FE0, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA039, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA198, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA1B1, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA1ED, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA1ED, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA3A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA515, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA858, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FAAAD, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FAAB5, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FAAB5, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB060, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB072, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB0B9, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB5E6, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FBCD4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2520865, 32, NDPI_PROTOCOL_TOR }, - { 0xB2522270, 32, NDPI_PROTOCOL_TOR }, - { 0xB2522871, 32, NDPI_PROTOCOL_TOR }, - { 0xB2524269, 32, NDPI_PROTOCOL_TOR }, - { 0xB2534549, 32, NDPI_PROTOCOL_TOR }, - { 0xB2560A58, 32, NDPI_PROTOCOL_TOR }, - { 0xB281AD8F, 32, NDPI_PROTOCOL_TOR }, - { 0xB289B71D, 32, NDPI_PROTOCOL_TOR }, - { 0xB28C33AD, 32, NDPI_PROTOCOL_TOR }, - { 0xB28C33AD, 32, NDPI_PROTOCOL_TOR }, - { 0xB28C6812, 32, NDPI_PROTOCOL_TOR }, - { 0xB28CC54B, 32, NDPI_PROTOCOL_TOR }, - { 0xB28E0705, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A23DD6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A242D4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C21E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C252, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C2D2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C505, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A746AA, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AA6FC2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF83C2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8A, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8A, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2BA743C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2BED2D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB2BFC29E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C0BBAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C3EA94, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C7EAC0, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C861B6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C8CBEE, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C8EE97, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C92FF5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C98985, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C9B19C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CA6B7B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CB9302, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CB9A4F, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CBBF12, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D13297, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D13363, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D134A2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D3238A, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D808F5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D83B33, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D85C75, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9B820, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9B943, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9BB05, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9BB06, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9BB27, 32, NDPI_PROTOCOL_TOR }, - { 0xB2DBF5D6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEDF43, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE084, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE16C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE19E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE40C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEED2C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EF3CAC, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EFB113, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FAF3D9, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FD60A6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE0615, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE08BB, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE0987, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1486, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1486, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE16E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE193E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE19A5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1AF4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1C14, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1E56, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1FAD, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1FD1, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE23E0, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE25C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2805, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2BF4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C5B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C5B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C87, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C87, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2CEA, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2CEA, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE3765, 32, NDPI_PROTOCOL_TOR }, - { 0xB300C293, 32, NDPI_PROTOCOL_TOR }, - { 0xB32B8522, 32, NDPI_PROTOCOL_TOR }, - { 0xB36FE5E8, 32, NDPI_PROTOCOL_TOR }, - { 0xB3E8F4B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB4DE4452, 32, NDPI_PROTOCOL_TOR }, - { 0xB529C599, 32, NDPI_PROTOCOL_TOR }, - { 0xB529DB75, 32, NDPI_PROTOCOL_TOR }, - { 0xB52E9531, 32, NDPI_PROTOCOL_TOR }, - { 0xB5A073AC, 32, NDPI_PROTOCOL_TOR }, - { 0xB6A70430, 32, NDPI_PROTOCOL_TOR }, - { 0xB7574B02, 32, NDPI_PROTOCOL_TOR }, - { 0xB75806AD, 32, NDPI_PROTOCOL_TOR }, - { 0xB8129B07, 32, NDPI_PROTOCOL_TOR }, - { 0xB812D6D9, 32, NDPI_PROTOCOL_TOR }, - { 0xB8230910, 32, NDPI_PROTOCOL_TOR }, - { 0xB827A1D3, 32, NDPI_PROTOCOL_TOR }, - { 0xB8486A34, 32, NDPI_PROTOCOL_TOR }, - { 0xB84E9433, 32, NDPI_PROTOCOL_TOR }, - { 0xB85EE222, 32, NDPI_PROTOCOL_TOR }, - { 0xB8645406, 32, NDPI_PROTOCOL_TOR }, - { 0xB869CB85, 32, NDPI_PROTOCOL_TOR }, - { 0xB869DC18, 32, NDPI_PROTOCOL_TOR }, - { 0xB869EB44, 32, NDPI_PROTOCOL_TOR }, - { 0xB86A6DF4, 32, NDPI_PROTOCOL_TOR }, - { 0xB86AD762, 32, NDPI_PROTOCOL_TOR }, - { 0xB8944B0F, 32, NDPI_PROTOCOL_TOR }, - { 0xB89BBBCD, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A3447D, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A48472, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A4F401, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A4F601, 32, NDPI_PROTOCOL_TOR }, - { 0xB8AA68F7, 32, NDPI_PROTOCOL_TOR }, - { 0xB8AF118B, 32, NDPI_PROTOCOL_TOR }, - { 0xB8AF2873, 32, NDPI_PROTOCOL_TOR }, - { 0xB8B07919, 32, NDPI_PROTOCOL_TOR }, - { 0xB8B705CB, 32, NDPI_PROTOCOL_TOR }, - { 0xB904E322, 32, NDPI_PROTOCOL_TOR }, - { 0xB9050983, 32, NDPI_PROTOCOL_TOR }, - { 0xB9053482, 32, NDPI_PROTOCOL_TOR }, - { 0xB905355D, 32, NDPI_PROTOCOL_TOR }, - { 0xB907944E, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EC83, 32, NDPI_PROTOCOL_TOR }, - { 0xB908ED1B, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EDD0, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EE42, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EE8B, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EE8C, 32, NDPI_PROTOCOL_TOR }, - { 0xB90A1DF7, 32, NDPI_PROTOCOL_TOR }, - { 0xB90A4750, 32, NDPI_PROTOCOL_TOR }, - { 0xB90BA670, 32, NDPI_PROTOCOL_TOR }, - { 0xB90C0C85, 32, NDPI_PROTOCOL_TOR }, - { 0xB90C0E76, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D259E, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D2631, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D2684, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D26B9, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D27C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB90E1C6A, 32, NDPI_PROTOCOL_TOR }, - { 0xB90E1F3B, 32, NDPI_PROTOCOL_TOR }, - { 0xB90EB80D, 32, NDPI_PROTOCOL_TOR }, - { 0xB90EB9F0, 32, NDPI_PROTOCOL_TOR }, - { 0xB90FF47C, 32, NDPI_PROTOCOL_TOR }, - { 0xB9103C53, 32, NDPI_PROTOCOL_TOR }, - { 0xB9107C88, 32, NDPI_PROTOCOL_TOR }, - { 0xB910AC9B, 32, NDPI_PROTOCOL_TOR }, - { 0xB910AD54, 32, NDPI_PROTOCOL_TOR }, - { 0xB910AD56, 32, NDPI_PROTOCOL_TOR }, - { 0xB910C8B0, 32, NDPI_PROTOCOL_TOR }, - { 0xB910C91C, 32, NDPI_PROTOCOL_TOR }, - { 0xB911908A, 32, NDPI_PROTOCOL_TOR }, - { 0xB911B8E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB9129404, 32, NDPI_PROTOCOL_TOR }, - { 0xB9135724, 32, NDPI_PROTOCOL_TOR }, - { 0xB9156432, 32, NDPI_PROTOCOL_TOR }, - { 0xB915671F, 32, NDPI_PROTOCOL_TOR }, - { 0xB915D8A6, 32, NDPI_PROTOCOL_TOR }, - { 0xB915D908, 32, NDPI_PROTOCOL_TOR }, - { 0xB9163F22, 32, NDPI_PROTOCOL_TOR }, - { 0xB918EBCD, 32, NDPI_PROTOCOL_TOR }, - { 0xB919D8ED, 32, NDPI_PROTOCOL_TOR }, - { 0xB91A7CB4, 32, NDPI_PROTOCOL_TOR }, - { 0xB91A9C1C, 32, NDPI_PROTOCOL_TOR }, - { 0xB91A9C1D, 32, NDPI_PROTOCOL_TOR }, - { 0xB91BAF18, 32, NDPI_PROTOCOL_TOR }, - { 0xB91F644B, 32, NDPI_PROTOCOL_TOR }, - { 0xB9222102, 32, NDPI_PROTOCOL_TOR }, - { 0xB9246491, 32, NDPI_PROTOCOL_TOR }, - { 0xB92592AC, 32, NDPI_PROTOCOL_TOR }, - { 0xB925E2C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB9262FE0, 32, NDPI_PROTOCOL_TOR }, - { 0xB928870A, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC039, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC069, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC0BC, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC1F2, 32, NDPI_PROTOCOL_TOR }, - { 0xB9310ED3, 32, NDPI_PROTOCOL_TOR }, - { 0xB932BFFA, 32, NDPI_PROTOCOL_TOR }, - { 0xB932E9E0, 32, NDPI_PROTOCOL_TOR }, - { 0xB935A306, 32, NDPI_PROTOCOL_TOR }, - { 0xB936EE88, 32, NDPI_PROTOCOL_TOR }, - { 0xB9385426, 32, NDPI_PROTOCOL_TOR }, - { 0xB9395219, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8932, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8932, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8949, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8949, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D942E, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9450, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D945D, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9474, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D948D, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D948E, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94BD, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94C1, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D956D, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9574, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9576, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9577, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D95B0, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D95C1, 32, NDPI_PROTOCOL_TOR }, - { 0xB93FBC7C, 32, NDPI_PROTOCOL_TOR }, - { 0xB941C85D, 32, NDPI_PROTOCOL_TOR }, - { 0xB941CD12, 32, NDPI_PROTOCOL_TOR }, - { 0xB9453693, 32, NDPI_PROTOCOL_TOR }, - { 0xB9453744, 32, NDPI_PROTOCOL_TOR }, - { 0xB948B169, 32, NDPI_PROTOCOL_TOR }, - { 0xB948E86B, 32, NDPI_PROTOCOL_TOR }, - { 0xB948F791, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B382C, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B382C, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B3874, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B3874, 32, NDPI_PROTOCOL_TOR }, - { 0xB952C8E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBA160C6E, 32, NDPI_PROTOCOL_TOR }, - { 0xBA1A4002, 32, NDPI_PROTOCOL_TOR }, - { 0xBA6B7BAE, 32, NDPI_PROTOCOL_TOR }, - { 0xBB3B6D26, 32, NDPI_PROTOCOL_TOR }, - { 0xBB3F6418, 32, NDPI_PROTOCOL_TOR }, - { 0xBB5F2203, 32, NDPI_PROTOCOL_TOR }, - { 0xBBD34A78, 32, NDPI_PROTOCOL_TOR }, - { 0xBBFEE732, 32, NDPI_PROTOCOL_TOR }, - { 0xBC0262D8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC04F2B2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC060D5B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC06497F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC18F4FF, 32, NDPI_PROTOCOL_TOR }, - { 0xBC208F85, 32, NDPI_PROTOCOL_TOR }, - { 0xBC20F2F4, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28209A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2821D9, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2825C8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2833E8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283512, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283B50, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283C8E, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283CF2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC284C73, 32, NDPI_PROTOCOL_TOR }, - { 0xBC286345, 32, NDPI_PROTOCOL_TOR }, - { 0xBC286BCD, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2880F6, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2899F2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28B34A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28CE05, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28EBD7, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28F839, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2AFD0B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC322E9A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC3CC333, 32, NDPI_PROTOCOL_TOR }, - { 0xBC3E5662, 32, NDPI_PROTOCOL_TOR }, - { 0xBC499110, 32, NDPI_PROTOCOL_TOR }, - { 0xBC4DD834, 32, NDPI_PROTOCOL_TOR }, - { 0xBC4ED027, 32, NDPI_PROTOCOL_TOR }, - { 0xBC553281, 32, NDPI_PROTOCOL_TOR }, - { 0xBC57A8F9, 32, NDPI_PROTOCOL_TOR }, - { 0xBC5D117B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC5DD54B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC5FF78C, 32, NDPI_PROTOCOL_TOR }, - { 0xBC603CB8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC607AC3, 32, NDPI_PROTOCOL_TOR }, - { 0xBC617F79, 32, NDPI_PROTOCOL_TOR }, - { 0xBC62D521, 32, NDPI_PROTOCOL_TOR }, - { 0xBC6450C9, 32, NDPI_PROTOCOL_TOR }, - { 0xBC67690F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC676B47, 32, NDPI_PROTOCOL_TOR }, - { 0xBC6CD29D, 32, NDPI_PROTOCOL_TOR }, - { 0xBC6D5CC5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC717278, 32, NDPI_PROTOCOL_TOR }, - { 0xBC728C79, 32, NDPI_PROTOCOL_TOR }, - { 0xBC769BEF, 32, NDPI_PROTOCOL_TOR }, - { 0xBC780C35, 32, NDPI_PROTOCOL_TOR }, - { 0xBC78EBA5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC78EFF1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC78FD27, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7A05A1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7AD504, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7B2F13, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7C951D, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7E5D51, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7E5D5F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC817CFA, 32, NDPI_PROTOCOL_TOR }, - { 0xBC860642, 32, NDPI_PROTOCOL_TOR }, - { 0xBC860C22, 32, NDPI_PROTOCOL_TOR }, - { 0xBC860CEC, 32, NDPI_PROTOCOL_TOR }, - { 0xBC864432, 32, NDPI_PROTOCOL_TOR }, - { 0xBC864BD3, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8653AB, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A01E5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A01E5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A0931, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A0931, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A09D0, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A09D0, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A110F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A110F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A5886, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A58A8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A6574, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A6A8A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A703C, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A70E2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A7976, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A7DD1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A7DD1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8D5359, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8E70F6, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5033F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5033F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA519D2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA51A0D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA51A0D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA53B2B, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA55E69, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA57B5F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA57BF4, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58822, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58A8D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58AB5, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58AB5, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5919D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5A4A3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5A4A3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5C181, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5C88A, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5D59C, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5E828, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5EC12, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5F1D8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA609DA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA60CD4, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA60DE6, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA61250, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA61286, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA6234D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA624A3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA625AD, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA625D7, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62B21, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62B3D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62BC8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62D23, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62EAB, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63064, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA630B1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63152, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA631B4, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63271, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63575, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA638B3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63C9E, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63E18, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA73D86, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA745E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA8225A, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAE49D9, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAE5D48, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAEA791, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAEB379, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAED97F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCB55D55, 32, NDPI_PROTOCOL_TOR }, - { 0xBCB7841D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCBA10EC, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC02309, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC0A86E, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC1632B, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC1C8F8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC2C9AE, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC30886, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC348B3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC3D1FD, 32, NDPI_PROTOCOL_TOR }, - { 0xBCCAFCC1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCD519EA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCD58F17, 32, NDPI_PROTOCOL_TOR }, - { 0xBCD65D16, 32, NDPI_PROTOCOL_TOR }, - { 0xBCDF3258, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE23EAE, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE294A1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2957C, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2AB6F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2ACAA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BB8A, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BD35, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BE71, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BF12, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C030, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C5E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C7A0, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C8D8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2CEC8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2D6B1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2D98E, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2DC10, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2DCE2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2DDF3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2E196, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2E396, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2E839, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2FA52, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2FDB5, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2FE59, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE3C986, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE3E068, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE4234B, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE43194, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE63CF6, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE65B87, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE6A6EB, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE6DFB2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE8B717, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE94947, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF17195, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF17251, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18C77, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18C86, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18C94, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18D13, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18D15, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18D87, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18DAA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF423AB, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF64BB2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF6CC43, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF764B8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCFF1E24, 32, NDPI_PROTOCOL_TOR }, - { 0xBCFF70E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBD446D80, 32, NDPI_PROTOCOL_TOR }, - { 0xBDD4A056, 32, NDPI_PROTOCOL_TOR }, - { 0xBDF2D9EF, 32, NDPI_PROTOCOL_TOR }, - { 0xBE03A993, 32, NDPI_PROTOCOL_TOR }, - { 0xBE589587, 32, NDPI_PROTOCOL_TOR }, - { 0xBE78E41E, 32, NDPI_PROTOCOL_TOR }, - { 0xBE7B2D60, 32, NDPI_PROTOCOL_TOR }, - { 0xBE7B2F74, 32, NDPI_PROTOCOL_TOR }, - { 0xBEBD7608, 32, NDPI_PROTOCOL_TOR }, - { 0xBEC0A60C, 32, NDPI_PROTOCOL_TOR }, - { 0xBEE25D6B, 32, NDPI_PROTOCOL_TOR }, - { 0xBF151340, 32, NDPI_PROTOCOL_TOR }, - { 0xBF6502EB, 32, NDPI_PROTOCOL_TOR }, - { 0xBF6598A6, 32, NDPI_PROTOCOL_TOR }, - { 0xBFEFD3DC, 32, NDPI_PROTOCOL_TOR }, - { 0xC0009D29, 32, NDPI_PROTOCOL_TOR }, - { 0xC0031CF2, 32, NDPI_PROTOCOL_TOR }, - { 0xC0031EDF, 32, NDPI_PROTOCOL_TOR }, - { 0xC0039416, 32, NDPI_PROTOCOL_TOR }, - { 0xC003941B, 32, NDPI_PROTOCOL_TOR }, - { 0xC00396AA, 32, NDPI_PROTOCOL_TOR }, - { 0xC0039DD4, 32, NDPI_PROTOCOL_TOR }, - { 0xC003A076, 32, NDPI_PROTOCOL_TOR }, - { 0xC003A4E3, 32, NDPI_PROTOCOL_TOR }, - { 0xC003ACEC, 32, NDPI_PROTOCOL_TOR }, - { 0xC003AD58, 32, NDPI_PROTOCOL_TOR }, - { 0xC003B1A7, 32, NDPI_PROTOCOL_TOR }, - { 0xC003B426, 32, NDPI_PROTOCOL_TOR }, - { 0xC003C9E2, 32, NDPI_PROTOCOL_TOR }, - { 0xC003C9F9, 32, NDPI_PROTOCOL_TOR }, - { 0xC003D27D, 32, NDPI_PROTOCOL_TOR }, - { 0xC00C211A, 32, NDPI_PROTOCOL_TOR }, - { 0xC00C211B, 32, NDPI_PROTOCOL_TOR }, - { 0xC01E202C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0223B30, 32, NDPI_PROTOCOL_TOR }, - { 0xC0223F89, 32, NDPI_PROTOCOL_TOR }, - { 0xC022E022, 32, NDPI_PROTOCOL_TOR }, - { 0xC0264C03, 32, NDPI_PROTOCOL_TOR }, - { 0xC0266D90, 32, NDPI_PROTOCOL_TOR }, - { 0xC02A7410, 32, NDPI_PROTOCOL_TOR }, - { 0xC02A74A1, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF408, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF408, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF42A, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF42A, 32, NDPI_PROTOCOL_TOR }, - { 0xC02C1E28, 32, NDPI_PROTOCOL_TOR }, - { 0xC0405266, 32, NDPI_PROTOCOL_TOR }, - { 0xC043DE05, 32, NDPI_PROTOCOL_TOR }, - { 0xC045177C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0455E39, 32, NDPI_PROTOCOL_TOR }, - { 0xC0479724, 32, NDPI_PROTOCOL_TOR }, - { 0xC047DAA0, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F524, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F589, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F589, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F5D7, 32, NDPI_PROTOCOL_TOR }, - { 0xC049EC12, 32, NDPI_PROTOCOL_TOR }, - { 0xC049EF53, 32, NDPI_PROTOCOL_TOR }, - { 0xC051842E, 32, NDPI_PROTOCOL_TOR }, - { 0xC051DC5B, 32, NDPI_PROTOCOL_TOR }, - { 0xC051DDA2, 32, NDPI_PROTOCOL_TOR }, - { 0xC051F91F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0571C1C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0571C52, 32, NDPI_PROTOCOL_TOR }, - { 0xC057E0BD, 32, NDPI_PROTOCOL_TOR }, - { 0xC05BEBE6, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F1A3A, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F1B8F, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F2889, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F2CA9, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630289, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630289, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630620, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630852, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630B30, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630F7A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630FDC, 32, NDPI_PROTOCOL_TOR }, - { 0xC063259C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0632B71, 32, NDPI_PROTOCOL_TOR }, - { 0xC0632B9C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0632BCE, 32, NDPI_PROTOCOL_TOR }, - { 0xC063681B, 32, NDPI_PROTOCOL_TOR }, - { 0xC063914E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639A18, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639A4B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639A50, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639AEA, 32, NDPI_PROTOCOL_TOR }, - { 0xC063A866, 32, NDPI_PROTOCOL_TOR }, - { 0xC063A93D, 32, NDPI_PROTOCOL_TOR }, - { 0xC063BA5E, 32, NDPI_PROTOCOL_TOR }, - { 0xC063C1C1, 32, NDPI_PROTOCOL_TOR }, - { 0xC063D48B, 32, NDPI_PROTOCOL_TOR }, - { 0xC063D497, 32, NDPI_PROTOCOL_TOR }, - { 0xC063F665, 32, NDPI_PROTOCOL_TOR }, - { 0xC063F7EA, 32, NDPI_PROTOCOL_TOR }, - { 0xC063FA8F, 32, NDPI_PROTOCOL_TOR }, - { 0xC07247DE, 32, NDPI_PROTOCOL_TOR }, - { 0xC0794208, 32, NDPI_PROTOCOL_TOR }, - { 0xC079AA4B, 32, NDPI_PROTOCOL_TOR }, - { 0xC07CFA53, 32, NDPI_PROTOCOL_TOR }, - { 0xC087A8FB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0965E31, 32, NDPI_PROTOCOL_TOR }, - { 0xC0979A8E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0999AF4, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B506F, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5365, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5736, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5874, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5D65, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5F7A, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5F7A, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5FDE, 32, NDPI_PROTOCOL_TOR }, - { 0xC09DC04F, 32, NDPI_PROTOCOL_TOR }, - { 0xC09DEFF3, 32, NDPI_PROTOCOL_TOR }, - { 0xC09DFD7D, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A0C16E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A264D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A2650F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A3E033, 32, NDPI_PROTOCOL_TOR }, - { 0xC0AB3D72, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B82075, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B8502A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B85175, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B851A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B85280, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B8555C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B858CF, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B85E6F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0BB6A92, 32, NDPI_PROTOCOL_TOR }, - { 0xC0C8EC20, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D28AA3, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D28AAB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2C7B1, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2CC27, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2CEBD, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2E780, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2F0D9, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E28C77, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E38B12, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E38F11, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E3E71B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0EB4E13, 32, NDPI_PROTOCOL_TOR }, - { 0xC0EB4EDB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0EDD411, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F158B5, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F183E9, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1863E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F192D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F19438, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B238, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B41B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B4A3, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B57A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1C4B2, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1C66A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1C7D0, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1CAD6, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1CEAB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1D063, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1D265, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1D878, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1E9CB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1E9F2, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1FC3F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F37E51, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F9380B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F93EB7, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F93F97, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F93F9C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0FC828E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0FEA81A, 32, NDPI_PROTOCOL_TOR }, - { 0xC101C19C, 32, NDPI_PROTOCOL_TOR }, - { 0xC106DE6E, 32, NDPI_PROTOCOL_TOR }, - { 0xC107B1DF, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722B, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722D, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722E, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722F, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B8978, 32, NDPI_PROTOCOL_TOR }, - { 0xC10BA4F3, 32, NDPI_PROTOCOL_TOR }, - { 0xC10BA6C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC10BA6C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC10C4907, 32, NDPI_PROTOCOL_TOR }, - { 0xC10D6125, 32, NDPI_PROTOCOL_TOR }, - { 0xC10E9FCC, 32, NDPI_PROTOCOL_TOR }, - { 0xC117F4F4, 32, NDPI_PROTOCOL_TOR }, - { 0xC118D194, 32, NDPI_PROTOCOL_TOR }, - { 0xC118D27E, 32, NDPI_PROTOCOL_TOR }, - { 0xC119019D, 32, NDPI_PROTOCOL_TOR }, - { 0xC11CE446, 32, NDPI_PROTOCOL_TOR }, - { 0xC121D817, 32, NDPI_PROTOCOL_TOR }, - { 0xC1220201, 32, NDPI_PROTOCOL_TOR }, - { 0xC1233435, 32, NDPI_PROTOCOL_TOR }, - { 0xC12598C7, 32, NDPI_PROTOCOL_TOR }, - { 0xC12598F1, 32, NDPI_PROTOCOL_TOR }, - { 0xC1530139, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C56, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C57, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C58, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C59, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C5A, 32, NDPI_PROTOCOL_TOR }, - { 0xC15FE4E8, 32, NDPI_PROTOCOL_TOR }, - { 0xC15FF2D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC168DC23, 32, NDPI_PROTOCOL_TOR }, - { 0xC168DC36, 32, NDPI_PROTOCOL_TOR }, - { 0xC1698632, 32, NDPI_PROTOCOL_TOR }, - { 0xC169869C, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B131E, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B5538, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B5539, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B553D, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B553E, 32, NDPI_PROTOCOL_TOR }, - { 0xC16E9D97, 32, NDPI_PROTOCOL_TOR }, - { 0xC16F1A16, 32, NDPI_PROTOCOL_TOR }, - { 0xC16F8D6E, 32, NDPI_PROTOCOL_TOR }, - { 0xC188CC75, 32, NDPI_PROTOCOL_TOR }, - { 0xC189ADD9, 32, NDPI_PROTOCOL_TOR }, - { 0xC18A7603, 32, NDPI_PROTOCOL_TOR }, - { 0xC18A7608, 32, NDPI_PROTOCOL_TOR }, - { 0xC18AD865, 32, NDPI_PROTOCOL_TOR }, - { 0xC1960E3E, 32, NDPI_PROTOCOL_TOR }, - { 0xC196791A, 32, NDPI_PROTOCOL_TOR }, - { 0xC1967942, 32, NDPI_PROTOCOL_TOR }, - { 0xC19A0D98, 32, NDPI_PROTOCOL_TOR }, - { 0xC19D73FA, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A3DC8F, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A48535, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A4D955, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A744, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A745, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A746, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A747, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A748, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A749, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74A, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74B, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74C, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74D, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74E, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74F, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A750, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A751, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A752, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A753, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A754, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A755, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A756, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A757, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A758, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A759, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75A, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75B, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75C, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75D, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75E, 32, NDPI_PROTOCOL_TOR }, - { 0xC1AE0614, 32, NDPI_PROTOCOL_TOR }, - { 0xC1B69035, 32, NDPI_PROTOCOL_TOR }, - { 0xC1B763D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC1BEA835, 32, NDPI_PROTOCOL_TOR }, - { 0xC1CB312E, 32, NDPI_PROTOCOL_TOR }, - { 0xC1DB24CF, 32, NDPI_PROTOCOL_TOR }, - { 0xC1E0A32B, 32, NDPI_PROTOCOL_TOR }, - { 0xC1F66F3E, 32, NDPI_PROTOCOL_TOR }, - { 0xC20EB3B8, 32, NDPI_PROTOCOL_TOR }, - { 0xC2173CFA, 32, NDPI_PROTOCOL_TOR }, - { 0xC230DA31, 32, NDPI_PROTOCOL_TOR }, - { 0xC2601297, 32, NDPI_PROTOCOL_TOR }, - { 0xC2680064, 32, NDPI_PROTOCOL_TOR }, - { 0xC26DCED4, 32, NDPI_PROTOCOL_TOR }, - { 0xC276346F, 32, NDPI_PROTOCOL_TOR }, - { 0xC276D253, 32, NDPI_PROTOCOL_TOR }, - { 0xC27EC6E4, 32, NDPI_PROTOCOL_TOR }, - { 0xC296A84F, 32, NDPI_PROTOCOL_TOR }, - { 0xC296A85F, 32, NDPI_PROTOCOL_TOR }, - { 0xC296A86C, 32, NDPI_PROTOCOL_TOR }, - { 0xC2A6A031, 32, NDPI_PROTOCOL_TOR }, - { 0xC313AE72, 32, NDPI_PROTOCOL_TOR }, - { 0xC313AE73, 32, NDPI_PROTOCOL_TOR }, - { 0xC31DA8CE, 32, NDPI_PROTOCOL_TOR }, - { 0xC3236D3D, 32, NDPI_PROTOCOL_TOR }, - { 0xC325BE55, 32, NDPI_PROTOCOL_TOR }, - { 0xC328B523, 32, NDPI_PROTOCOL_TOR }, - { 0xC32EB925, 32, NDPI_PROTOCOL_TOR }, - { 0xC3409582, 32, NDPI_PROTOCOL_TOR }, - { 0xC3474454, 32, NDPI_PROTOCOL_TOR }, - { 0xC3527C6F, 32, NDPI_PROTOCOL_TOR }, - { 0xC358543B, 32, NDPI_PROTOCOL_TOR }, - { 0xC35BED96, 32, NDPI_PROTOCOL_TOR }, - { 0xC36E061F, 32, NDPI_PROTOCOL_TOR }, - { 0xC36E09E8, 32, NDPI_PROTOCOL_TOR }, - { 0xC38AF902, 32, NDPI_PROTOCOL_TOR }, - { 0xC38CFE59, 32, NDPI_PROTOCOL_TOR }, - { 0xC3947CC7, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A057B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A05CD, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0937, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0A9B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0C42, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0D0A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0D60, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0E28, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0F75, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A2A65, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A40D6, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A411D, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A43E5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4682, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4B54, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4BA5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4DC8, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4E71, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4E73, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A516C, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A516E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A51E3, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A51F5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A5258, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A533C, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A57E7, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A5B8B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A610A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6111, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A611B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A61A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6775, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6886, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6935, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6939, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6B56, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6B97, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6C4E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6D1E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6D34, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6D9D, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6DCB, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6DDD, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6E4C, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7095, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A72B9, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A742B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A74E8, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A75A3, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A76AC, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7763, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A79C6, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A79EA, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7BDE, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7E2B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7EA5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7FF6, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A803A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A8097, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A8879, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AA671, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AA671, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AAF14, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AB416, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AD7F0, 32, NDPI_PROTOCOL_TOR }, - { 0xC39ADDED, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AE205, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AE93A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AF076, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AFB5E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39FA2C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A6C926, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A97DE2, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A9C4BC, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A9CF36, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A9D8BF, 32, NDPI_PROTOCOL_TOR }, - { 0xC3B2B57B, 32, NDPI_PROTOCOL_TOR }, - { 0xC3B40BC4, 32, NDPI_PROTOCOL_TOR }, - { 0xC3BFE9DD, 32, NDPI_PROTOCOL_TOR }, - { 0xC3C6F2C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC3CAD33B, 32, NDPI_PROTOCOL_TOR }, - { 0xC3D21DED, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E1D31A, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E42DB0, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E44B83, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E6A853, 32, NDPI_PROTOCOL_TOR }, - { 0xC3EA9856, 32, NDPI_PROTOCOL_TOR }, - { 0xC3F25002, 32, NDPI_PROTOCOL_TOR }, - { 0xC3FAA3B1, 32, NDPI_PROTOCOL_TOR }, - { 0xC3FBFCE2, 32, NDPI_PROTOCOL_TOR }, - { 0xC4252C59, 32, NDPI_PROTOCOL_TOR }, - { 0xC55752E7, 32, NDPI_PROTOCOL_TOR }, - { 0xC5E7DDD3, 32, NDPI_PROTOCOL_TOR }, - { 0xC60C50BB, 32, NDPI_PROTOCOL_TOR }, - { 0xC60C5B69, 32, NDPI_PROTOCOL_TOR }, - { 0xC60C68D0, 32, NDPI_PROTOCOL_TOR }, - { 0xC60F4FC5, 32, NDPI_PROTOCOL_TOR }, - { 0xC61799A1, 32, NDPI_PROTOCOL_TOR }, - { 0xC617B141, 32, NDPI_PROTOCOL_TOR }, - { 0xC617BB9E, 32, NDPI_PROTOCOL_TOR }, - { 0xC617F7CC, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B447E, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B562B, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B562D, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B6D24, 32, NDPI_PROTOCOL_TOR }, - { 0xC6257224, 32, NDPI_PROTOCOL_TOR }, - { 0xC62E8E4A, 32, NDPI_PROTOCOL_TOR }, - { 0xC62E9933, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329148, 32, NDPI_PROTOCOL_TOR }, - { 0xC63291CF, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329228, 32, NDPI_PROTOCOL_TOR }, - { 0xC63292FC, 32, NDPI_PROTOCOL_TOR }, - { 0xC63293EF, 32, NDPI_PROTOCOL_TOR }, - { 0xC632957F, 32, NDPI_PROTOCOL_TOR }, - { 0xC63295A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC632970A, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329766, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329811, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329C4E, 32, NDPI_PROTOCOL_TOR }, - { 0xC632B758, 32, NDPI_PROTOCOL_TOR }, - { 0xC632BF5F, 32, NDPI_PROTOCOL_TOR }, - { 0xC632E716, 32, NDPI_PROTOCOL_TOR }, - { 0xC63482DA, 32, NDPI_PROTOCOL_TOR }, - { 0xC634A041, 32, NDPI_PROTOCOL_TOR }, - { 0xC634A090, 32, NDPI_PROTOCOL_TOR }, - { 0xC634C827, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F4ED, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7A2, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7F7, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7FA, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A601C, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6079, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A66EA, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6793, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6793, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6AF5, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6AF5, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6B34, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6B34, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6B35, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6D52, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A73D2, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A7FC9, 32, NDPI_PROTOCOL_TOR }, - { 0xC6475142, 32, NDPI_PROTOCOL_TOR }, - { 0xC648E7E9, 32, NDPI_PROTOCOL_TOR }, - { 0xC6493247, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A38BF, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3A10, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3ACE, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3C1A, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3E6B, 32, NDPI_PROTOCOL_TOR }, - { 0xC654A10C, 32, NDPI_PROTOCOL_TOR }, - { 0xC654F0E5, 32, NDPI_PROTOCOL_TOR }, - { 0xC654F96A, 32, NDPI_PROTOCOL_TOR }, - { 0xC6609B03, 32, NDPI_PROTOCOL_TOR }, - { 0xC6623103, 32, NDPI_PROTOCOL_TOR }, - { 0xC6623495, 32, NDPI_PROTOCOL_TOR }, - { 0xC662358D, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649014, 32, NDPI_PROTOCOL_TOR }, - { 0xC664904B, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649470, 32, NDPI_PROTOCOL_TOR }, - { 0xC664947B, 32, NDPI_PROTOCOL_TOR }, - { 0xC664959F, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649B36, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649BC2, 32, NDPI_PROTOCOL_TOR }, - { 0xC6697D25, 32, NDPI_PROTOCOL_TOR }, - { 0xC6697DB2, 32, NDPI_PROTOCOL_TOR }, - { 0xC669D0A4, 32, NDPI_PROTOCOL_TOR }, - { 0xC669DF92, 32, NDPI_PROTOCOL_TOR }, - { 0xC68F88ED, 32, NDPI_PROTOCOL_TOR }, - { 0xC693141D, 32, NDPI_PROTOCOL_TOR }, - { 0xC693174D, 32, NDPI_PROTOCOL_TOR }, - { 0xC69451A7, 32, NDPI_PROTOCOL_TOR }, - { 0xC6A7895C, 32, NDPI_PROTOCOL_TOR }, - { 0xC6A78F95, 32, NDPI_PROTOCOL_TOR }, - { 0xC6B49609, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C74845, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C76BDC, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C77079, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C77231, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C775A4, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C77A11, 32, NDPI_PROTOCOL_TOR }, - { 0xC6CD713B, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D36392, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37ABF, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37B5C, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37CD6, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37DF2, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37E53, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F464C8, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F46963, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53294, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53C28, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53C93, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53CC2, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53E68, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53FE4, 32, NDPI_PROTOCOL_TOR }, - { 0xC6FC9957, 32, NDPI_PROTOCOL_TOR }, - { 0xC6FC996B, 32, NDPI_PROTOCOL_TOR }, - { 0xC710BF3A, 32, NDPI_PROTOCOL_TOR }, - { 0xC71355FC, 32, NDPI_PROTOCOL_TOR }, - { 0xC713D5B0, 32, NDPI_PROTOCOL_TOR }, - { 0xC726567A, 32, NDPI_PROTOCOL_TOR }, - { 0xC73A530A, 32, NDPI_PROTOCOL_TOR }, - { 0xC7579AFF, 32, NDPI_PROTOCOL_TOR }, - { 0xC7737387, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF1, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF2, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF3, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF5, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF8, 32, NDPI_PROTOCOL_TOR }, - { 0xC77FE240, 32, NDPI_PROTOCOL_TOR }, - { 0xC7A78088, 32, NDPI_PROTOCOL_TOR }, - { 0xC7A7A1C3, 32, NDPI_PROTOCOL_TOR }, - { 0xC7A7C679, 32, NDPI_PROTOCOL_TOR }, - { 0xC7BC649A, 32, NDPI_PROTOCOL_TOR }, - { 0xC7BCC235, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C173D1, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C1FD31, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3C116, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3F83C, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3F890, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3F9D4, 32, NDPI_PROTOCOL_TOR }, - { 0xC7CA151D, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FEEE2C, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FFDF58, 32, NDPI_PROTOCOL_TOR }, - { 0xC811D20C, 32, NDPI_PROTOCOL_TOR }, - { 0xC8628B17, 32, NDPI_PROTOCOL_TOR }, - { 0xC86CEC4B, 32, NDPI_PROTOCOL_TOR }, - { 0xC8B55A41, 32, NDPI_PROTOCOL_TOR }, - { 0xC8DFD4D2, 32, NDPI_PROTOCOL_TOR }, - { 0xC906897F, 32, NDPI_PROTOCOL_TOR }, - { 0xC91BEB7F, 32, NDPI_PROTOCOL_TOR }, - { 0xC9AA12B7, 32, NDPI_PROTOCOL_TOR }, - { 0xC9D46CB8, 32, NDPI_PROTOCOL_TOR }, - { 0xC9DA72A2, 32, NDPI_PROTOCOL_TOR }, - { 0xCA07F408, 32, NDPI_PROTOCOL_TOR }, - { 0xCA3C4220, 32, NDPI_PROTOCOL_TOR }, - { 0xCA4A2C0F, 32, NDPI_PROTOCOL_TOR }, - { 0xCA536AB3, 32, NDPI_PROTOCOL_TOR }, - { 0xCA55E922, 32, NDPI_PROTOCOL_TOR }, - { 0xCAAB9C54, 32, NDPI_PROTOCOL_TOR }, - { 0xCAAC1039, 32, NDPI_PROTOCOL_TOR }, - { 0xCB56CAA7, 32, NDPI_PROTOCOL_TOR }, - { 0xCB56CD2E, 32, NDPI_PROTOCOL_TOR }, - { 0xCB6DE90F, 32, NDPI_PROTOCOL_TOR }, - { 0xCB71AC95, 32, NDPI_PROTOCOL_TOR }, - { 0xCB71AC98, 32, NDPI_PROTOCOL_TOR }, - { 0xCB71AC9A, 32, NDPI_PROTOCOL_TOR }, - { 0xCB7B3001, 32, NDPI_PROTOCOL_TOR }, - { 0xCB7E7B52, 32, NDPI_PROTOCOL_TOR }, - { 0xCB8A63DA, 32, NDPI_PROTOCOL_TOR }, - { 0xCB98C302, 32, NDPI_PROTOCOL_TOR }, - { 0xCB99CEA6, 32, NDPI_PROTOCOL_TOR }, - { 0xCBA16711, 32, NDPI_PROTOCOL_TOR }, - { 0xCBB2850B, 32, NDPI_PROTOCOL_TOR }, - { 0xCBCEEDC5, 32, NDPI_PROTOCOL_TOR }, - { 0xCBD9AD92, 32, NDPI_PROTOCOL_TOR }, - { 0xCC089C8E, 32, NDPI_PROTOCOL_TOR }, - { 0xCC093747, 32, NDPI_PROTOCOL_TOR }, - { 0xCC0B3283, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1025F4, 32, NDPI_PROTOCOL_TOR }, - { 0xCC11382A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC11382A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1B382D, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1B382D, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1B3ACA, 32, NDPI_PROTOCOL_TOR }, - { 0xCC2D1E7A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC2D1E7D, 32, NDPI_PROTOCOL_TOR }, - { 0xCC2DB6E2, 32, NDPI_PROTOCOL_TOR }, - { 0xCC534638, 32, NDPI_PROTOCOL_TOR }, - { 0xCC55BF1E, 32, NDPI_PROTOCOL_TOR }, - { 0xCC59C10A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5382, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5382, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5386, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5386, 32, NDPI_PROTOCOL_TOR }, - { 0xCC91512D, 32, NDPI_PROTOCOL_TOR }, - { 0xCCC21D04, 32, NDPI_PROTOCOL_TOR }, - { 0xCCF67A48, 32, NDPI_PROTOCOL_TOR }, - { 0xCDA85485, 32, NDPI_PROTOCOL_TOR }, - { 0xCDB973EA, 32, NDPI_PROTOCOL_TOR }, - { 0xCDB97A98, 32, NDPI_PROTOCOL_TOR }, - { 0xCE2876E5, 32, NDPI_PROTOCOL_TOR }, - { 0xCE374A00, 32, NDPI_PROTOCOL_TOR }, - { 0xCE374A01, 32, NDPI_PROTOCOL_TOR }, - { 0xCE48C698, 32, NDPI_PROTOCOL_TOR }, - { 0xCEAE7054, 32, NDPI_PROTOCOL_TOR }, - { 0xCEBE9906, 32, NDPI_PROTOCOL_TOR }, - { 0xCF268613, 32, NDPI_PROTOCOL_TOR }, - { 0xCF6CDABA, 32, NDPI_PROTOCOL_TOR }, - { 0xCF9E0F72, 32, NDPI_PROTOCOL_TOR }, - { 0xCFACD159, 32, NDPI_PROTOCOL_TOR }, - { 0xCFBD72D7, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC046FA, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC9DFC3, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC9DFC4, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC9DFC5, 32, NDPI_PROTOCOL_TOR }, - { 0xCFE54199, 32, NDPI_PROTOCOL_TOR }, - { 0xCFF44B8E, 32, NDPI_PROTOCOL_TOR }, - { 0xCFF4526D, 32, NDPI_PROTOCOL_TOR }, - { 0xCFF4526D, 32, NDPI_PROTOCOL_TOR }, - { 0xD041B5BD, 32, NDPI_PROTOCOL_TOR }, - { 0xD0421E1B, 32, NDPI_PROTOCOL_TOR }, - { 0xD049CCE4, 32, NDPI_PROTOCOL_TOR }, - { 0xD04FD17C, 32, NDPI_PROTOCOL_TOR }, - { 0xD04FD34D, 32, NDPI_PROTOCOL_TOR }, - { 0xD0509A27, 32, NDPI_PROTOCOL_TOR }, - { 0xD0526625, 32, NDPI_PROTOCOL_TOR }, - { 0xD053DF22, 32, NDPI_PROTOCOL_TOR }, - { 0xD053DFE5, 32, NDPI_PROTOCOL_TOR }, - { 0xD0549BCD, 32, NDPI_PROTOCOL_TOR }, - { 0xD0549BF3, 32, NDPI_PROTOCOL_TOR }, - { 0xD0549BF7, 32, NDPI_PROTOCOL_TOR }, - { 0xD056FB58, 32, NDPI_PROTOCOL_TOR }, - { 0xD05B798E, 32, NDPI_PROTOCOL_TOR }, - { 0xD065161A, 32, NDPI_PROTOCOL_TOR }, - { 0xD06F2350, 32, NDPI_PROTOCOL_TOR }, - { 0xD1063507, 32, NDPI_PROTOCOL_TOR }, - { 0xD106441D, 32, NDPI_PROTOCOL_TOR }, - { 0xD10685EE, 32, NDPI_PROTOCOL_TOR }, - { 0xD111BF75, 32, NDPI_PROTOCOL_TOR }, - { 0xD12C72B2, 32, NDPI_PROTOCOL_TOR }, - { 0xD133A319, 32, NDPI_PROTOCOL_TOR }, - { 0xD133BFBE, 32, NDPI_PROTOCOL_TOR }, - { 0xD1709F3C, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC25, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC25, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC26, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC26, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC27, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC27, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC28, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC28, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC29, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC29, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC2A, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC2A, 32, NDPI_PROTOCOL_TOR }, - { 0xD17BA242, 32, NDPI_PROTOCOL_TOR }, - { 0xD17E47E9, 32, NDPI_PROTOCOL_TOR }, - { 0xD17E4854, 32, NDPI_PROTOCOL_TOR }, - { 0xD17E6907, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D23E8, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D242A, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D2ECC, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D328A, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D34EF, 32, NDPI_PROTOCOL_TOR }, - { 0xD1942E81, 32, NDPI_PROTOCOL_TOR }, - { 0xD1942E82, 32, NDPI_PROTOCOL_TOR }, - { 0xD1942E82, 32, NDPI_PROTOCOL_TOR }, - { 0xD1945576, 32, NDPI_PROTOCOL_TOR }, - { 0xD19F8A13, 32, NDPI_PROTOCOL_TOR }, - { 0xD1A221CF, 32, NDPI_PROTOCOL_TOR }, - { 0xD1B5E383, 32, NDPI_PROTOCOL_TOR }, - { 0xD1D01A29, 32, NDPI_PROTOCOL_TOR }, - { 0xD1D04F05, 32, NDPI_PROTOCOL_TOR }, - { 0xD1D2D215, 32, NDPI_PROTOCOL_TOR }, - { 0xD1DE08C4, 32, NDPI_PROTOCOL_TOR }, - { 0xD1DE1EF1, 32, NDPI_PROTOCOL_TOR }, - { 0xD1FA02FE, 32, NDPI_PROTOCOL_TOR }, - { 0xD217021E, 32, NDPI_PROTOCOL_TOR }, - { 0xD23625E2, 32, NDPI_PROTOCOL_TOR }, - { 0xD2A6194E, 32, NDPI_PROTOCOL_TOR }, - { 0xD2C33DFC, 32, NDPI_PROTOCOL_TOR }, - { 0xD2D37ACC, 32, NDPI_PROTOCOL_TOR }, - { 0xD2FBD989, 32, NDPI_PROTOCOL_TOR }, - { 0xD31AF36D, 32, NDPI_PROTOCOL_TOR }, - { 0xD31C8EEF, 32, NDPI_PROTOCOL_TOR }, - { 0xD31FC4F8, 32, NDPI_PROTOCOL_TOR }, - { 0xD3CA291F, 32, NDPI_PROTOCOL_TOR }, - { 0xD407C247, 32, NDPI_PROTOCOL_TOR }, - { 0xD407DC06, 32, NDPI_PROTOCOL_TOR }, - { 0xD40A5604, 32, NDPI_PROTOCOL_TOR }, - { 0xD40CCB27, 32, NDPI_PROTOCOL_TOR }, - { 0xD41010B8, 32, NDPI_PROTOCOL_TOR }, - { 0xD4106821, 32, NDPI_PROTOCOL_TOR }, - { 0xD411664D, 32, NDPI_PROTOCOL_TOR }, - { 0xD41824CD, 32, NDPI_PROTOCOL_TOR }, - { 0xD41890BC, 32, NDPI_PROTOCOL_TOR }, - { 0xD421F581, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE209, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE445, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE459, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE745, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE784, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE80D, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE8F6, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE97E, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FEA54, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FEB57, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FECDB, 32, NDPI_PROTOCOL_TOR }, - { 0xD4305435, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C5A, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C8F, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C9E, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C9E, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339F4E, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339F72, 32, NDPI_PROTOCOL_TOR }, - { 0xD438D698, 32, NDPI_PROTOCOL_TOR }, - { 0xD4402044, 32, NDPI_PROTOCOL_TOR }, - { 0xD447EECB, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F805, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F945, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F945, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F981, 32, NDPI_PROTOCOL_TOR }, - { 0xD447FC6D, 32, NDPI_PROTOCOL_TOR }, - { 0xD447FC74, 32, NDPI_PROTOCOL_TOR }, - { 0xD447FDE2, 32, NDPI_PROTOCOL_TOR }, - { 0xD44AFEF3, 32, NDPI_PROTOCOL_TOR }, - { 0xD44DE210, 32, NDPI_PROTOCOL_TOR }, - { 0xD44DE2F5, 32, NDPI_PROTOCOL_TOR }, - { 0xD4532F5B, 32, NDPI_PROTOCOL_TOR }, - { 0xD45394CD, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539A21, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539A21, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539E05, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539E14, 32, NDPI_PROTOCOL_TOR }, - { 0xD453A298, 32, NDPI_PROTOCOL_TOR }, - { 0xD453A7AF, 32, NDPI_PROTOCOL_TOR }, - { 0xD453AAFC, 32, NDPI_PROTOCOL_TOR }, - { 0xD453B07A, 32, NDPI_PROTOCOL_TOR }, - { 0xD453B07D, 32, NDPI_PROTOCOL_TOR }, - { 0xD453BECB, 32, NDPI_PROTOCOL_TOR }, - { 0xD4554F44, 32, NDPI_PROTOCOL_TOR }, - { 0xD4554F47, 32, NDPI_PROTOCOL_TOR }, - { 0xD45CDB0F, 32, NDPI_PROTOCOL_TOR }, - { 0xD467903A, 32, NDPI_PROTOCOL_TOR }, - { 0xD46A09CE, 32, NDPI_PROTOCOL_TOR }, - { 0xD46B9591, 32, NDPI_PROTOCOL_TOR }, - { 0xD4722F34, 32, NDPI_PROTOCOL_TOR }, - { 0xD472303A, 32, NDPI_PROTOCOL_TOR }, - { 0xD4726D21, 32, NDPI_PROTOCOL_TOR }, - { 0xD472FA12, 32, NDPI_PROTOCOL_TOR }, - { 0xD472FE5B, 32, NDPI_PROTOCOL_TOR }, - { 0xD4758F4A, 32, NDPI_PROTOCOL_TOR }, - { 0xD475B46B, 32, NDPI_PROTOCOL_TOR }, - { 0xD4763E03, 32, NDPI_PROTOCOL_TOR }, - { 0xD47CB453, 32, NDPI_PROTOCOL_TOR }, - { 0xD4810454, 32, NDPI_PROTOCOL_TOR }, - { 0xD48110B6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4811AF6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4812A09, 32, NDPI_PROTOCOL_TOR }, - { 0xD48132F6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4813431, 32, NDPI_PROTOCOL_TOR }, - { 0xD495D15B, 32, NDPI_PROTOCOL_TOR }, - { 0xD49F5B16, 32, NDPI_PROTOCOL_TOR }, - { 0xD49F70C4, 32, NDPI_PROTOCOL_TOR }, - { 0xD49F8F53, 32, NDPI_PROTOCOL_TOR }, - { 0xD49FB1C6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4A4EF79, 32, NDPI_PROTOCOL_TOR }, - { 0xD4B733DE, 32, NDPI_PROTOCOL_TOR }, - { 0xD4BA59A2, 32, NDPI_PROTOCOL_TOR }, - { 0xD4BBC8AA, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C04A64, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C04A65, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C63318, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C6C924, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C6E391, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E054E3, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E059FD, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E326F7, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E38BC3, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E3F876, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E81D65, 32, NDPI_PROTOCOL_TOR }, - { 0xD4FAA0B2, 32, NDPI_PROTOCOL_TOR }, - { 0xD4FAA0BB, 32, NDPI_PROTOCOL_TOR }, - { 0xD5095DAE, 32, NDPI_PROTOCOL_TOR }, - { 0xD52C58EA, 32, NDPI_PROTOCOL_TOR }, - { 0xD52F2397, 32, NDPI_PROTOCOL_TOR }, - { 0xD52F4B43, 32, NDPI_PROTOCOL_TOR }, - { 0xD5317328, 32, NDPI_PROTOCOL_TOR }, - { 0xD53D957D, 32, NDPI_PROTOCOL_TOR }, - { 0xD53D957E, 32, NDPI_PROTOCOL_TOR }, - { 0xD540E2E6, 32, NDPI_PROTOCOL_TOR }, - { 0xD5430E91, 32, NDPI_PROTOCOL_TOR }, - { 0xD54951D2, 32, NDPI_PROTOCOL_TOR }, - { 0xD5497087, 32, NDPI_PROTOCOL_TOR }, - { 0xD5582A31, 32, NDPI_PROTOCOL_TOR }, - { 0xD55F1536, 32, NDPI_PROTOCOL_TOR }, - { 0xD55F153B, 32, NDPI_PROTOCOL_TOR }, - { 0xD56B4D04, 32, NDPI_PROTOCOL_TOR }, - { 0xD56C6947, 32, NDPI_PROTOCOL_TOR }, - { 0xD56C69FD, 32, NDPI_PROTOCOL_TOR }, - { 0xD56CD7EE, 32, NDPI_PROTOCOL_TOR }, - { 0xD56FF097, 32, NDPI_PROTOCOL_TOR }, - { 0xD57086D3, 32, NDPI_PROTOCOL_TOR }, - { 0xD570C73F, 32, NDPI_PROTOCOL_TOR }, - { 0xD5713D6A, 32, NDPI_PROTOCOL_TOR }, - { 0xD5717790, 32, NDPI_PROTOCOL_TOR }, - { 0xD571D5BE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5724869, 32, NDPI_PROTOCOL_TOR }, - { 0xD57293E0, 32, NDPI_PROTOCOL_TOR }, - { 0xD572966F, 32, NDPI_PROTOCOL_TOR }, - { 0xD572E864, 32, NDPI_PROTOCOL_TOR }, - { 0xD57F85A7, 32, NDPI_PROTOCOL_TOR }, - { 0xD57F921B, 32, NDPI_PROTOCOL_TOR }, - { 0xD585639C, 32, NDPI_PROTOCOL_TOR }, - { 0xD5856D29, 32, NDPI_PROTOCOL_TOR }, - { 0xD5856DA5, 32, NDPI_PROTOCOL_TOR }, - { 0xD5857B97, 32, NDPI_PROTOCOL_TOR }, - { 0xD58845ED, 32, NDPI_PROTOCOL_TOR }, - { 0xD5884715, 32, NDPI_PROTOCOL_TOR }, - { 0xD5884B2A, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885261, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885674, 32, NDPI_PROTOCOL_TOR }, - { 0xD58857F5, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885A9B, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885CA9, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A653C, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A66D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A6E58, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A71E8, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D8818, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D8D93, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D95E3, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D9EED, 32, NDPI_PROTOCOL_TOR }, - { 0xD58E2E79, 32, NDPI_PROTOCOL_TOR }, - { 0xD58F7A02, 32, NDPI_PROTOCOL_TOR }, - { 0xD59B0490, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A3482F, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A348A2, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A54610, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A54F22, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A54FF3, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A55106, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A5551E, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A55546, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A555F9, 32, NDPI_PROTOCOL_TOR }, - { 0xD5AFD83B, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B39EF1, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B73821, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B7388C, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B9E355, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BA07E8, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BB54BE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BB6FFE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BC77C9, 32, NDPI_PROTOCOL_TOR }, - { 0xD5C489E3, 32, NDPI_PROTOCOL_TOR }, - { 0xD5C5167C, 32, NDPI_PROTOCOL_TOR }, - { 0xD5C52469, 32, NDPI_PROTOCOL_TOR }, - { 0xD5D0BCCB, 32, NDPI_PROTOCOL_TOR }, - { 0xD5D3FC58, 32, NDPI_PROTOCOL_TOR }, - { 0xD5DE7461, 32, NDPI_PROTOCOL_TOR }, - { 0xD5E3FAF5, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFC519, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD329, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD414, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD6AF, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD8DE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD912, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFDA14, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFDA93, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFF9DB, 32, NDPI_PROTOCOL_TOR }, - { 0xD5F05E3A, 32, NDPI_PROTOCOL_TOR }, - { 0xD5F06C19, 32, NDPI_PROTOCOL_TOR }, - { 0xD5F53D3D, 32, NDPI_PROTOCOL_TOR }, - { 0xD5FBBB37, 32, NDPI_PROTOCOL_TOR }, - { 0xD5FBC7AE, 32, NDPI_PROTOCOL_TOR }, - { 0xD80CC652, 32, NDPI_PROTOCOL_TOR }, - { 0xD80CC653, 32, NDPI_PROTOCOL_TOR }, - { 0xD80F0122, 32, NDPI_PROTOCOL_TOR }, - { 0xD8116382, 32, NDPI_PROTOCOL_TOR }, - { 0xD8116390, 32, NDPI_PROTOCOL_TOR }, - { 0xD811654F, 32, NDPI_PROTOCOL_TOR }, - { 0xD81169CB, 32, NDPI_PROTOCOL_TOR }, - { 0xD8116EE7, 32, NDPI_PROTOCOL_TOR }, - { 0xD818AEF5, 32, NDPI_PROTOCOL_TOR }, - { 0xD8425592, 32, NDPI_PROTOCOL_TOR }, - { 0xD873031A, 32, NDPI_PROTOCOL_TOR }, - { 0xD873063A, 32, NDPI_PROTOCOL_TOR }, - { 0xD892E107, 32, NDPI_PROTOCOL_TOR }, - { 0xD89A71F4, 32, NDPI_PROTOCOL_TOR }, - { 0xD8A13759, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BAC1C9, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9264, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9575, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9666, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9718, 32, NDPI_PROTOCOL_TOR }, - { 0xD8C3851B, 32, NDPI_PROTOCOL_TOR }, - { 0xD8DA860C, 32, NDPI_PROTOCOL_TOR }, - { 0xD8DAD8C2, 32, NDPI_PROTOCOL_TOR }, - { 0xD8DD24F4, 32, NDPI_PROTOCOL_TOR }, - { 0xD8E6E69C, 32, NDPI_PROTOCOL_TOR }, - { 0xD8E6E6F7, 32, NDPI_PROTOCOL_TOR }, - { 0xD8F455D3, 32, NDPI_PROTOCOL_TOR }, - { 0xD90833AD, 32, NDPI_PROTOCOL_TOR }, - { 0xD90B39E2, 32, NDPI_PROTOCOL_TOR }, - { 0xD90B7727, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CC7BE, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CC7D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCB2E, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCC59, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCC68, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCC93, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CD075, 32, NDPI_PROTOCOL_TOR }, - { 0xD90D4A29, 32, NDPI_PROTOCOL_TOR }, - { 0xD90DC505, 32, NDPI_PROTOCOL_TOR }, - { 0xD910B514, 32, NDPI_PROTOCOL_TOR }, - { 0xD910B614, 32, NDPI_PROTOCOL_TOR }, - { 0xD91318D8, 32, NDPI_PROTOCOL_TOR }, - { 0xD91318E9, 32, NDPI_PROTOCOL_TOR }, - { 0xD917011B, 32, NDPI_PROTOCOL_TOR }, - { 0xD91A1259, 32, NDPI_PROTOCOL_TOR }, - { 0xD91BB67D, 32, NDPI_PROTOCOL_TOR }, - { 0xD92287E1, 32, NDPI_PROTOCOL_TOR }, - { 0xD92287E7, 32, NDPI_PROTOCOL_TOR }, - { 0xD9251373, 32, NDPI_PROTOCOL_TOR }, - { 0xD92855C2, 32, NDPI_PROTOCOL_TOR }, - { 0xD928FEB1, 32, NDPI_PROTOCOL_TOR }, - { 0xD943154D, 32, NDPI_PROTOCOL_TOR }, - { 0xD945FE58, 32, NDPI_PROTOCOL_TOR }, - { 0xD946BD91, 32, NDPI_PROTOCOL_TOR }, - { 0xD946BF0D, 32, NDPI_PROTOCOL_TOR }, - { 0xD948141E, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB23C, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB532, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB538, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB65F, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FBE19, 32, NDPI_PROTOCOL_TOR }, - { 0xD954FBD5, 32, NDPI_PROTOCOL_TOR }, - { 0xD95597B5, 32, NDPI_PROTOCOL_TOR }, - { 0xD95EEEF5, 32, NDPI_PROTOCOL_TOR }, - { 0xD970833A, 32, NDPI_PROTOCOL_TOR }, - { 0xD97293F5, 32, NDPI_PROTOCOL_TOR }, - { 0xD972DA12, 32, NDPI_PROTOCOL_TOR }, - { 0xD9730A85, 32, NDPI_PROTOCOL_TOR }, - { 0xD9730A86, 32, NDPI_PROTOCOL_TOR }, - { 0xD97729D5, 32, NDPI_PROTOCOL_TOR }, - { 0xD97BFEEE, 32, NDPI_PROTOCOL_TOR }, - { 0xD98090A0, 32, NDPI_PROTOCOL_TOR }, - { 0xD991C735, 32, NDPI_PROTOCOL_TOR }, - { 0xD9924B24, 32, NDPI_PROTOCOL_TOR }, - { 0xD99454B4, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A0122D, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A013EC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A05C43, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A07E32, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A083B0, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A276FE, 32, NDPI_PROTOCOL_TOR }, - { 0xD9AACD71, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACB392, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACFFE5, 32, NDPI_PROTOCOL_TOR }, - { 0xD9AD4A5B, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BCEA09, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BDC5F4, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BF49C3, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BF6813, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BFF274, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C3AA91, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C504DC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C553A2, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C556AD, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C55B91, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C55B91, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C55BA4, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C5B52D, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D075D3, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D11257, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D27158, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D28C5F, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D2A52B, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D39FA1, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E40B41, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E46874, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E76B72, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR }, - { 0xD9EA6B0B, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F595B7, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F63320, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F76904, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F7DE9C, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F7E61F, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F9203E, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FBD765, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FD96F6, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FD9F48, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FE3DAC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FE47CC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FEB60F, 32, NDPI_PROTOCOL_TOR }, - { 0xDAA1200E, 32, NDPI_PROTOCOL_TOR }, - { 0xDAE7EBDB, 32, NDPI_PROTOCOL_TOR }, - { 0xDAE868DC, 32, NDPI_PROTOCOL_TOR }, - { 0xDAE868DD, 32, NDPI_PROTOCOL_TOR }, - { 0xDAFAF536, 32, NDPI_PROTOCOL_TOR }, - { 0xDB4F067A, 32, NDPI_PROTOCOL_TOR }, - { 0xDB59C4CA, 32, NDPI_PROTOCOL_TOR }, - { 0xDB6DCB40, 32, NDPI_PROTOCOL_TOR }, - { 0xDB75CE2E, 32, NDPI_PROTOCOL_TOR }, - { 0xDB791014, 32, NDPI_PROTOCOL_TOR }, - { 0xDBA189F3, 32, NDPI_PROTOCOL_TOR }, - { 0xDBA4C22E, 32, NDPI_PROTOCOL_TOR }, - { 0xDBAD0E54, 32, NDPI_PROTOCOL_TOR }, - { 0xDC39428E, 32, NDPI_PROTOCOL_TOR }, - { 0xDC87FE3F, 32, NDPI_PROTOCOL_TOR }, - { 0xDC898752, 32, NDPI_PROTOCOL_TOR }, - { 0xDC9387F3, 32, NDPI_PROTOCOL_TOR }, - { 0xDC9DC3F3, 32, NDPI_PROTOCOL_TOR }, - { 0xDCE97BAC, 32, NDPI_PROTOCOL_TOR }, - { 0xDCE9AF0E, 32, NDPI_PROTOCOL_TOR }, - { 0xDCFD1CE1, 32, NDPI_PROTOCOL_TOR }, - { 0xDCFF85C3, 32, NDPI_PROTOCOL_TOR }, - { 0xDD7132CB, 32, NDPI_PROTOCOL_TOR }, - { 0xDD9E95C5, 32, NDPI_PROTOCOL_TOR }, - { 0xDE047C92, 32, NDPI_PROTOCOL_TOR }, - { 0xDE0C7C9A, 32, NDPI_PROTOCOL_TOR }, - { 0xDE7294F8, 32, NDPI_PROTOCOL_TOR }, - { 0xDEEB761A, 32, NDPI_PROTOCOL_TOR }, - { 0xDF1273E5, 32, NDPI_PROTOCOL_TOR }, - { 0xDF85F4CA, 32, NDPI_PROTOCOL_TOR }, - { 0xDFE57B41, 32, NDPI_PROTOCOL_TOR }, + + { 0x0122A339 /* 1.34.163.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x01EA0B8E /* 1.234.11.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x01F4E33D /* 1.244.227.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02054D8A /* 2.5.77.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x020A43F9 /* 2.10.67.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0246CA2B /* 2.70.202.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02565C41 /* 2.86.92.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025C99E8 /* 2.92.153.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025D0968 /* 2.93.9.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025D1792 /* 2.93.23.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025DCAEB /* 2.93.202.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026C835B /* 2.108.131.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026E3C44 /* 2.110.60.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026EDB2F /* 2.110.219.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026F5E2C /* 2.111.94.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x029B4710 /* 2.155.71.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E18D86 /* 2.225.141.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E1E75C /* 2.225.231.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E58252 /* 2.229.130.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E6A4FE /* 2.230.164.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02EC0943 /* 2.236.9.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02EC351D /* 2.236.53.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02EE4464 /* 2.238.68.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F0439C /* 2.240.67.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F0561B /* 2.240.86.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F22990 /* 2.242.41.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F2529C /* 2.242.82.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F2AE32 /* 2.242.174.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F593C1 /* 2.245.147.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x041F4046 /* 4.31.64.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05015D72 /* 5.1.93.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05023698 /* 5.2.54.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050240D1 /* 5.2.64.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0502481A /* 5.2.72.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050249D9 /* 5.2.73.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05024A53 /* 5.2.74.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05080802 /* 5.8.8.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05090782 /* 5.9.7.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050907FC /* 5.9.7.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05090C1D /* 5.9.12.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509208F /* 5.9.32.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05092771 /* 5.9.39.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05092B03 /* 5.9.43.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093254 /* 5.9.50.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093A89 /* 5.9.58.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093DCF /* 5.9.61.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093E11 /* 5.9.62.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093E49 /* 5.9.62.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050948E9 /* 5.9.72.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094906 /* 5.9.73.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094A3B /* 5.9.74.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094F06 /* 5.9.79.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094F9A /* 5.9.79.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05095129 /* 5.9.81.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050953CC /* 5.9.83.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509584A /* 5.9.88.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509622B /* 5.9.98.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050966C6 /* 5.9.102.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05096C58 /* 5.9.108.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05096EEC /* 5.9.110.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509794F /* 5.9.121.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050979CF /* 5.9.121.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050981DA /* 5.9.129.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05098C02 /* 5.9.140.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050992CB /* 5.9.146.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050993E2 /* 5.9.147.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099564 /* 5.9.149.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099628 /* 5.9.150.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050997F1 /* 5.9.151.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099972 /* 5.9.153.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099C11 /* 5.9.156.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099E4B /* 5.9.158.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099F0E /* 5.9.159.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509AB26 /* 5.9.171.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509BCBA /* 5.9.188.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509BF34 /* 5.9.191.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509C56A /* 5.9.197.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509D4CC /* 5.9.212.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509FDEA /* 5.9.253.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050C14C2 /* 5.12.20.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050F53EA /* 5.15.83.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0513A267 /* 5.19.162.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0513B3FD /* 5.19.179.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0513B825 /* 5.19.184.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x051C3E55 /* 5.28.62.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B45E /* 5.34.180.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B71A /* 5.34.183.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B781 /* 5.34.183.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B7CD /* 5.34.183.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B7D2 /* 5.34.183.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0523FBF7 /* 5.35.251.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052721B0 /* 5.39.33.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052721B2 /* 5.39.33.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05274007 /* 5.39.64.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05274DD0 /* 5.39.77.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05274E65 /* 5.39.78.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527501C /* 5.39.80.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275087 /* 5.39.80.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275166 /* 5.39.81.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275199 /* 5.39.81.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052752C0 /* 5.39.82.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527531B /* 5.39.83.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052753D9 /* 5.39.83.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052754D9 /* 5.39.84.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052756CE /* 5.39.86.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275835 /* 5.39.88.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275836 /* 5.39.88.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527597C /* 5.39.89.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275CC7 /* 5.39.92.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275E3C /* 5.39.94.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275EA9 /* 5.39.94.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275F8E /* 5.39.95.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05277C60 /* 5.39.124.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527D90E /* 5.39.217.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052C65BE /* 5.44.101.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D617F /* 5.45.97.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D626F /* 5.45.98.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6416 /* 5.45.100.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6B38 /* 5.45.107.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6C30 /* 5.45.108.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6D3E /* 5.45.109.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05313BF0 /* 5.49.59.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0531DE9D /* 5.49.222.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05336A6C /* 5.51.106.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0533CCF1 /* 5.51.204.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0533DC1E /* 5.51.220.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0533E534 /* 5.51.229.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0538203C /* 5.56.32.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05388513 /* 5.56.133.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x053D223F /* 5.61.34.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x053DEF22 /* 5.61.239.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054D2F8E /* 5.77.47.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054F44A1 /* 5.79.68.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054F5482 /* 5.79.84.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054F560F /* 5.79.86.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0550EAA9 /* 5.80.234.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0564FD98 /* 5.100.253.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0564FD99 /* 5.100.253.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05656652 /* 5.101.102.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05656746 /* 5.101.103.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05673A1E /* 5.103.58.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05685A1D /* 5.104.90.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05686A26 /* 5.104.106.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0581FAAD /* 5.129.250.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05871525 /* 5.135.21.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05874191 /* 5.135.65.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05877322 /* 5.135.115.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879842 /* 5.135.152.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587988F /* 5.135.152.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879B79 /* 5.135.155.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879E65 /* 5.135.158.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879F6E /* 5.135.159.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879F80 /* 5.135.159.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587A231 /* 5.135.162.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587A2D9 /* 5.135.162.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587A34E /* 5.135.163.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B2B8 /* 5.135.178.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B5D0 /* 5.135.181.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B5D5 /* 5.135.181.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B682 /* 5.135.182.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B818 /* 5.135.184.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B991 /* 5.135.185.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BA49 /* 5.135.186.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BACD /* 5.135.186.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BBC0 /* 5.135.187.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BF33 /* 5.135.191.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587C70D /* 5.135.199.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x058D09A4 /* 5.141.9.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05912EA6 /* 5.145.46.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05926255 /* 5.146.98.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05928E81 /* 5.146.142.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x059290E8 /* 5.146.144.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05930775 /* 5.147.7.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0593C4FC /* 5.147.196.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0593F89E /* 5.147.248.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0594A50D /* 5.148.165.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0594AF23 /* 5.148.175.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0594B430 /* 5.148.180.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0595FA33 /* 5.149.250.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0596CCB0 /* 5.150.204.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0596CCEF /* 5.150.204.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0596DD89 /* 5.150.221.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x059ABFAD /* 5.154.191.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05A4CC92 /* 5.164.204.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05A79A71 /* 5.167.154.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD357B /* 5.189.53.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD59E9 /* 5.189.89.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD844F /* 5.189.132.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD85F5 /* 5.189.133.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8A09 /* 5.189.138.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8C15 /* 5.189.140.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8E76 /* 5.189.142.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8F1C /* 5.189.143.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8FA9 /* 5.189.143.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD9285 /* 5.189.146.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD995B /* 5.189.153.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD99B9 /* 5.189.153.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD9DE6 /* 5.189.157.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD9F15 /* 5.189.159.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDA4E6 /* 5.189.164.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDAF34 /* 5.189.175.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB3A4 /* 5.189.179.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB53D /* 5.189.181.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB62D /* 5.189.182.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB83D /* 5.189.184.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDBC6F /* 5.189.188.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C40181 /* 5.196.1.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C40C4F /* 5.196.12.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C40E33 /* 5.196.14.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C41740 /* 5.196.23.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C42416 /* 5.196.36.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C43A60 /* 5.196.58.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C441AD /* 5.196.65.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C442A2 /* 5.196.66.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C442F1 /* 5.196.66.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C44562 /* 5.196.69.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C44718 /* 5.196.71.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C448E9 /* 5.196.72.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C45862 /* 5.196.88.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C45874 /* 5.196.88.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C45FEC /* 5.196.95.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C479A1 /* 5.196.121.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C4DE38 /* 5.196.222.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C4E3A1 /* 5.196.227.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C4EF72 /* 5.196.239.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C782BC /* 5.199.130.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C785C1 /* 5.199.133.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78E70 /* 5.199.142.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78E7C /* 5.199.142.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78EC3 /* 5.199.142.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78EEC /* 5.199.142.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C7957D /* 5.199.149.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C7A7CF /* 5.199.167.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C81590 /* 5.200.21.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E40CDD /* 5.228.12.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E68950 /* 5.230.137.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E69141 /* 5.230.145.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E693CA /* 5.230.147.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F991A4 /* 5.249.145.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99599 /* 5.249.149.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F995CC /* 5.249.149.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99F6C /* 5.249.159.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99FC6 /* 5.249.159.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99FD1 /* 5.249.159.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05FF3D82 /* 5.255.61.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05FF524B /* 5.255.82.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0818462C /* 8.24.70.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x081A5E12 /* 8.26.94.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x08250EDC /* 8.37.14.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D447048 /* 13.68.112.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D49A282 /* 13.73.162.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D49A30F /* 13.73.163.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D5076D2 /* 13.80.118.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D5D7299 /* 13.93.114.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0E035769 /* 14.3.87.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0E035B2C /* 14.3.91.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0EC771B3 /* 14.199.113.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0ECA9DD9 /* 14.202.157.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0ECAE631 /* 14.202.230.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12520056 /* 18.82.0.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1252005E /* 18.82.0.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1252011D /* 18.82.1.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12520388 /* 18.82.3.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x125203C4 /* 18.82.3.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x125203CD /* 18.82.3.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12B50525 /* 18.181.5.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12F80098 /* 18.248.0.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12F80155 /* 18.248.1.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1751425A /* 23.81.66.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175B420B /* 23.91.66.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175B7C7C /* 23.91.124.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175BFEC8 /* 23.91.254.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C1371 /* 23.92.19.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C154A /* 23.92.21.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C161D /* 23.92.22.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C1B17 /* 23.92.27.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C1C17 /* 23.92.28.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175E6595 /* 23.94.101.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175EEA32 /* 23.94.234.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175F092F /* 23.95.9.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175F7105 /* 23.95.113.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1761ACE5 /* 23.97.172.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x176946AE /* 23.105.70.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17A30099 /* 23.163.0.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EE11E5 /* 23.238.17.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF077E /* 23.239.7.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF0A90 /* 23.239.10.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF1613 /* 23.239.22.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF1B1C /* 23.239.27.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF1DE2 /* 23.239.29.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF7165 /* 23.239.113.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF917D /* 23.239.145.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17F24468 /* 23.242.68.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FE8026 /* 23.254.128.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA584 /* 23.254.165.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA5FA /* 23.254.165.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA6DE /* 23.254.166.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA7B4 /* 23.254.167.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA7B9 /* 23.254.167.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA7E7 /* 23.254.167.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FFD782 /* 23.255.215.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18002A8B /* 24.0.42.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1803886A /* 24.3.136.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18066A49 /* 24.6.106.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1806AE5E /* 24.6.174.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1807B899 /* 24.7.184.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18084CAE /* 24.8.76.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1809B22E /* 24.9.178.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18129BCE /* 24.18.155.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x181430FC /* 24.20.48.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1815D5B4 /* 24.21.213.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1816F50B /* 24.22.245.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18228E69 /* 24.34.142.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18288F0E /* 24.40.143.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1835303E /* 24.53.48.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1838F948 /* 24.56.249.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x183FD72F /* 24.63.215.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x184D7389 /* 24.77.115.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18560435 /* 24.86.4.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x185D6D85 /* 24.93.109.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x185EB54F /* 24.94.181.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1860AD68 /* 24.96.173.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1860CED0 /* 24.96.206.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18631C64 /* 24.99.28.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18769E26 /* 24.118.158.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18794054 /* 24.121.64.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18821B00 /* 24.130.27.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1882DD76 /* 24.130.221.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18943BB9 /* 24.148.59.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18AB5048 /* 24.171.80.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18B2F2B4 /* 24.178.242.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18B7217A /* 24.183.33.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18BA6CF9 /* 24.186.108.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18BA6D04 /* 24.186.109.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18C1EF3E /* 24.193.239.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18CFD49A /* 24.207.212.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18D97413 /* 24.217.116.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18F635EB /* 24.246.53.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18F8CB31 /* 24.248.203.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18FF2173 /* 24.255.33.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1B00EB39 /* 27.0.235.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1B04D4C5 /* 27.4.212.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F039A0D /* 31.3.154.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F0646E1 /* 31.6.70.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F068F3E /* 31.6.143.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F07B826 /* 31.7.184.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F0E8788 /* 31.14.135.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F0F42DA /* 31.15.66.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F103016 /* 31.16.48.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1059AA /* 31.16.89.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F105C19 /* 31.16.92.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F107B66 /* 31.16.123.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F10F410 /* 31.16.244.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F11002D /* 31.17.0.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F112C2D /* 31.17.44.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F113723 /* 31.17.55.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1139ED /* 31.17.57.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F11E73D /* 31.17.231.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F124F4B /* 31.18.79.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F132A0B /* 31.19.42.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F137AC6 /* 31.19.122.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F17C113 /* 31.23.193.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F189425 /* 31.24.148.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F18E3F0 /* 31.24.227.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F192C37 /* 31.25.44.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1CA8AE /* 31.28.168.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F49DE /* 31.31.73.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4A2F /* 31.31.74.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4A45 /* 31.31.74.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4BB5 /* 31.31.75.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4CA9 /* 31.31.76.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4DB0 /* 31.31.77.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4E31 /* 31.31.78.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F21B915 /* 31.33.185.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F22F15A /* 31.34.241.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F29DBE4 /* 31.41.219.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2CE0ED /* 31.44.224.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2CE638 /* 31.44.230.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2D1035 /* 31.45.16.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2FEE98 /* 31.47.238.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F360D08 /* 31.54.13.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F81A64E /* 31.129.166.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F82306D /* 31.130.48.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F8304A7 /* 31.131.4.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F83FB24 /* 31.131.251.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F849C88 /* 31.132.156.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F87F316 /* 31.135.243.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F87F38A /* 31.135.243.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F978323 /* 31.151.131.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FA3F17E /* 31.163.241.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FA81163 /* 31.168.17.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAA5229 /* 31.170.82.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAA694D /* 31.170.105.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAB9B1D /* 31.171.155.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAB9B66 /* 31.171.155.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAB9B6C /* 31.171.155.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FABF433 /* 31.171.244.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAC56AD /* 31.172.86.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB28B8A /* 31.178.139.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB3842A /* 31.179.132.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB91BCB /* 31.185.27.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB96813 /* 31.185.104.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB96814 /* 31.185.104.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB96815 /* 31.185.104.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FC06297 /* 31.192.98.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD008CB /* 31.208.8.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD02929 /* 31.208.41.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD047AD /* 31.208.71.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD0687E /* 31.208.104.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD0C9EC /* 31.208.201.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD22183 /* 31.210.33.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD69D53 /* 31.214.157.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC0599 /* 31.220.5.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC05C8 /* 31.220.5.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC07CD /* 31.220.7.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC1D7A /* 31.220.29.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22C020B1 /* 34.192.32.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22C16471 /* 34.193.100.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22C55882 /* 34.197.88.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22FA5400 /* 34.250.84.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x239C225F /* 35.156.34.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x239CF80C /* 35.156.248.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A1467D /* 35.161.70.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A32FF3 /* 35.163.47.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A436C1 /* 35.164.54.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A5B2E7 /* 35.165.178.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A75E0C /* 35.167.94.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23B90E13 /* 35.185.14.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2437F33C /* 36.55.243.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x24E0398E /* 36.224.57.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2504ECD4 /* 37.4.236.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x250EC588 /* 37.14.197.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x250F704B /* 37.15.112.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x250F7AD8 /* 37.15.122.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2518C2C9 /* 37.24.194.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25223476 /* 37.34.52.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25236BEE /* 37.35.107.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25304971 /* 37.48.73.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253050B4 /* 37.48.80.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25307809 /* 37.48.120.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253078C4 /* 37.48.120.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25307A3C /* 37.48.122.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253A39E7 /* 37.58.57.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B0227 /* 37.59.2.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B0A65 /* 37.59.10.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B0E5E /* 37.59.14.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B253B /* 37.59.37.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B28C1 /* 37.59.40.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B2E9F /* 37.59.46.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B32DA /* 37.59.50.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B4884 /* 37.59.72.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B59D6 /* 37.59.89.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B6BB9 /* 37.59.107.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B7007 /* 37.59.112.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B76F6 /* 37.59.118.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B7776 /* 37.59.119.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253BFE09 /* 37.59.254.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x254E119E /* 37.78.17.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2561B974 /* 37.97.185.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x256E943B /* 37.110.148.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25719B64 /* 37.113.155.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25719FD5 /* 37.113.159.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25785989 /* 37.120.89.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578A527 /* 37.120.165.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578A9F3 /* 37.120.169.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578ACF2 /* 37.120.172.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578AD92 /* 37.120.173.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578AEF9 /* 37.120.174.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578B962 /* 37.120.185.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x257AD0DC /* 37.122.208.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x257B711D /* 37.123.113.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x257B8594 /* 37.123.133.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2582E385 /* 37.130.227.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2585166B /* 37.133.22.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x258B01D4 /* 37.139.1.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x258B0868 /* 37.139.8.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2599010A /* 37.153.1.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2599022C /* 37.153.2.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25992933 /* 37.153.41.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25993585 /* 37.153.53.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC1A1 /* 37.157.193.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC357 /* 37.157.195.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC461 /* 37.157.196.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC48E /* 37.157.196.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB0053 /* 37.187.0.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB011D /* 37.187.1.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB02AD /* 37.187.2.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB02E6 /* 37.187.2.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB036A /* 37.187.3.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB0408 /* 37.187.4.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB074A /* 37.187.7.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1143 /* 37.187.17.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB115F /* 37.187.17.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB122B /* 37.187.18.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB126D /* 37.187.18.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB143B /* 37.187.20.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB144F /* 37.187.20.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB151C /* 37.187.21.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB159D /* 37.187.21.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1657 /* 37.187.22.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1683 /* 37.187.22.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB17A9 /* 37.187.23.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB17E8 /* 37.187.23.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1E4E /* 37.187.30.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1F27 /* 37.187.31.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB3F11 /* 37.187.63.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB4D34 /* 37.187.77.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB4ED2 /* 37.187.78.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB5A7A /* 37.187.90.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB5A95 /* 37.187.90.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB604E /* 37.187.96.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6054 /* 37.187.96.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6152 /* 37.187.97.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB615F /* 37.187.97.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB62B9 /* 37.187.98.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB658F /* 37.187.101.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB666C /* 37.187.102.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB66BA /* 37.187.102.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB66CA /* 37.187.102.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB679C /* 37.187.103.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB686F /* 37.187.104.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB68B2 /* 37.187.104.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB692B /* 37.187.105.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6941 /* 37.187.105.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6944 /* 37.187.105.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6968 /* 37.187.105.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6B5B /* 37.187.107.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6C50 /* 37.187.108.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6CD9 /* 37.187.108.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6E81 /* 37.187.110.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6ED8 /* 37.187.110.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6FCD /* 37.187.111.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB732F /* 37.187.115.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB739D /* 37.187.115.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB7825 /* 37.187.120.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB7B79 /* 37.187.123.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB82E2 /* 37.187.130.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB040 /* 37.187.176.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB102 /* 37.187.177.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB404 /* 37.187.180.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB412 /* 37.187.180.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB470 /* 37.187.180.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBEF08 /* 37.187.239.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BC5335 /* 37.188.83.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFC7AD /* 37.191.199.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFE748 /* 37.191.231.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFE8E4 /* 37.191.232.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFEC54 /* 37.191.236.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C07417 /* 37.192.116.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C86205 /* 37.200.98.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C86275 /* 37.200.98.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C863FB /* 37.200.99.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CC3375 /* 37.204.51.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CC834F /* 37.204.131.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CD0983 /* 37.205.9.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CD0A8C /* 37.205.10.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CD0B95 /* 37.205.11.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25D11308 /* 37.209.19.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25D1771F /* 37.209.119.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF015 /* 37.218.240.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF032 /* 37.218.240.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF044 /* 37.218.240.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF050 /* 37.218.240.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF065 /* 37.218.240.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF7D9 /* 37.218.247.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DC1229 /* 37.220.18.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DC23CA /* 37.220.35.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DC24F0 /* 37.220.36.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDA2E2 /* 37.221.162.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDABEA /* 37.221.171.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDABEC /* 37.221.171.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC108 /* 37.221.193.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC1C3 /* 37.221.193.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC41F /* 37.221.196.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC489 /* 37.221.196.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDD301 /* 37.221.211.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E48667 /* 37.228.134.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E5D380 /* 37.229.211.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E67725 /* 37.230.119.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E9639D /* 37.233.99.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB30F7 /* 37.235.48.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3122 /* 37.235.49.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB317C /* 37.235.49.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB318A /* 37.235.49.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3443 /* 37.235.52.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3753 /* 37.235.55.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB38B4 /* 37.235.56.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3C4D /* 37.235.60.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25F72A79 /* 37.247.42.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25F733C5 /* 37.247.51.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25FCBEB0 /* 37.252.190.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5001C /* 38.229.0.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5001D /* 38.229.0.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54622 /* 38.229.70.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5462B /* 38.229.70.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54633 /* 38.229.70.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54634 /* 38.229.70.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54635 /* 38.229.70.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54636 /* 38.229.70.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5463D /* 38.229.70.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54F02 /* 38.229.79.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x276E67D5 /* 39.110.103.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x294D88B2 /* 41.77.136.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29B61914 /* 41.182.25.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29B91CD6 /* 41.185.28.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29CEBCCE /* 41.206.188.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29D0D52E /* 41.208.213.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29D7F232 /* 41.215.242.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29DF358D /* 41.223.53.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29E73565 /* 41.231.53.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A024E0B /* 42.2.78.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A70102A /* 42.112.16.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7010C2 /* 42.112.16.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7010C6 /* 42.112.16.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7010C8 /* 42.112.16.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7C24FC /* 42.124.36.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2BF00C3A /* 43.240.12.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2BF0633E /* 43.240.99.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2BFC250E /* 43.252.37.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D144301 /* 45.20.67.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D200159 /* 45.32.1.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D200322 /* 45.32.3.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D200C25 /* 45.32.12.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D201918 /* 45.32.25.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D201EB2 /* 45.32.30.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D203F93 /* 45.32.63.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D207501 /* 45.32.117.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209255 /* 45.32.146.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209749 /* 45.32.151.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209CB3 /* 45.32.156.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209FFD /* 45.32.159.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20B16B /* 45.32.177.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20BDB1 /* 45.32.189.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20D9B8 /* 45.32.217.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20E314 /* 45.32.227.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20E9BF /* 45.32.233.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EDDB /* 45.32.237.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EE3D /* 45.32.238.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EE65 /* 45.32.238.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EFA6 /* 45.32.239.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F549 /* 45.32.245.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F620 /* 45.32.246.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F720 /* 45.32.247.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F7E6 /* 45.32.247.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20FA2E /* 45.32.250.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D211717 /* 45.33.23.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D212752 /* 45.33.39.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D2130CC /* 45.33.48.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D21395B /* 45.33.57.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D213D28 /* 45.33.61.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D21402D /* 45.33.64.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D214144 /* 45.33.65.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D214B1C /* 45.33.75.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D214D34 /* 45.33.77.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D2178C9 /* 45.33.120.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D228F04 /* 45.34.143.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D234855 /* 45.35.72.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D245B78 /* 45.36.91.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D25AAF2 /* 45.37.170.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D324D34 /* 45.50.77.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D370C17 /* 45.55.12.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D371384 /* 45.55.19.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D371B46 /* 45.55.27.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D373297 /* 45.55.50.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37374C /* 45.55.55.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D373EA1 /* 45.55.62.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D376C6E /* 45.55.108.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D378127 /* 45.55.129.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3785F9 /* 45.55.133.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37A05E /* 45.55.160.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37A721 /* 45.55.167.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37C2AF /* 45.55.194.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37D4D9 /* 45.55.212.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37EC13 /* 45.55.236.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37F8E4 /* 45.55.248.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A263B /* 45.58.38.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A31FB /* 45.58.49.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A34DD /* 45.58.52.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A3C7F /* 45.58.60.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3E7420 /* 45.62.116.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ECC76 /* 45.62.204.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ED297 /* 45.62.210.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ED2B0 /* 45.62.210.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ED5FA /* 45.62.213.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE196 /* 45.62.225.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE1B7 /* 45.62.225.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE23B /* 45.62.226.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE30A /* 45.62.227.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE459 /* 45.62.228.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE814 /* 45.62.232.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE8D4 /* 45.62.232.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EEBCA /* 45.62.235.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EEDEA /* 45.62.237.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF2C2 /* 45.62.242.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF3CC /* 45.62.243.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF4F0 /* 45.62.244.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF65B /* 45.62.246.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF684 /* 45.62.246.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF712 /* 45.62.247.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF71B /* 45.62.247.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF912 /* 45.62.249.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF9C3 /* 45.62.249.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFA42 /* 45.62.250.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFC42 /* 45.62.252.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFC48 /* 45.62.252.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFC4C /* 45.62.252.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFD71 /* 45.62.253.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F0EE1 /* 45.63.14.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F185E /* 45.63.24.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F18E3 /* 45.63.24.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F19B3 /* 45.63.25.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F19EB /* 45.63.25.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F1A30 /* 45.63.26.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F1BC3 /* 45.63.27.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F1EA7 /* 45.63.30.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F2A5B /* 45.63.42.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F368F /* 45.63.54.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F4371 /* 45.63.67.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F4EB1 /* 45.63.78.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F54D9 /* 45.63.84.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F57EE /* 45.63.87.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F5935 /* 45.63.89.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F7760 /* 45.63.119.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F79B0 /* 45.63.121.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F7ED2 /* 45.63.126.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C154D /* 45.76.21.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C25E7 /* 45.76.37.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C26DB /* 45.76.38.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C5418 /* 45.76.84.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C5C75 /* 45.76.92.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C6B8C /* 45.76.107.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C6E2E /* 45.76.110.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C8322 /* 45.76.131.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C869F /* 45.76.134.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C9570 /* 45.76.149.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C9CA5 /* 45.76.156.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F0AC3 /* 45.79.10.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F43ED /* 45.79.67.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F4CAE /* 45.79.76.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F582B /* 45.79.88.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F5B7E /* 45.79.91.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F5C5E /* 45.79.92.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F5FF4 /* 45.79.95.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6365 /* 45.79.99.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6C60 /* 45.79.108.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6D37 /* 45.79.109.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6F7C /* 45.79.111.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F8A08 /* 45.79.138.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F92E3 /* 45.79.146.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FB872 /* 45.79.184.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FBA2B /* 45.79.186.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FC4D3 /* 45.79.196.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FCFB0 /* 45.79.207.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FD7B0 /* 45.79.215.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D7AFD06 /* 45.122.253.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D7B7665 /* 45.123.118.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D7BBE74 /* 45.123.190.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E040059 /* 46.4.0.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E041343 /* 46.4.19.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0422F2 /* 46.4.34.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04268B /* 46.4.38.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E042843 /* 46.4.40.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E042DBC /* 46.4.45.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0431C9 /* 46.4.49.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0437B1 /* 46.4.55.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E043997 /* 46.4.57.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E043A5A /* 46.4.58.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E044E03 /* 46.4.78.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E045131 /* 46.4.81.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E046723 /* 46.4.103.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E046F7C /* 46.4.111.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E047AAD /* 46.4.122.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E047D02 /* 46.4.125.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04803E /* 46.4.128.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E049051 /* 46.4.144.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04AE34 /* 46.4.174.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04FDC2 /* 46.4.253.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0528D2 /* 46.5.40.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E05DE6A /* 46.5.222.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E05E9A1 /* 46.5.233.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E05EF26 /* 46.5.239.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E075A45 /* 46.7.90.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E07F1E0 /* 46.7.241.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E09C314 /* 46.9.195.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0EF5CE /* 46.14.245.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E10EA83 /* 46.16.234.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E113FD6 /* 46.17.63.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E135DD4 /* 46.19.93.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E135DD6 /* 46.19.93.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E135DD8 /* 46.19.93.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E142372 /* 46.20.35.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E14F677 /* 46.20.246.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E16D163 /* 46.22.209.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E16D4E6 /* 46.22.212.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1746C3 /* 46.23.70.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E174851 /* 46.23.72.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E17551F /* 46.23.85.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C40EA /* 46.28.64.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C449D /* 46.28.68.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C449E /* 46.28.68.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C5621 /* 46.28.86.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6B52 /* 46.28.107.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6DE7 /* 46.28.109.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6E88 /* 46.28.110.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6EF4 /* 46.28.110.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCAFE /* 46.28.202.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCDAA /* 46.28.205.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCDBB /* 46.28.205.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCE7E /* 46.28.206.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF13 /* 46.28.207.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF3A /* 46.28.207.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF6B /* 46.28.207.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF8D /* 46.28.207.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1DF8EE /* 46.29.248.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E242549 /* 46.36.37.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E242786 /* 46.36.39.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E259D1F /* 46.37.157.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26300C /* 46.38.48.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2630E1 /* 46.38.48.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E263312 /* 46.38.51.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2638D5 /* 46.38.56.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26E7D1 /* 46.38.231.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26E9F2 /* 46.38.233.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EA9E /* 46.38.234.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EC11 /* 46.38.236.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EDDD /* 46.38.237.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EE84 /* 46.38.238.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26F110 /* 46.38.241.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26FA27 /* 46.38.250.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E27E388 /* 46.39.227.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E27FB57 /* 46.39.251.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2901A7 /* 46.41.1.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E293BDF /* 46.41.59.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E298244 /* 46.41.130.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E298454 /* 46.41.132.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E29964A /* 46.41.150.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2D0F7B /* 46.45.15.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3B489D /* 46.59.72.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3B6325 /* 46.59.99.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3B8535 /* 46.59.133.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3BB9CE /* 46.59.185.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3BC7B0 /* 46.59.199.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3BD83E /* 46.59.216.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E491002 /* 46.73.16.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E49B49E /* 46.73.180.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E53768C /* 46.83.118.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E541269 /* 46.84.18.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E5443ED /* 46.84.67.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E566304 /* 46.86.99.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E59D7A4 /* 46.89.215.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E59D8D6 /* 46.89.216.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E5B6737 /* 46.91.103.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E650933 /* 46.101.9.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65158F /* 46.101.21.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6515C9 /* 46.101.21.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6547B6 /* 46.101.71.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E655FEF /* 46.101.95.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E656647 /* 46.101.102.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6568F5 /* 46.101.104.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E657F91 /* 46.101.127.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658A2E /* 46.101.138.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658B87 /* 46.101.139.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658BF8 /* 46.101.139.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658D0F /* 46.101.141.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658EAE /* 46.101.142.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E659569 /* 46.101.149.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E659631 /* 46.101.150.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6597DE /* 46.101.151.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E659893 /* 46.101.152.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65A613 /* 46.101.166.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65A997 /* 46.101.169.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65B2BE /* 46.101.178.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65B7A0 /* 46.101.183.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65C0E6 /* 46.101.192.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65CAE7 /* 46.101.202.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65CE81 /* 46.101.206.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65D847 /* 46.101.216.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65DFE7 /* 46.101.223.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65E72C /* 46.101.231.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E691DC8 /* 46.105.29.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E693F2C /* 46.105.63.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6954B2 /* 46.105.84.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E696495 /* 46.105.100.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E69E36D /* 46.105.227.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6C27DB /* 46.108.39.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E77FDF4 /* 46.119.253.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E7E0EBC /* 46.126.14.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E7F0C21 /* 46.127.12.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E7FA71E /* 46.127.167.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E803C3C /* 46.128.60.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E80720C /* 46.128.114.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E80C733 /* 46.128.199.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E8E51C0 /* 46.142.81.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E92F7A7 /* 46.146.247.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E941222 /* 46.148.18.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E941342 /* 46.148.19.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E941A6C /* 46.148.26.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E971AC2 /* 46.151.26.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E971B65 /* 46.151.27.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA102E0 /* 46.161.2.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA1924B /* 46.161.146.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA2C0A6 /* 46.162.192.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA34CAA /* 46.163.76.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA34E0E /* 46.163.78.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA4DA09 /* 46.164.218.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA4F360 /* 46.164.243.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5C560 /* 46.165.197.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5D64D /* 46.165.214.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5DDA6 /* 46.165.221.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5DFD9 /* 46.165.223.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5E605 /* 46.165.230.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5F2A6 /* 46.165.242.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5F9D1 /* 46.165.249.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FAE0 /* 46.165.250.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FDA4 /* 46.165.253.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FDB4 /* 46.165.253.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FE28 /* 46.165.254.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6948E /* 46.166.148.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6948F /* 46.166.148.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69490 /* 46.166.148.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69491 /* 46.166.148.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69492 /* 46.166.148.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69498 /* 46.166.148.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69499 /* 46.166.148.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6949A /* 46.166.148.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6949B /* 46.166.148.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA694B0 /* 46.166.148.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA694B1 /* 46.166.148.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A049 /* 46.166.160.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A222 /* 46.166.162.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A235 /* 46.166.162.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A372 /* 46.166.163.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A378 /* 46.166.163.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A512 /* 46.166.165.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A576 /* 46.166.165.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A581 /* 46.166.165.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A72E /* 46.166.167.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6AD65 /* 46.166.173.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA7F533 /* 46.167.245.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EAD2695 /* 46.173.38.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB6121D /* 46.182.18.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB6126F /* 46.182.18.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB612D6 /* 46.182.18.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB612DF /* 46.182.18.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB612F5 /* 46.182.18.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB61397 /* 46.182.19.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB613DB /* 46.182.19.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB613E7 /* 46.182.19.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB66ABE /* 46.182.106.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB6D01C /* 46.182.208.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7D8CD /* 46.183.216.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7D8E0 /* 46.183.216.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DAC6 /* 46.183.218.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DAC7 /* 46.183.218.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DD89 /* 46.183.221.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DDE7 /* 46.183.221.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBB039C /* 46.187.3.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC02E4 /* 46.188.2.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC0425 /* 46.188.4.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC2C19 /* 46.188.44.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC389E /* 46.188.56.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EC20F5D /* 46.194.15.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2ECE6DDD /* 46.206.109.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EDB020C /* 46.219.2.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EDF5011 /* 46.223.80.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EDF6387 /* 46.223.99.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE343B5 /* 46.227.67.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE360DA /* 46.227.96.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE412ED /* 46.228.18.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE5ADEB /* 46.229.173.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE5EEAC /* 46.229.238.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE90046 /* 46.233.0.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EEBE346 /* 46.235.227.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EEF6CC2 /* 46.239.108.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF48887 /* 46.244.136.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF4E6CC /* 46.244.230.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF62AEC /* 46.246.42.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF62B6B /* 46.246.43.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF631CF /* 46.246.49.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF659A9 /* 46.246.89.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF65D46 /* 46.246.93.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF91507 /* 46.249.21.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF9256D /* 46.249.37.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF9258F /* 46.249.37.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF93147 /* 46.249.49.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF93167 /* 46.249.49.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF931E7 /* 46.249.49.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EFC1838 /* 46.252.24.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EFC19F9 /* 46.252.25.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EFC1A02 /* 46.252.26.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F10B998 /* 47.16.185.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F340306 /* 47.52.3.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F3770E4 /* 47.55.112.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580304 /* 47.88.3.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580560 /* 47.88.5.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580626 /* 47.88.6.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580B9E /* 47.88.11.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580C0E /* 47.88.12.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F5812DA /* 47.88.18.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F581674 /* 47.88.22.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F581BA1 /* 47.88.27.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F581C38 /* 47.88.28.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F58BCD1 /* 47.88.188.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F58C22F /* 47.88.194.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F58F20C /* 47.88.242.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F5921A9 /* 47.89.33.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F93BE47 /* 47.147.190.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F946A1D /* 47.148.106.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F96A641 /* 47.150.166.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F98E3B8 /* 47.152.227.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FB85DF1 /* 47.184.93.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FBE0902 /* 47.190.9.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FC7F0D4 /* 47.199.240.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FCA878C /* 47.202.135.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FDD0406 /* 47.221.4.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x31030B7A /* 49.3.11.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x31D4A626 /* 49.212.166.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32013381 /* 50.1.51.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207730C /* 50.7.115.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32077343 /* 50.7.115.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32079720 /* 50.7.151.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207972F /* 50.7.151.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207977F /* 50.7.151.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207A1DA /* 50.7.161.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B002 /* 50.7.176.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B222 /* 50.7.178.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B262 /* 50.7.178.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B292 /* 50.7.178.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B3CA /* 50.7.179.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B3FB /* 50.7.179.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B83A /* 50.7.184.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207BA26 /* 50.7.186.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321A02E8 /* 50.26.2.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321E240F /* 50.30.36.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321E2412 /* 50.30.36.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321F70E7 /* 50.31.112.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321FFC0B /* 50.31.252.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321FFC2B /* 50.31.252.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32277A27 /* 50.39.122.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3227A54D /* 50.39.165.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x322E6D89 /* 50.46.109.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x322E7DA7 /* 50.46.125.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3235472D /* 50.53.71.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3235B52D /* 50.53.181.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3241A4B3 /* 50.65.164.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3242552D /* 50.66.85.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32428A4C /* 50.66.138.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x324C3161 /* 50.76.49.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x324C9FDA /* 50.76.159.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3258B15A /* 50.88.177.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3265F0E0 /* 50.101.240.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3273A471 /* 50.115.164.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740095 /* 50.116.0.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x327403DF /* 50.116.3.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3274046B /* 50.116.4.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3274048D /* 50.116.4.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740599 /* 50.116.5.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740740 /* 50.116.7.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740F49 /* 50.116.15.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x327415AC /* 50.116.21.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32741DB3 /* 50.116.29.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32742806 /* 50.116.40.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x327428E2 /* 50.116.40.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32742AF5 /* 50.116.42.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32743085 /* 50.116.48.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3274312E /* 50.116.49.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32743830 /* 50.116.56.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32808C86 /* 50.128.140.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3286A971 /* 50.134.169.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3287AAFC /* 50.135.170.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3288C5FD /* 50.136.197.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32894E81 /* 50.137.78.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x328AA937 /* 50.138.169.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32967772 /* 50.150.119.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32972D07 /* 50.151.45.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x329F7E15 /* 50.159.126.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32A11710 /* 50.161.23.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32A2D76C /* 50.162.215.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32A56D5B /* 50.165.109.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32AA0CB8 /* 50.170.12.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32AF9CE1 /* 50.175.156.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32B12972 /* 50.177.41.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32BBD74E /* 50.187.215.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32C113B2 /* 50.193.19.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32C18F2A /* 50.193.143.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32C1CA26 /* 50.193.202.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F38312 /* 50.243.131.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F4C8DD /* 50.244.200.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F7C37C /* 50.247.195.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F7F8AC /* 50.247.248.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32FAC9FE /* 50.250.201.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3306168B /* 51.6.22.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F017D /* 51.15.1.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F040A /* 51.15.4.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F040D /* 51.15.4.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F0437 /* 51.15.4.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2495 /* 51.15.36.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24A4 /* 51.15.36.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24AC /* 51.15.36.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24B7 /* 51.15.36.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24CE /* 51.15.36.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F253B /* 51.15.37.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2561 /* 51.15.37.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F260D /* 51.15.38.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2637 /* 51.15.38.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F263A /* 51.15.38.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2702 /* 51.15.39.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F28E9 /* 51.15.40.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2A13 /* 51.15.42.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2BCA /* 51.15.43.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2BCD /* 51.15.43.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2C36 /* 51.15.44.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2C8E /* 51.15.44.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2CFB /* 51.15.44.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2E0F /* 51.15.46.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2E2D /* 51.15.46.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2E8E /* 51.15.46.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2F3E /* 51.15.47.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3095 /* 51.15.48.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F30FC /* 51.15.48.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F30FE /* 51.15.48.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3108 /* 51.15.49.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3224 /* 51.15.50.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F326D /* 51.15.50.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F32C0 /* 51.15.50.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F339C /* 51.15.51.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F339F /* 51.15.51.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3410 /* 51.15.52.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3478 /* 51.15.52.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F34F4 /* 51.15.52.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F354B /* 51.15.53.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3553 /* 51.15.53.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3576 /* 51.15.53.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F37F5 /* 51.15.55.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3865 /* 51.15.56.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3957 /* 51.15.57.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3A69 /* 51.15.58.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3A98 /* 51.15.58.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3BDF /* 51.15.59.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3C66 /* 51.15.60.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3D03 /* 51.15.61.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3D49 /* 51.15.61.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3E82 /* 51.15.62.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3EFC /* 51.15.62.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8767 /* 51.15.135.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8BC8 /* 51.15.139.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8F11 /* 51.15.143.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8FEF /* 51.15.143.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x338D06FA /* 51.141.6.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33AEC575 /* 51.174.197.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33AF32A2 /* 51.175.50.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33AF77B7 /* 51.175.119.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE17CB /* 51.254.23.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE2397 /* 51.254.35.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE26F9 /* 51.254.38.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE305D /* 51.254.48.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE3D41 /* 51.254.61.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE5640 /* 51.254.86.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE6376 /* 51.254.99.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE65F2 /* 51.254.101.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE6670 /* 51.254.102.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE7034 /* 51.254.112.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE73E1 /* 51.254.115.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE7404 /* 51.254.116.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE7852 /* 51.254.120.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE793F /* 51.254.121.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE80C9 /* 51.254.128.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE83E2 /* 51.254.131.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE87D5 /* 51.254.135.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE88C3 /* 51.254.136.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEA432 /* 51.254.164.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEAF54 /* 51.254.175.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FED1C5 /* 51.254.209.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FED906 /* 51.254.217.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEDAF7 /* 51.254.218.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEDD90 /* 51.254.221.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEE104 /* 51.254.225.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEF6CB /* 51.254.246.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF28E3 /* 51.255.40.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF2941 /* 51.255.41.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF295B /* 51.255.41.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF2CB7 /* 51.255.44.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF304E /* 51.255.48.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF4B03 /* 51.255.75.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF63C7 /* 51.255.99.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFA888 /* 51.255.168.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFA90A /* 51.255.169.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFC64D /* 51.255.198.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFCA42 /* 51.255.202.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFCE4A /* 51.255.206.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFD302 /* 51.255.211.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFD3EB /* 51.255.211.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34060992 /* 52.6.9.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x340A7D8C /* 52.10.125.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34108E2D /* 52.16.142.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3412C7EF /* 52.18.199.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x341363E8 /* 52.19.99.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34230B02 /* 52.35.11.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3424553A /* 52.36.85.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3427F366 /* 52.39.243.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x342A5EC8 /* 52.42.94.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x343229E9 /* 52.50.41.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34382A18 /* 52.56.42.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34387CCC /* 52.56.124.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x343B3716 /* 52.59.55.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x343F8694 /* 52.63.134.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3441CBF7 /* 52.65.203.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34424F66 /* 52.66.79.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3442757E /* 52.66.117.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3442987F /* 52.66.152.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3443BC29 /* 52.67.188.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x345A5415 /* 52.90.84.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x345ACE83 /* 52.90.206.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x345BE3FB /* 52.91.227.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34A6C0B4 /* 52.166.192.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34A90A5A /* 52.169.10.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34B72F9B /* 52.183.47.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34B89DEA /* 52.184.157.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D1200B /* 52.209.32.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D18505 /* 52.209.133.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D2A92C /* 52.210.169.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D355CD /* 52.211.85.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D38C46 /* 52.211.140.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D5740C /* 52.213.116.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D62D93 /* 52.214.45.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D67041 /* 52.214.112.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36546A29 /* 54.84.106.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36559EBB /* 54.85.158.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3656E88C /* 54.86.232.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x365DB1D9 /* 54.93.177.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x365E55C9 /* 54.94.85.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x365E660F /* 54.94.102.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x369F547E /* 54.159.84.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36A148CC /* 54.161.72.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36A6BADA /* 54.166.186.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36B362CC /* 54.179.98.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BA1A45 /* 54.186.26.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BA3003 /* 54.186.48.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BA6869 /* 54.186.104.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BBEF10 /* 54.187.239.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36C422BD /* 54.196.34.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36C51CD3 /* 54.197.28.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36C9C95D /* 54.201.201.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36D3D06C /* 54.211.208.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36D95C38 /* 54.217.92.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36DAAC00 /* 54.218.172.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36E44160 /* 54.228.65.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36F10991 /* 54.241.9.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36F23700 /* 54.242.55.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3A0650FA /* 58.6.80.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3A59560E /* 58.89.86.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3A99DD0A /* 58.153.221.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3AB7AE38 /* 58.183.174.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3B6629E1 /* 59.102.41.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3B73764C /* 59.115.118.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3B7FA39B /* 59.127.163.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3BB14343 /* 59.177.67.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3BB146D2 /* 59.177.70.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3BB311C3 /* 59.179.17.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3C362616 /* 60.54.38.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3CEA6524 /* 60.234.101.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3CF8A2B3 /* 60.248.162.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3D44D8AB /* 61.68.216.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3DE67487 /* 61.230.116.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3DE70128 /* 61.231.1.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E040F54 /* 62.4.15.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E0C736B /* 62.12.115.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E259614 /* 62.37.150.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E2D9C59 /* 62.45.156.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E2DB2A9 /* 62.45.178.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E3061B1 /* 62.48.97.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E3D8F8D /* 62.61.143.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E4852DE /* 62.72.82.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E4BFF25 /* 62.75.255.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E4C1146 /* 62.76.17.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E50C8BE /* 62.80.200.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E5ABCBC /* 62.90.188.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E669443 /* 62.102.148.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6694A9 /* 62.102.148.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6694AB /* 62.102.148.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6694AC /* 62.102.148.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6BB9CB /* 62.107.185.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6D0473 /* 62.109.4.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6D16C5 /* 62.109.22.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71D3A3 /* 62.113.211.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71D8AD /* 62.113.216.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71D8B1 /* 62.113.216.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71E37C /* 62.113.227.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E75AAC4 /* 62.117.170.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E858269 /* 62.133.130.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A02B8 /* 62.138.2.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A07AB /* 62.138.7.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A07E7 /* 62.138.7.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A0A3C /* 62.138.10.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A0A3D /* 62.138.10.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A0A3E /* 62.138.10.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D235B /* 62.141.35.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D2496 /* 62.141.36.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D258E /* 62.141.37.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D30AF /* 62.141.48.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D34B9 /* 62.141.52.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D3656 /* 62.141.54.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D3775 /* 62.141.55.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8E9F55 /* 62.142.159.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8F9ADF /* 62.143.154.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E9502BC /* 62.149.2.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E950D39 /* 62.149.13.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E982BCB /* 62.152.43.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E99066D /* 62.153.6.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E9B9E6D /* 62.155.158.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EA62CF9 /* 62.166.44.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EA74820 /* 62.167.72.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EA803D4 /* 62.168.3.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EAD9A99 /* 62.173.154.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB0EFE5 /* 62.176.239.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB23FA5 /* 62.178.63.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB278C5 /* 62.178.120.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB28703 /* 62.178.135.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB2F63A /* 62.178.246.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB46D0B /* 62.180.109.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC2ACA7 /* 62.194.172.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC32E81 /* 62.195.46.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC5CFB6 /* 62.197.207.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC7AEED /* 62.199.174.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED22410 /* 62.210.36.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2242E /* 62.210.36.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED22552 /* 62.210.37.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2454F /* 62.210.69.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED245EC /* 62.210.69.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED24A6E /* 62.210.74.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED24B54 /* 62.210.75.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED24C58 /* 62.210.76.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25134 /* 62.210.81.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2522C /* 62.210.82.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25422 /* 62.210.84.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25AA4 /* 62.210.90.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25C0B /* 62.210.92.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25D8E /* 62.210.93.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2692F /* 62.210.105.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26974 /* 62.210.105.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26B56 /* 62.210.107.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26D30 /* 62.210.109.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26D85 /* 62.210.109.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27393 /* 62.210.115.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27B18 /* 62.210.123.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27B85 /* 62.210.123.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27C7C /* 62.210.124.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27D82 /* 62.210.125.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED281F6 /* 62.210.129.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28438 /* 62.210.132.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED289E6 /* 62.210.137.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28A03 /* 62.210.138.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28C77 /* 62.210.140.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28E27 /* 62.210.142.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2AA8F /* 62.210.170.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2BE05 /* 62.210.190.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2CE19 /* 62.210.206.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2CE35 /* 62.210.206.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2D3CE /* 62.210.211.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2D511 /* 62.210.213.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F492 /* 62.210.244.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F58A /* 62.210.245.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F59E /* 62.210.245.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F6A3 /* 62.210.246.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F7B2 /* 62.210.247.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FAC0 /* 62.210.250.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FB35 /* 62.210.251.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FE7F /* 62.210.254.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FE84 /* 62.210.254.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FEC9 /* 62.210.254.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED4498D /* 62.212.73.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED6063D /* 62.214.6.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED80578 /* 62.216.5.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED97CFD /* 62.217.124.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDB2E85 /* 62.219.46.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDBB62A /* 62.219.182.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDC9457 /* 62.220.148.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDC9461 /* 62.220.148.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EE04740 /* 62.224.71.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EE04911 /* 62.224.73.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EE0B81D /* 62.224.184.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EEB2055 /* 62.235.32.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EF9AABA /* 62.249.170.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EFB32E8 /* 62.251.50.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EFD8952 /* 62.253.137.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3F8DF6BA /* 63.141.246.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3F8E9DA2 /* 63.142.157.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3FDF4567 /* 63.223.69.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3FE4435E /* 63.228.67.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x401B118C /* 64.27.17.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x404E969F /* 64.78.150.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x405B06F4 /* 64.91.6.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x405D47FD /* 64.93.71.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4071201D /* 64.113.32.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x407C2054 /* 64.124.32.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40898B49 /* 64.137.139.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089A6E8 /* 64.137.166.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089A944 /* 64.137.169.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AACA /* 64.137.170.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AC79 /* 64.137.172.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AD2B /* 64.137.173.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AD76 /* 64.137.173.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089ADEB /* 64.137.173.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B04D /* 64.137.176.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B203 /* 64.137.178.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B22F /* 64.137.178.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B4C5 /* 64.137.180.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B698 /* 64.137.182.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B69E /* 64.137.182.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B824 /* 64.137.184.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B896 /* 64.137.184.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B952 /* 64.137.185.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BCF1 /* 64.137.188.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BD4D /* 64.137.189.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BD6D /* 64.137.189.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BFF3 /* 64.137.191.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C3BA /* 64.137.195.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C3D6 /* 64.137.195.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C3E6 /* 64.137.195.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C5E9 /* 64.137.197.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C711 /* 64.137.199.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C860 /* 64.137.200.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C95A /* 64.137.201.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C9B2 /* 64.137.201.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089CC42 /* 64.137.204.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089CC83 /* 64.137.204.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089CEF8 /* 64.137.206.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D003 /* 64.137.208.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D09F /* 64.137.208.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D2FA /* 64.137.210.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D454 /* 64.137.212.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D6D8 /* 64.137.214.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D932 /* 64.137.217.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D9C1 /* 64.137.217.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089DAA7 /* 64.137.218.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E09A /* 64.137.224.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E47A /* 64.137.228.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E5A0 /* 64.137.229.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E64D /* 64.137.230.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E663 /* 64.137.230.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E738 /* 64.137.231.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F30D /* 64.137.243.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F343 /* 64.137.243.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F413 /* 64.137.244.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F460 /* 64.137.244.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F538 /* 64.137.245.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F768 /* 64.137.247.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F7BF /* 64.137.247.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089FD92 /* 64.137.253.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089FF82 /* 64.137.255.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40BBA7E3 /* 64.187.167.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40E5998F /* 64.229.153.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40ED332E /* 64.237.51.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A782 /* 65.19.167.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A783 /* 65.19.167.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A784 /* 65.19.167.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A785 /* 65.19.167.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113B2F1 /* 65.19.178.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x411BD32D /* 65.27.211.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4132CB05 /* 65.50.203.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x413C3C4E /* 65.60.60.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x416E64D6 /* 65.110.100.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x416FBA42 /* 65.111.186.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4170DD23 /* 65.112.221.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4181C419 /* 65.129.196.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x41B57BFE /* 65.181.123.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x41B792DD /* 65.183.146.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42185436 /* 66.24.84.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4237431C /* 66.55.67.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4241310F /* 66.65.49.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42554A7E /* 66.85.74.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x425A6575 /* 66.90.101.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426EA84D /* 66.110.168.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426F0210 /* 66.111.2.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426F0214 /* 66.111.2.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426F3E55 /* 66.111.62.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42746CB3 /* 66.116.108.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4294745A /* 66.148.116.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x429B04D5 /* 66.155.4.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AA0BCB /* 66.170.11.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AC0CFE /* 66.172.12.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AFD94E /* 66.175.217.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AFDD18 /* 66.175.221.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AFDF91 /* 66.175.223.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42B4C1DB /* 66.180.193.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42BAE69A /* 66.186.230.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42BE62FE /* 66.190.98.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42D78E45 /* 66.215.142.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42D7D4B0 /* 66.215.212.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42DC03B3 /* 66.220.3.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42DFA543 /* 66.223.165.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E42752 /* 66.228.39.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E42753 /* 66.228.39.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E433BA /* 66.228.51.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E43A14 /* 66.228.58.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42EADAF7 /* 66.234.218.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42EB073E /* 66.235.7.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42F25CCB /* 66.242.92.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42F64BA7 /* 66.246.75.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x430018B8 /* 67.0.24.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4316A2BA /* 67.22.162.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x435CADE3 /* 67.92.173.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x435CADE4 /* 67.92.173.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x435CADE5 /* 67.92.173.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43A24B3C /* 67.162.75.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43A46D15 /* 67.164.109.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43AD7728 /* 67.173.119.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43B49B15 /* 67.180.155.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43B7FAD0 /* 67.183.250.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43BA06AF /* 67.186.6.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43BC2811 /* 67.188.40.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43CD821B /* 67.205.130.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43CD92A4 /* 67.205.146.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43CDA785 /* 67.205.167.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43D7FF8C /* 67.215.255.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43E3C6B7 /* 67.227.198.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F1491A /* 67.241.73.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F56A30 /* 67.245.106.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F7FF21 /* 67.247.255.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F98A71 /* 67.249.138.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4405E096 /* 68.5.224.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x442AC1FC /* 68.42.193.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44305597 /* 68.48.85.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44441F0E /* 68.68.31.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4445A644 /* 68.69.166.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44472E8A /* 68.71.46.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4466849E /* 68.102.132.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4468DE3A /* 68.104.222.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x446B4A1F /* 68.107.74.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x446BE751 /* 68.107.231.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x446D128D /* 68.109.18.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4481254C /* 68.129.37.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44852C65 /* 68.133.44.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4494F65B /* 68.148.246.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4497A42B /* 68.151.164.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44CE1486 /* 68.206.20.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44E0F6A9 /* 68.224.246.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44E0FCD2 /* 68.224.252.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44E7DBD9 /* 68.231.219.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x450B0974 /* 69.11.9.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45108914 /* 69.16.137.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451C5A69 /* 69.28.90.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451EC99E /* 69.30.201.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ECBFA /* 69.30.203.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED66A /* 69.30.214.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED6D2 /* 69.30.214.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED72A /* 69.30.215.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED7A2 /* 69.30.215.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451EDABA /* 69.30.218.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451EFCEE /* 69.30.252.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x452731C9 /* 69.39.49.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x452F3A0C /* 69.47.58.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x452FE688 /* 69.47.230.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x453D23B8 /* 69.61.35.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x453EA2B2 /* 69.62.162.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45402E1B /* 69.64.46.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x454030A8 /* 69.64.48.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x454667CE /* 69.70.103.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45544626 /* 69.84.70.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45555CE0 /* 69.85.92.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A840A /* 69.90.132.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A840B /* 69.90.132.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A84B4 /* 69.90.132.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A84F8 /* 69.90.132.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A97E5 /* 69.90.151.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455D630E /* 69.93.99.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455D7F39 /* 69.93.127.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45739110 /* 69.115.145.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4580A9E9 /* 69.128.169.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x458AA2C2 /* 69.138.162.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x458C8C8E /* 69.140.140.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x458FBA82 /* 69.143.186.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A26B05 /* 69.162.107.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A28B09 /* 69.162.139.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A323DE /* 69.163.35.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A3640C /* 69.163.100.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C35C /* 69.164.195.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C524 /* 69.164.197.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C567 /* 69.164.197.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C620 /* 69.164.198.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C6B5 /* 69.164.198.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4CD93 /* 69.164.205.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4CFEA /* 69.164.207.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D28C /* 69.164.210.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D28E /* 69.164.210.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D312 /* 69.164.211.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D4B4 /* 69.164.212.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D6C4 /* 69.164.214.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D6FA /* 69.164.214.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D852 /* 69.164.216.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D8E6 /* 69.164.216.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D961 /* 69.164.217.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4DD41 /* 69.164.221.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4DD4E /* 69.164.221.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4DD99 /* 69.164.221.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45ACAEB5 /* 69.172.174.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45ACBA4F /* 69.172.186.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45B58A79 /* 69.181.138.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45C3929E /* 69.195.146.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45C4A529 /* 69.196.165.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45C4B929 /* 69.196.185.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45F53BF4 /* 69.245.59.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45F5D050 /* 69.245.208.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46261F79 /* 70.38.31.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x463FAA56 /* 70.63.170.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x464FC330 /* 70.79.195.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46551FF2 /* 70.85.31.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x465C56C0 /* 70.92.86.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x465F827F /* 70.95.130.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x465FBC58 /* 70.95.188.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46705321 /* 70.112.83.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46739B5C /* 70.115.155.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46794F37 /* 70.121.79.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x467AD63B /* 70.122.214.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x467C9D6D /* 70.124.157.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46A4C5CC /* 70.164.197.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46A4FFAE /* 70.164.255.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46A92268 /* 70.169.34.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46BBAC10 /* 70.187.172.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x470EBC03 /* 71.14.188.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x470F2597 /* 71.15.37.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x471181CA /* 71.17.129.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x471390B8 /* 71.19.144.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139515 /* 71.19.149.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139A8A /* 71.19.154.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139BBB /* 71.19.155.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139D7F /* 71.19.157.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139DD5 /* 71.19.157.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x472EDC44 /* 71.46.220.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4738DCD9 /* 71.56.220.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x474F32B5 /* 71.79.50.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475935A8 /* 71.89.53.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475A52F3 /* 71.90.82.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475B3B91 /* 71.91.59.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475D67BC /* 71.93.103.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4787226D /* 71.135.34.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47A59723 /* 71.165.151.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47B3F68E /* 71.179.246.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47BF5FD9 /* 71.191.95.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47C7D0FA /* 71.199.208.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47CCBC94 /* 71.204.188.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47D4025A /* 71.212.2.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47E4AABA /* 71.228.170.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47E7860F /* 71.231.134.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47EED615 /* 71.238.214.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47F1FA34 /* 71.241.250.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47F8B262 /* 71.248.178.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47FC89F6 /* 71.252.137.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480548E3 /* 72.5.72.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480CCF0E /* 72.12.207.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480EB30A /* 72.14.179.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480EB70E /* 72.14.183.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480EB915 /* 72.14.185.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x482E9BBA /* 72.46.155.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48344B1B /* 72.52.75.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48453A52 /* 72.69.58.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48AE81B5 /* 72.174.129.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48B39262 /* 72.179.146.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48BCC700 /* 72.188.199.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48C14756 /* 72.193.71.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48C5066E /* 72.197.6.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48CC5A10 /* 72.204.90.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48DCA9A8 /* 72.220.169.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48E6EBF9 /* 72.230.235.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48EA9AA2 /* 72.234.154.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48EE83EC /* 72.238.131.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x490403B2 /* 73.4.3.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49141AF9 /* 73.20.26.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4918243A /* 73.24.36.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x492824AA /* 73.40.36.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x492D254B /* 73.45.37.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x493C39B8 /* 73.60.57.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49425ED8 /* 73.66.94.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x494AD496 /* 73.74.212.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x494DD3B0 /* 73.77.211.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4959448A /* 73.89.68.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x495994B1 /* 73.89.148.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x495F534C /* 73.95.83.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4964011D /* 73.100.1.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49999A11 /* 73.153.154.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x499D02CC /* 73.157.2.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49A39AE2 /* 73.163.154.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49A63404 /* 73.166.52.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49AADDB8 /* 73.170.221.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49B18E1A /* 73.177.142.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49B28FEF /* 73.178.143.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49BE15CA /* 73.190.21.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49C0D90E /* 73.192.217.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49C1F239 /* 73.193.242.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49CA042A /* 73.202.4.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49CB1E92 /* 73.203.30.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49DAFBE3 /* 73.218.251.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49EA0A84 /* 73.234.10.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49EF52C1 /* 73.239.82.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49F16918 /* 73.241.105.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A03A527 /* 74.3.165.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A323645 /* 74.50.54.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A400746 /* 74.64.7.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A41D5C0 /* 74.65.213.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A4201CA /* 74.66.1.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A43A511 /* 74.67.165.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A47EA51 /* 74.71.234.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A48CE45 /* 74.72.206.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A498F92 /* 74.73.143.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A5203E0 /* 74.82.3.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A561813 /* 74.86.24.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A5AF2A8 /* 74.90.242.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A5B1502 /* 74.91.21.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A62E668 /* 74.98.230.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A6E911C /* 74.110.145.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A74BA78 /* 74.116.186.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A79B6CE /* 74.121.182.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A8E4A9C /* 74.142.74.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFE7BA /* 74.207.231.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFECC5 /* 74.207.236.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFED2C /* 74.207.237.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF01A /* 74.207.240.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF207 /* 74.207.242.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF2F7 /* 74.207.242.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF86E /* 74.207.248.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4AD04E82 /* 74.208.78.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4AD0DCDE /* 74.208.220.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B484A7B /* 75.72.74.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B57BF46 /* 75.87.191.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B77FB0E /* 75.119.251.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B7F6065 /* 75.127.96.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B869AB1 /* 75.134.154.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B877B4D /* 75.135.123.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B897058 /* 75.137.112.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B8F8310 /* 75.143.131.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B8FBC3E /* 75.143.188.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BA6543C /* 75.166.84.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BA9D3F4 /* 75.169.211.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BAF72B1 /* 75.175.114.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BB02D57 /* 75.176.45.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BC89768 /* 75.200.151.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C09C0CC /* 76.9.192.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C0A9D3A /* 76.10.157.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C0AA1A6 /* 76.10.161.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C0CDB68 /* 76.12.219.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C1384A3 /* 76.19.132.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C1ACBF3 /* 76.26.203.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C49EAAD /* 76.73.234.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C4DBABB /* 76.77.186.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C5462F6 /* 76.84.98.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C55C840 /* 76.85.200.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C5E7309 /* 76.94.115.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C7AFC1B /* 76.122.252.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4CA7D7E3 /* 76.167.215.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4CFBA499 /* 76.251.164.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4CFFCE24 /* 76.255.206.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D02B2B3 /* 77.2.178.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0C660C /* 77.12.102.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0C81F7 /* 77.12.129.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0C9B56 /* 77.12.155.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0CE6EA /* 77.12.230.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D1481EC /* 77.20.129.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D14B78D /* 77.20.183.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D152983 /* 77.21.41.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D157351 /* 77.21.115.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D16C1DF /* 77.22.193.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D172632 /* 77.23.38.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D172E1C /* 77.23.46.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D17C649 /* 77.23.198.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D17F590 /* 77.23.245.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D1B8CE4 /* 77.27.140.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D2588A5 /* 77.37.136.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D258EB3 /* 77.37.142.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D259207 /* 77.37.146.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25A012 /* 77.37.160.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25DA91 /* 77.37.218.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25E45A /* 77.37.228.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25F6E3 /* 77.37.246.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3049BD /* 77.48.73.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3049F6 /* 77.48.73.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D38B941 /* 77.56.185.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D397E24 /* 77.57.126.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3A4995 /* 77.58.73.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3A94FE /* 77.58.148.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D40E649 /* 77.64.230.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D420CB9 /* 77.66.12.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D440B2A /* 77.68.11.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D44245D /* 77.68.36.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D442A84 /* 77.68.42.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D463FDC /* 77.70.63.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D494033 /* 77.73.64.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D49426F /* 77.73.66.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D4A602B /* 77.74.96.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D4BA62B /* 77.75.166.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D4FBAED /* 77.79.186.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D51687C /* 77.81.104.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D516B8A /* 77.81.107.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D51F029 /* 77.81.240.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D52EF6E /* 77.82.239.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D59DC0A /* 77.89.220.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D5F0AF2 /* 77.95.10.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D67306F /* 77.103.48.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D6CCF29 /* 77.108.207.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D6D8B57 /* 77.109.139.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D77E033 /* 77.119.224.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D77E9B6 /* 77.119.233.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D77ECD5 /* 77.119.236.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D785EE9 /* 77.120.94.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D7A4F7E /* 77.122.79.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D800EF3 /* 77.128.14.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D806BEB /* 77.128.107.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D8C5D7F /* 77.140.93.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D8C7F44 /* 77.140.127.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DA1229D /* 77.161.34.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DAAE6A3 /* 77.170.230.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB0E4BC /* 77.176.228.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB31696 /* 77.179.22.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB34110 /* 77.179.65.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB37039 /* 77.179.112.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB41959 /* 77.180.25.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB55D29 /* 77.181.93.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB6972A /* 77.182.151.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DBB53DC /* 77.187.83.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DBBB8FE /* 77.187.184.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DBC452F /* 77.188.69.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DC0D245 /* 77.192.210.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DC6638B /* 77.198.99.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DCB0D39 /* 77.203.13.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DE9EE82 /* 77.233.238.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DEC2EA4 /* 77.236.46.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DEC2EDA /* 77.236.46.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF69DA9 /* 77.246.157.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF6C13B /* 77.246.193.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF7B5A3 /* 77.247.181.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF7B5A5 /* 77.247.181.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF96756 /* 77.249.103.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DFBEF7B /* 77.251.239.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DFE0320 /* 77.254.3.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E08B0FE /* 78.8.176.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E15343A /* 78.21.52.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E184B35 /* 78.24.75.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E1FA429 /* 78.31.164.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2258DC /* 78.34.88.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E22BCE2 /* 78.34.188.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E242C36 /* 78.36.44.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E297391 /* 78.41.115.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2A36D3 /* 78.42.54.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E1617 /* 78.46.22.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E1E2B /* 78.46.30.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E2519 /* 78.46.37.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E251A /* 78.46.37.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E2DF2 /* 78.46.45.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E337C /* 78.46.51.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E350B /* 78.46.53.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E37E3 /* 78.46.55.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E3C1E /* 78.46.60.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E40F5 /* 78.46.64.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E434B /* 78.46.67.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E527B /* 78.46.82.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E5A17 /* 78.46.90.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E5F14 /* 78.46.95.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E70DB /* 78.46.112.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E8B99 /* 78.46.139.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E8BB6 /* 78.46.139.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E8D4A /* 78.46.141.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E913A /* 78.46.145.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E970B /* 78.46.151.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EA233 /* 78.46.162.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EA27B /* 78.46.162.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EA2F6 /* 78.46.162.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EB97C /* 78.46.185.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EBD98 /* 78.46.189.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EBDC3 /* 78.46.189.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EC129 /* 78.46.193.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EC21F /* 78.46.194.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EC7B7 /* 78.46.199.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2ECB12 /* 78.46.203.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2ED170 /* 78.46.209.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2ED426 /* 78.46.212.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EDC82 /* 78.46.220.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EDD30 /* 78.46.221.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EDF86 /* 78.46.223.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EE12E /* 78.46.225.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EEFB7 /* 78.46.239.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EF61C /* 78.46.246.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EF724 /* 78.46.247.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EF947 /* 78.46.249.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F0915 /* 78.47.9.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F126E /* 78.47.18.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F1D44 /* 78.47.29.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F2323 /* 78.47.35.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F273C /* 78.47.39.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F3D5E /* 78.47.61.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F3D81 /* 78.47.61.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F3DDE /* 78.47.61.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F405B /* 78.47.64.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F4093 /* 78.47.64.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F467B /* 78.47.70.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F5462 /* 78.47.84.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F56D2 /* 78.47.86.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F5D16 /* 78.47.93.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F659D /* 78.47.101.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F86C3 /* 78.47.134.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F86C4 /* 78.47.134.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F883E /* 78.47.136.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F8ED3 /* 78.47.142.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FA743 /* 78.47.167.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FAE9B /* 78.47.174.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FB04A /* 78.47.176.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FDABE /* 78.47.218.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FDD47 /* 78.47.221.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE0DB /* 78.47.224.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE0DE /* 78.47.224.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE101 /* 78.47.225.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE56B /* 78.47.229.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FEF50 /* 78.47.239.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FF9E2 /* 78.47.249.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E303064 /* 78.48.48.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E33FF42 /* 78.51.255.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E354732 /* 78.53.71.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E361CA0 /* 78.54.28.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E371126 /* 78.55.17.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E37D9C6 /* 78.55.217.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E382816 /* 78.56.40.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E387C10 /* 78.56.124.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E3A9597 /* 78.58.149.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E44EA63 /* 78.68.234.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E460AE6 /* 78.70.10.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E4993FD /* 78.73.147.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5347A6 /* 78.83.71.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E54FD7A /* 78.84.253.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5859F2 /* 78.88.89.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5A0FE5 /* 78.90.15.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5AE3E4 /* 78.90.227.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5E456A /* 78.94.69.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5E4AEC /* 78.94.74.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5E5CAA /* 78.94.92.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E660C17 /* 78.102.12.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6AF999 /* 78.106.249.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6BED10 /* 78.107.237.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6BEFD5 /* 78.107.239.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C2E72 /* 78.108.46.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C2E82 /* 78.108.46.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C2E83 /* 78.108.46.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C426E /* 78.108.66.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C4D56 /* 78.108.77.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E7502F4 /* 78.117.2.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E783339 /* 78.120.51.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E7C9F3B /* 78.124.159.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E7DFAE3 /* 78.125.250.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E81891C /* 78.129.137.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E81ED55 /* 78.129.237.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E82806A /* 78.130.128.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E82C387 /* 78.130.195.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E833886 /* 78.131.56.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E130B /* 78.142.19.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E13D7 /* 78.142.19.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E13E2 /* 78.142.19.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E8EF6 /* 78.142.142.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E918D /* 78.142.145.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8EAF46 /* 78.142.175.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E9515EA /* 78.149.21.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E9C6E87 /* 78.156.110.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E9C75EC /* 78.156.117.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC07C94 /* 78.192.124.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC128CD /* 78.193.40.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC18C04 /* 78.193.140.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC1DA61 /* 78.193.218.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC2251D /* 78.194.37.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC2984B /* 78.194.152.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC2DC36 /* 78.194.220.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC6B4CD /* 78.198.180.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC827AF /* 78.200.39.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC89C77 /* 78.200.156.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ED59256 /* 78.213.146.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EDDDF3A /* 78.221.223.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EDF9B68 /* 78.223.155.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EE722BC /* 78.231.34.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EE8E1A3 /* 78.232.225.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EE96597 /* 78.233.101.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EF8D759 /* 78.248.215.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F286537 /* 79.40.101.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F358078 /* 79.53.128.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F386648 /* 79.56.102.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F442316 /* 79.68.35.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F626912 /* 79.98.105.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F626C39 /* 79.98.108.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F626D30 /* 79.98.109.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F6FAB73 /* 79.111.171.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F703775 /* 79.112.55.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F73D242 /* 79.115.210.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F780A62 /* 79.120.10.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F782993 /* 79.120.41.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7851B7 /* 79.120.81.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F785566 /* 79.120.85.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C070B /* 79.124.7.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C152D /* 79.124.21.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C3BC2 /* 79.124.59.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C3C84 /* 79.124.60.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F84E8B3 /* 79.132.232.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F85D20B /* 79.133.210.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F86EAF7 /* 79.134.234.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F86FFC8 /* 79.134.255.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F88014A /* 79.136.1.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F881D2B /* 79.136.29.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F88465D /* 79.136.70.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F88467D /* 79.136.70.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F889972 /* 79.136.153.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892169 /* 79.137.33.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892183 /* 79.137.33.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892395 /* 79.137.35.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892727 /* 79.137.39.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F894E65 /* 79.137.78.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F894F1F /* 79.137.79.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F895042 /* 79.137.80.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8951A8 /* 79.137.81.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F895547 /* 79.137.85.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8957D4 /* 79.137.87.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8957D5 /* 79.137.87.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F896A9A /* 79.137.106.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F897004 /* 79.137.112.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F897005 /* 79.137.112.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F89742B /* 79.137.116.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8C290D /* 79.140.41.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8C2975 /* 79.140.41.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8C2976 /* 79.140.41.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8FB287 /* 79.143.178.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8FB72C /* 79.143.183.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8FBA11 /* 79.143.186.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F9ADC72 /* 79.154.220.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA1F802 /* 79.161.248.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA53834 /* 79.165.56.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA5B4F3 /* 79.165.180.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA9225F /* 79.169.34.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FAC1212 /* 79.172.18.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FAC1CCD /* 79.172.28.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FACC120 /* 79.172.193.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FACCC24 /* 79.172.204.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FB07031 /* 79.176.112.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FB1769C /* 79.177.118.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC1CF94 /* 79.193.207.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC4F70C /* 79.196.247.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC56DEA /* 79.197.109.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC5CD8D /* 79.197.205.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC6AE73 /* 79.198.174.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCB5108 /* 79.203.81.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCC8FCE /* 79.204.143.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCC931C /* 79.204.147.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCD1428 /* 79.205.20.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCDE527 /* 79.205.229.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCFE3CA /* 79.207.227.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD04520 /* 79.208.69.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD26917 /* 79.210.105.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD3FCD9 /* 79.211.252.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD44F49 /* 79.212.79.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD6F2FD /* 79.214.242.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD99C2A /* 79.217.156.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FDA50AA /* 79.218.80.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FDEC135 /* 79.222.193.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FDEF68C /* 79.222.246.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE0586C /* 79.224.88.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE1D1EA /* 79.225.209.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE3834A /* 79.227.131.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE3DEAF /* 79.227.222.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE5C065 /* 79.229.192.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE75712 /* 79.231.87.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE77B42 /* 79.231.123.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE7E4AA /* 79.231.228.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE96869 /* 79.233.104.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE9BD96 /* 79.233.189.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE9D01A /* 79.233.208.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEAB928 /* 79.234.185.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEE3FEE /* 79.238.63.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEFCB56 /* 79.239.203.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEFF6BC /* 79.239.246.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF0E1D2 /* 79.240.225.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF1C20A /* 79.241.194.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF1CEA5 /* 79.241.206.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF1F58B /* 79.241.245.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF34FCE /* 79.243.79.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF7728E /* 79.247.114.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF78368 /* 79.247.131.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF89FC8 /* 79.248.159.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x500736BB /* 80.7.54.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x500C5EB8 /* 80.12.94.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x500F627F /* 80.15.98.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x501ACE0B /* 80.26.206.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x501F4713 /* 80.31.71.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x501FF2DA /* 80.31.242.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x503CF5EA /* 80.60.245.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50404119 /* 80.64.65.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5042877B /* 80.66.135.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5043ACA2 /* 80.67.172.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50445CF9 /* 80.68.92.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50478339 /* 80.71.131.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50478577 /* 80.71.133.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50478C09 /* 80.71.140.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5049F28E /* 80.73.242.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x504F1707 /* 80.79.23.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50510C1D /* 80.81.12.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5051111F /* 80.81.17.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5051F378 /* 80.81.243.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5051F3EB /* 80.81.243.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x505242E9 /* 80.82.66.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50555417 /* 80.85.84.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50555448 /* 80.85.84.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x505554DE /* 80.85.84.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x505AFA45 /* 80.90.250.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5062B2B4 /* 80.98.178.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506300DF /* 80.99.0.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50634673 /* 80.99.70.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5063A98E /* 80.99.169.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50640799 /* 80.100.7.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50649D29 /* 80.100.157.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5064FAF4 /* 80.100.250.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506589DF /* 80.101.137.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506C120B /* 80.108.18.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506C1DAF /* 80.108.29.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506C8F13 /* 80.108.143.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506CC3FA /* 80.108.195.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506DD102 /* 80.109.209.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506DF964 /* 80.109.249.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5072219A /* 80.114.33.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5074C31C /* 80.116.195.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50778941 /* 80.119.137.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507A5A2E /* 80.122.90.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F6B9A /* 80.127.107.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F6BB3 /* 80.127.107.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F6D32 /* 80.127.109.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F75B4 /* 80.127.117.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F765D /* 80.127.118.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F80BE /* 80.127.128.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F8913 /* 80.127.137.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F8F5A /* 80.127.143.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F97A2 /* 80.127.151.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5083F110 /* 80.131.241.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x508649F1 /* 80.134.73.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50887E89 /* 80.136.126.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5088A7B2 /* 80.136.167.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50895F35 /* 80.137.95.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x508C60BE /* 80.140.96.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x508DE120 /* 80.141.225.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5090E36A /* 80.144.227.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5091EE43 /* 80.145.238.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5093219D /* 80.147.33.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5093BE2F /* 80.147.190.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50990704 /* 80.153.7.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5099125B /* 80.153.18.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5099F1A9 /* 80.153.241.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50A22B48 /* 80.162.43.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50A9F14C /* 80.169.241.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50C2115C /* 80.194.17.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50CB8917 /* 80.203.137.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DA541C /* 80.218.84.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DABABF /* 80.218.186.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DB0012 /* 80.219.0.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DC141F /* 80.220.20.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DC5AA8 /* 80.220.90.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DCEA3F /* 80.220.234.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E58CEF /* 80.229.140.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E598E4 /* 80.229.152.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E8CDD6 /* 80.232.205.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E8F21F /* 80.232.242.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E98632 /* 80.233.134.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E98695 /* 80.233.134.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50EC3338 /* 80.236.51.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50EDE786 /* 80.237.231.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50EE7A6A /* 80.238.122.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F086F6 /* 80.240.134.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F08B6F /* 80.240.139.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F0D8FD /* 80.240.216.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F13CCF /* 80.241.60.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F1DCDD /* 80.241.220.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F368B6 /* 80.243.104.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F451BF /* 80.244.81.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F4F1FE /* 80.244.241.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F4F39E /* 80.244.243.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F8D083 /* 80.248.208.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F8F02B /* 80.248.240.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50FEDB30 /* 80.254.219.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50FF060B /* 80.255.6.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50FF0BC4 /* 80.255.11.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51003B92 /* 81.0.59.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5100E203 /* 81.0.226.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102C521 /* 81.2.197.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102D10A /* 81.2.209.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102EDDA /* 81.2.237.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102F777 /* 81.2.247.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102F7A5 /* 81.2.247.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5104655D /* 81.4.101.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510467AA /* 81.4.103.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046CC7 /* 81.4.108.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046D2F /* 81.4.109.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046DD0 /* 81.4.109.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046E95 /* 81.4.110.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51047930 /* 81.4.121.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51047D0D /* 81.4.125.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107038D /* 81.7.3.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510703F7 /* 81.7.3.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A14 /* 81.7.10.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A1D /* 81.7.10.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A44 /* 81.7.10.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A5D /* 81.7.10.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070AFB /* 81.7.10.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B16 /* 81.7.11.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B46 /* 81.7.11.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B8E /* 81.7.11.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B9A /* 81.7.11.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070BFD /* 81.7.11.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070D54 /* 81.7.13.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070DF8 /* 81.7.13.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070E19 /* 81.7.14.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070EE3 /* 81.7.14.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107101F /* 81.7.16.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107103B /* 81.7.16.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107108B /* 81.7.16.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510710B1 /* 81.7.16.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510710B6 /* 81.7.16.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51071254 /* 81.7.18.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510A8C06 /* 81.10.140.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510A9F12 /* 81.10.159.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5111102B /* 81.17.16.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111182 /* 81.17.17.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111183 /* 81.17.17.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111E21 /* 81.17.30.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111E2C /* 81.17.30.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111E30 /* 81.17.30.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51130347 /* 81.19.3.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5116FF92 /* 81.22.255.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511738FF /* 81.23.56.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51193683 /* 81.25.54.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9E51 /* 81.30.158.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9E90 /* 81.30.158.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9ED5 /* 81.30.158.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9EDF /* 81.30.158.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51218578 /* 81.33.133.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5125E02A /* 81.37.224.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5138C0E7 /* 81.56.192.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5139D087 /* 81.57.208.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5142884E /* 81.66.136.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5142CC1C /* 81.66.204.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C3 /* 81.89.0.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C4 /* 81.89.0.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C5 /* 81.89.0.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C6 /* 81.89.0.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C7 /* 81.89.0.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C8 /* 81.89.0.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C9 /* 81.89.0.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900CA /* 81.89.0.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900CB /* 81.89.0.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900CC /* 81.89.0.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51593F96 /* 81.89.63.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515F0D37 /* 81.95.13.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515F3444 /* 81.95.52.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51618FF7 /* 81.97.143.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51672409 /* 81.103.36.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5184FFEF /* 81.132.255.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x518DE01A /* 81.141.224.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5195968F /* 81.149.150.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5199E91D /* 81.153.233.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x519B2F59 /* 81.155.47.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x519F452C /* 81.159.69.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A46265 /* 81.164.98.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A982D6 /* 81.169.130.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A988CE /* 81.169.136.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A98A33 /* 81.169.138.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A98DDE /* 81.169.141.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A99864 /* 81.169.152.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9A64A /* 81.169.166.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9AFA4 /* 81.169.175.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9B55F /* 81.169.181.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9B9E9 /* 81.169.185.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9DE9E /* 81.169.222.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9F6CC /* 81.169.246.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AA841C /* 81.170.132.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AA94C2 /* 81.170.148.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AD9793 /* 81.173.151.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AE962B /* 81.174.150.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AE97D7 /* 81.174.151.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AE9B2F /* 81.174.155.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AEE712 /* 81.174.231.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AFDB02 /* 81.175.219.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AFDDCF /* 81.175.221.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51B77151 /* 81.183.113.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51BE6077 /* 81.190.96.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51C14B5B /* 81.193.75.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51D9121D /* 81.217.18.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51D920C1 /* 81.217.32.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51D9BB06 /* 81.217.187.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DA5B9A /* 81.218.91.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DA6DC3 /* 81.218.109.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DA8A03 /* 81.218.138.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DD947F /* 81.221.148.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E3D84C /* 81.227.216.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E4C09D /* 81.228.192.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E4C74B /* 81.228.199.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E66CC0 /* 81.230.108.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E6A691 /* 81.230.166.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E81EC2 /* 81.232.30.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51ECAF80 /* 81.236.175.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51F34BD0 /* 81.243.75.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51F52A42 /* 81.245.42.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51F5E6FD /* 81.245.230.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51FEAF31 /* 81.254.175.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52018046 /* 82.1.128.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52052A69 /* 82.5.42.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x520BAC32 /* 82.11.172.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5215D31D /* 82.21.211.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x521B7682 /* 82.27.118.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x521CE407 /* 82.28.228.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52290A87 /* 82.41.10.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x522CCB7C /* 82.44.203.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5231CF20 /* 82.49.207.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52433720 /* 82.67.55.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52449FD9 /* 82.68.159.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52454C23 /* 82.69.76.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5247D30D /* 82.71.211.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5247F64F /* 82.71.246.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x524CB63D /* 82.76.182.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52502163 /* 82.80.33.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52503640 /* 82.80.54.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5252BED7 /* 82.82.190.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525ECCAA /* 82.94.204.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525EE292 /* 82.94.226.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525EFBE3 /* 82.94.251.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525F42CB /* 82.95.66.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525F6B33 /* 82.95.107.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52668ED2 /* 82.102.142.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52678C57 /* 82.103.140.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5273740B /* 82.115.116.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52747803 /* 82.116.120.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F20E /* 82.118.242.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F215 /* 82.118.242.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F27F /* 82.118.242.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F280 /* 82.118.242.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F293 /* 82.118.242.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5277E924 /* 82.119.233.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5282090F /* 82.130.9.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52820B94 /* 82.130.11.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52820D9A /* 82.130.13.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52834A12 /* 82.131.74.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x528B60C9 /* 82.139.96.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529225CC /* 82.146.37.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52922F11 /* 82.146.47.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529237CD /* 82.146.55.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5295F13D /* 82.149.241.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529B43BE /* 82.155.67.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529EA2AB /* 82.158.162.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1321E /* 82.161.50.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1B614 /* 82.161.182.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1D257 /* 82.161.210.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1D4D1 /* 82.161.212.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A58E4F /* 82.165.142.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A594A3 /* 82.165.148.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A5CF66 /* 82.165.207.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A80E92 /* 82.168.14.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B301A2 /* 82.179.1.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B574C7 /* 82.181.116.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B5D46A /* 82.181.212.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B5E7C4 /* 82.181.231.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B5EE90 /* 82.181.238.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C2AA1E /* 82.194.170.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C406C7 /* 82.196.6.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C4080D /* 82.196.8.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C408E8 /* 82.196.8.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C40E8E /* 82.196.14.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C46AA0 /* 82.196.106.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C47CC2 /* 82.196.124.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C79B59 /* 82.199.155.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52CFED13 /* 82.207.237.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D1B3A3 /* 82.209.179.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D300B4 /* 82.211.0.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D300C9 /* 82.211.0.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D3138F /* 82.211.19.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D31FF7 /* 82.211.31.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D40E20 /* 82.212.14.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D5DEEA /* 82.213.222.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D9D6D7 /* 82.217.214.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DB0959 /* 82.219.9.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DC5935 /* 82.220.89.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD6543 /* 82.221.101.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD69C6 /* 82.221.105.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD8014 /* 82.221.128.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD80D9 /* 82.221.128.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD8B19 /* 82.221.139.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD8BBE /* 82.221.139.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DF154A /* 82.223.21.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E092B3 /* 82.224.146.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E2473B /* 82.226.71.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E28C77 /* 82.226.140.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E4FC14 /* 82.228.252.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E51AEB /* 82.229.26.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E58A1F /* 82.229.138.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E58A8F /* 82.229.138.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E97597 /* 82.233.117.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52EE55F0 /* 82.238.85.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52EF01CD /* 82.239.1.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F25792 /* 82.242.87.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F298D3 /* 82.242.152.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F385B4 /* 82.243.133.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F4B127 /* 82.244.177.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F7C6E3 /* 82.247.198.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52FA03EC /* 82.250.3.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52FB1146 /* 82.251.17.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52FB2188 /* 82.251.33.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5321BD8F /* 83.33.189.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53240901 /* 83.36.9.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x532CCF03 /* 83.44.207.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x533776BF /* 83.55.118.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x533FF441 /* 83.63.244.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5345F255 /* 83.69.242.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x534D9DFE /* 83.77.157.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53528CF1 /* 83.82.140.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5352EA6A /* 83.82.234.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5353FB49 /* 83.83.251.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x535573E3 /* 83.85.115.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5355FC37 /* 83.85.252.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53567804 /* 83.86.120.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x535969A0 /* 83.89.105.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53802930 /* 83.128.41.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x538632D0 /* 83.134.50.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5386E05A /* 83.134.224.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53885104 /* 83.136.81.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x538FF556 /* 83.143.245.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5391F1E7 /* 83.145.241.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5392F130 /* 83.146.241.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53951426 /* 83.149.20.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53960BCB /* 83.150.11.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x539613F3 /* 83.150.19.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5396527A /* 83.150.82.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x539A832B /* 83.154.131.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A08BB7 /* 83.160.139.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A1DAE2 /* 83.161.218.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A22F1A /* 83.162.47.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2B243 /* 83.162.178.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2BC64 /* 83.162.188.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2C73C /* 83.162.199.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2CAB6 /* 83.162.202.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2CD44 /* 83.162.205.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A34DC3 /* 83.163.77.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A3C9A8 /* 83.163.201.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A7B923 /* 83.167.185.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A8C8CC /* 83.168.200.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A9060C /* 83.169.6.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53ABA70D /* 83.171.167.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53AF6482 /* 83.175.100.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53CDEECD /* 83.205.238.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D45257 /* 83.212.82.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D45296 /* 83.212.82.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D460B7 /* 83.212.96.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D460CE /* 83.212.96.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46344 /* 83.212.99.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D463D4 /* 83.212.99.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46464 /* 83.212.100.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46612 /* 83.212.102.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46672 /* 83.212.102.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D4687C /* 83.212.104.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46891 /* 83.212.104.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46990 /* 83.212.105.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D473E0 /* 83.212.115.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D47661 /* 83.212.118.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D4A8BA /* 83.212.168.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53DCB3AF /* 83.220.179.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E336EA /* 83.227.54.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E45D4C /* 83.228.93.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E71225 /* 83.231.18.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E94C6F /* 83.233.76.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F065D1 /* 83.240.101.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F74E5A /* 83.247.78.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F82268 /* 83.248.34.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F85AD3 /* 83.248.90.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F8A8D8 /* 83.248.168.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FB4937 /* 83.251.73.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FC534F /* 83.252.83.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FD0764 /* 83.253.7.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FD3E77 /* 83.253.62.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FD8858 /* 83.253.136.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FE5D4E /* 83.254.93.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FECFC5 /* 83.254.207.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FF6C65 /* 83.255.108.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54030035 /* 84.3.0.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B24F /* 84.19.178.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B269 /* 84.19.178.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B29B /* 84.19.178.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B36A /* 84.19.179.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B3E5 /* 84.19.179.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B487 /* 84.19.180.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B881 /* 84.19.184.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413BDF2 /* 84.19.189.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413BE9D /* 84.19.190.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x541B5F35 /* 84.27.95.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542862BB /* 84.40.98.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54287046 /* 84.40.112.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542E1498 /* 84.46.20.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542E1E4A /* 84.46.30.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542E1EF5 /* 84.46.30.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5430C74E /* 84.48.199.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5435F7A9 /* 84.53.247.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5437525E /* 84.55.82.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54382D7B /* 84.56.45.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54398A2E /* 84.57.138.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543C2DE8 /* 84.60.45.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543D3004 /* 84.61.48.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543D5E07 /* 84.61.94.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543F40DB /* 84.63.64.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54482813 /* 84.72.40.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54490F5C /* 84.73.15.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54491458 /* 84.73.20.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5449149D /* 84.73.20.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5449244A /* 84.73.36.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5449DC41 /* 84.73.220.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544A50D2 /* 84.74.80.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544B19CA /* 84.75.25.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544B44EB /* 84.75.68.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544BC8E5 /* 84.75.200.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544BE77C /* 84.75.231.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54505045 /* 84.80.80.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x545C6161 /* 84.92.97.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5468BF39 /* 84.104.191.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x546AEA98 /* 84.106.234.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x546B6E0C /* 84.107.110.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54702924 /* 84.112.41.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54720336 /* 84.114.3.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5472B966 /* 84.114.185.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x547323F8 /* 84.115.35.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5476AF83 /* 84.118.175.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54774190 /* 84.119.65.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5482A597 /* 84.130.165.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5484E3F1 /* 84.132.227.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54865441 /* 84.134.84.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548945CA /* 84.137.69.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548D7630 /* 84.141.118.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548FD821 /* 84.143.216.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548FDE8F /* 84.143.222.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54904522 /* 84.144.69.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549073D9 /* 84.144.115.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5490E8AC /* 84.144.232.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5492A167 /* 84.146.161.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549665CA /* 84.150.101.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549675DA /* 84.150.117.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549A7446 /* 84.154.116.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549ABD38 /* 84.154.189.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549C028A /* 84.156.2.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549CBC46 /* 84.156.188.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549EC45B /* 84.158.196.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549F49CE /* 84.159.73.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549F4C3F /* 84.159.76.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A09ACC /* 84.160.154.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A21CE2 /* 84.162.28.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A5409F /* 84.165.64.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A8F9D7 /* 84.168.249.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54AB51E6 /* 84.171.81.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54AB5BC7 /* 84.171.91.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54ADDF9F /* 84.173.223.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54AE63C4 /* 84.174.99.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B0EA0E /* 84.176.234.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B0FB8A /* 84.176.251.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B166C5 /* 84.177.102.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B4603C /* 84.180.96.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B6A117 /* 84.182.161.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B6BFDF /* 84.182.191.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B7EEC3 /* 84.183.238.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BA3653 /* 84.186.54.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BB8B4A /* 84.187.139.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BCA06A /* 84.188.160.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BF23C8 /* 84.191.35.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BFF098 /* 84.191.240.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C10029 /* 84.193.0.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C3E5B6 /* 84.195.229.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C80821 /* 84.200.8.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C808CF /* 84.200.8.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C80ECE /* 84.200.14.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C83212 /* 84.200.50.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C83822 /* 84.200.56.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C83824 /* 84.200.56.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C84DF3 /* 84.200.77.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C852A3 /* 84.200.82.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C8CE63 /* 84.200.206.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54CA5A7A /* 84.202.90.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54CA74A4 /* 84.202.116.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D11ABA /* 84.209.26.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D6DC87 /* 84.214.220.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D7A360 /* 84.215.163.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D8E951 /* 84.216.233.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D8FCC8 /* 84.216.252.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54DBF8F9 /* 84.219.248.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E20D1B /* 84.226.13.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E27D07 /* 84.226.125.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E3DA07 /* 84.227.218.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E61807 /* 84.230.24.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54EC35E6 /* 84.236.53.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54ED96AB /* 84.237.150.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F03CEA /* 84.240.60.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F14114 /* 84.241.65.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F41F34 /* 84.244.31.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F50FFD /* 84.245.15.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F51940 /* 84.245.25.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F51BD1 /* 84.245.27.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F51E9A /* 84.245.30.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F848E7 /* 84.248.72.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F900C1 /* 84.249.0.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F910D7 /* 84.249.16.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F9C7E6 /* 84.249.199.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54FA1259 /* 84.250.18.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54FA720A /* 84.250.114.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54FB54F3 /* 84.251.84.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55002B59 /* 85.0.43.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55004029 /* 85.0.64.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55047E83 /* 85.4.126.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5507B414 /* 85.7.180.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550A6A2F /* 85.10.106.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC409 /* 85.10.196.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC40C /* 85.10.196.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC6EC /* 85.10.198.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC92F /* 85.10.201.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550ACA57 /* 85.10.202.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550ACB47 /* 85.10.203.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550ACBAB /* 85.10.203.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AF0FA /* 85.10.240.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550EF337 /* 85.14.243.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550EF9F7 /* 85.14.249.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5510AA7D /* 85.16.170.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55111A05 /* 85.17.26.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55117020 /* 85.17.112.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551170A3 /* 85.17.112.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511A4A5 /* 85.17.164.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511A4AC /* 85.17.164.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511AC4B /* 85.17.172.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511C2B4 /* 85.17.194.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511D6B1 /* 85.17.214.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551590E0 /* 85.21.144.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55189139 /* 85.24.145.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5518A288 /* 85.24.162.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5518B4C8 /* 85.24.180.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55192C8D /* 85.25.44.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55196745 /* 85.25.103.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55198405 /* 85.25.132.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55198522 /* 85.25.133.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551995A1 /* 85.25.149.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551996D8 /* 85.25.150.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55199F41 /* 85.25.159.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55199FFD /* 85.25.159.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5519D5D3 /* 85.25.213.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5519F86C /* 85.25.248.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5519FF8C /* 85.25.255.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551FBAA4 /* 85.31.186.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551FBAFD /* 85.31.186.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55305EAE /* 85.48.94.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5556DA1B /* 85.86.218.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555AF417 /* 85.90.244.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555AF61E /* 85.90.246.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555D102F /* 85.93.16.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555D118F /* 85.93.17.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555DD12C /* 85.93.209.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555DD914 /* 85.93.217.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555DDACC /* 85.93.218.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5571279A /* 85.113.39.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55728560 /* 85.114.133.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55775297 /* 85.119.82.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5577538D /* 85.119.83.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x557F54E9 /* 85.127.84.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558398DD /* 85.131.152.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558CB60C /* 85.140.182.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558FD2E9 /* 85.143.210.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558FDBD3 /* 85.143.219.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55902C37 /* 85.144.44.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5591AD1F /* 85.145.173.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5598E41D /* 85.152.228.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x559D7EA2 /* 85.157.126.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x559FD337 /* 85.159.211.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x559FEDD2 /* 85.159.237.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55A53635 /* 85.165.54.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55A71195 /* 85.167.17.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55ABADA1 /* 85.171.173.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55B584A4 /* 85.181.132.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55B8A080 /* 85.184.160.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55BEFF04 /* 85.190.255.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55BFF855 /* 85.191.248.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C36BFA /* 85.195.107.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3CF6F /* 85.195.207.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3D709 /* 85.195.215.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3EB78 /* 85.195.235.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3F28A /* 85.195.242.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3F2E2 /* 85.195.242.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3FC68 /* 85.195.252.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3FCC6 /* 85.195.252.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D4009E /* 85.212.0.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D406BD /* 85.212.6.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D42363 /* 85.212.35.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D42B74 /* 85.212.43.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D42DB8 /* 85.212.45.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D4395F /* 85.212.57.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D617BC /* 85.214.23.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D62CAC /* 85.214.44.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D636FE /* 85.214.54.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D63AEC /* 85.214.58.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D63E30 /* 85.214.62.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6407E /* 85.214.64.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D642BB /* 85.214.66.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6454B /* 85.214.69.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D665E9 /* 85.214.101.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D66C5F /* 85.214.108.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D673D6 /* 85.214.115.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D67CA8 /* 85.214.124.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D67D0B /* 85.214.125.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D680A0 /* 85.214.128.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D680C7 /* 85.214.128.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6907F /* 85.214.144.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6909F /* 85.214.144.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D69748 /* 85.214.151.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6CEDB /* 85.214.206.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6E5B0 /* 85.214.229.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6ECCF /* 85.214.236.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6F40D /* 85.214.244.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D809FE /* 85.216.9.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D85A76 /* 85.216.90.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55DC2AC3 /* 85.220.42.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55DCBEF6 /* 85.220.190.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55DE00E5 /* 85.222.0.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E2753E /* 85.226.117.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E279EB /* 85.226.121.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3814C /* 85.227.129.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3BABD /* 85.227.186.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3BC91 /* 85.227.188.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3BCCD /* 85.227.188.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E44587 /* 85.228.69.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E55450 /* 85.229.84.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E55FF1 /* 85.229.95.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E5E4AE /* 85.229.228.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E61558 /* 85.230.21.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E6887E /* 85.230.136.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E6EF64 /* 85.230.239.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55EBFA58 /* 85.235.250.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F09F14 /* 85.240.159.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F0FFE6 /* 85.240.255.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F23B3B /* 85.242.59.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F567DE /* 85.245.103.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F8E3A3 /* 85.248.227.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F8E3A4 /* 85.248.227.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F8E3A5 /* 85.248.227.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55FF019E /* 85.255.1.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55FF0863 /* 85.255.8.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56037EC1 /* 86.3.126.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56078C1F /* 86.7.140.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x561277B3 /* 86.18.119.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x561704E0 /* 86.23.4.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5619641D /* 86.25.100.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x561DD073 /* 86.29.208.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563864B9 /* 86.56.100.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B1526 /* 86.59.21.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B15A3 /* 86.59.21.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B7753 /* 86.59.119.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B7758 /* 86.59.119.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563BA563 /* 86.59.165.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5646384E /* 86.70.56.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x564C4BF0 /* 86.76.75.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5653791D /* 86.83.121.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56537ACB /* 86.83.122.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5656AD3E /* 86.86.173.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x565820C7 /* 86.88.32.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56582191 /* 86.88.33.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56657F7A /* 86.101.127.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5667BC2F /* 86.103.188.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56680F0F /* 86.104.15.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5669D482 /* 86.105.212.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5669D4CC /* 86.105.212.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566A8906 /* 86.106.137.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6E22 /* 86.107.110.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6E52 /* 86.107.110.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6E8F /* 86.107.110.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6EE0 /* 86.107.110.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566E7549 /* 86.110.117.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566E7595 /* 86.110.117.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x567BDFAE /* 86.123.223.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x567DE7E3 /* 86.125.231.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56805BEF /* 86.128.91.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5687B16A /* 86.135.177.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x568EFA19 /* 86.142.250.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5699F453 /* 86.153.244.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x569BDBB7 /* 86.155.219.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56AC5B6A /* 86.172.91.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56AE499A /* 86.174.73.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56B3C248 /* 86.179.194.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56CA8ED2 /* 86.202.142.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56CAE27C /* 86.202.226.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56E53486 /* 86.229.52.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56EE99B7 /* 86.238.153.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56EEDDD9 /* 86.238.221.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56F56FEC /* 86.245.111.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56F6018B /* 86.246.1.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56F6AC32 /* 86.246.172.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56FD45C5 /* 86.253.69.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5702EC23 /* 87.2.236.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57056E71 /* 87.5.110.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57071528 /* 87.7.21.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5714C5DD /* 87.20.197.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57340321 /* 87.52.3.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x573CAC5C /* 87.60.172.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574849E7 /* 87.72.73.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5748C571 /* 87.72.197.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5748EFBB /* 87.72.239.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5749544D /* 87.73.84.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574F2E08 /* 87.79.46.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574F4F5E /* 87.79.79.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574F5F97 /* 87.79.95.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574FFDCA /* 87.79.253.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5751943D /* 87.81.148.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x575C111C /* 87.92.17.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x575C61C2 /* 87.92.97.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x575CA318 /* 87.92.163.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57629897 /* 87.98.152.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762B23D /* 87.98.178.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762B905 /* 87.98.185.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762F396 /* 87.98.243.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762F554 /* 87.98.245.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762FAF4 /* 87.98.250.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762FD54 /* 87.98.253.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57660FD8 /* 87.102.15.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576A0E9F /* 87.106.14.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576A3B0C /* 87.106.59.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576A8C18 /* 87.106.140.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576AD0EC /* 87.106.208.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576AF976 /* 87.106.249.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x577654B5 /* 87.118.84.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57765C2B /* 87.118.92.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57765EE3 /* 87.118.94.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766436 /* 87.118.100.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766A40 /* 87.118.106.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766E71 /* 87.118.110.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766E9E /* 87.118.110.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5776703F /* 87.118.112.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767286 /* 87.118.114.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767291 /* 87.118.114.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x577673B0 /* 87.118.115.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5776740C /* 87.118.116.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5776745A /* 87.118.116.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x577674E3 /* 87.118.116.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767A1E /* 87.118.122.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767A32 /* 87.118.122.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767A33 /* 87.118.122.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767AC9 /* 87.118.122.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767AFE /* 87.118.122.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767ECE /* 87.118.126.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767EDA /* 87.118.126.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778241A /* 87.120.36.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778FE47 /* 87.120.254.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778FECC /* 87.120.254.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778FEF5 /* 87.120.254.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57806FBE /* 87.128.111.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57847BCB /* 87.132.123.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5784C8BC /* 87.132.200.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5786449E /* 87.134.68.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578B21D9 /* 87.139.33.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578B8B03 /* 87.139.139.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578E63CC /* 87.142.99.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578E6FB2 /* 87.142.111.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578E7868 /* 87.142.120.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5793BF8D /* 87.147.191.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57948874 /* 87.148.136.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5796D6BD /* 87.150.214.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57987F6D /* 87.152.127.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5799207E /* 87.153.32.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579C9AF5 /* 87.156.154.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579DB391 /* 87.157.179.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579F3CFD /* 87.159.60.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579F5887 /* 87.159.88.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579FBE89 /* 87.159.190.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579FEBA5 /* 87.159.235.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A247EF /* 87.162.71.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A2C503 /* 87.162.197.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A618C6 /* 87.166.24.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A631E2 /* 87.166.49.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AA8B6E /* 87.170.139.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ABDF9F /* 87.171.223.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AC14FA /* 87.172.20.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ADD49F /* 87.173.212.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AE6C25 /* 87.174.108.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AECCC6 /* 87.174.204.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AEE042 /* 87.174.224.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AEFD48 /* 87.174.253.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B18038 /* 87.177.128.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B3C9DB /* 87.179.201.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B4E2EE /* 87.180.226.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B528B4 /* 87.181.40.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B55BD9 /* 87.181.91.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B6D189 /* 87.182.209.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B91C30 /* 87.185.28.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57BA2215 /* 87.186.34.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57C1B3EE /* 87.193.179.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57C1D00E /* 87.193.208.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57D63AC8 /* 87.214.58.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57D8ABB3 /* 87.216.171.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57DECE2D /* 87.222.206.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57E61995 /* 87.230.25.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ECC217 /* 87.236.194.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ECD71E /* 87.236.215.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ECD753 /* 87.236.215.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57FE5C78 /* 87.254.92.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5805A5DF /* 88.5.165.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x581B4113 /* 88.27.65.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584187CD /* 88.65.135.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584567A9 /* 88.69.103.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58485BDA /* 88.72.91.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5849369E /* 88.73.54.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584C47D4 /* 88.76.71.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584E43A5 /* 88.78.67.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58500705 /* 88.80.7.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5850D6BD /* 88.80.214.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x585666A3 /* 88.86.102.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5859086D /* 88.89.8.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5862FCEA /* 88.98.252.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58630E5C /* 88.99.14.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586315A3 /* 88.99.21.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586315AB /* 88.99.21.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58631B83 /* 88.99.27.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58631BE7 /* 88.99.27.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58631FBA /* 88.99.31.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863230C /* 88.99.35.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586323B2 /* 88.99.35.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58632420 /* 88.99.36.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863466B /* 88.99.70.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58634B5E /* 88.99.75.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863504E /* 88.99.80.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586353A3 /* 88.99.83.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586356AE /* 88.99.86.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58635784 /* 88.99.87.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586360E0 /* 88.99.96.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863685E /* 88.99.104.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586D1267 /* 88.109.18.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5873E58C /* 88.115.229.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x588B8C5B /* 88.139.140.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x588E30D8 /* 88.142.48.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5895B559 /* 88.149.181.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5898AB67 /* 88.152.171.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5898ED49 /* 88.152.237.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589C0AFD /* 88.156.10.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589CB6C4 /* 88.156.182.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F2BF1 /* 88.159.43.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F4DC4 /* 88.159.77.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F8B11 /* 88.159.139.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F8E93 /* 88.159.142.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589FA4F9 /* 88.159.164.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589FF570 /* 88.159.245.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58A13860 /* 88.161.56.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58A7FEF1 /* 88.167.254.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58AE5A97 /* 88.174.90.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B00C64 /* 88.176.12.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B0B407 /* 88.176.180.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B256CA /* 88.178.86.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B3309A /* 88.179.48.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B4AD3F /* 88.180.173.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B99B86 /* 88.185.155.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BA120C /* 88.186.18.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BB785A /* 88.187.120.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BBE91B /* 88.187.233.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BCDCD1 /* 88.188.220.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BDCE35 /* 88.189.206.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BE765F /* 88.190.118.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BED2F0 /* 88.190.210.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BFCD30 /* 88.191.205.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BFD421 /* 88.191.212.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C0FD11 /* 88.192.253.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C1997C /* 88.193.153.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C38F0D /* 88.195.143.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C60603 /* 88.198.6.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C60BAB /* 88.198.11.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C60D74 /* 88.198.13.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C61304 /* 88.198.19.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C617DD /* 88.198.23.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C62424 /* 88.198.36.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C62C91 /* 88.198.44.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C63436 /* 88.198.52.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6388C /* 88.198.56.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C66D95 /* 88.198.109.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C66EC2 /* 88.198.110.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C677C5 /* 88.198.119.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C67D60 /* 88.198.125.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C694FF /* 88.198.148.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6A4DB /* 88.198.164.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6C09C /* 88.198.192.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6C259 /* 88.198.194.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6CFDE /* 88.198.207.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6D403 /* 88.198.212.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6FD0D /* 88.198.253.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6FD18 /* 88.198.253.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6FD1B /* 88.198.253.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C84964 /* 88.200.73.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C99131 /* 88.201.145.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58CACA2A /* 88.202.202.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58CC70F2 /* 88.204.112.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58CC71BD /* 88.204.113.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D0794E /* 88.208.121.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D0F50A /* 88.208.245.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D4228D /* 88.212.34.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D74B9A /* 88.215.75.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D7BAB9 /* 88.215.186.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D96856 /* 88.217.104.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D98F35 /* 88.217.143.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D9ABE1 /* 88.217.171.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59002F22 /* 89.0.47.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59005227 /* 89.0.82.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59008F3F /* 89.0.143.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59036176 /* 89.3.97.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x590CB328 /* 89.12.179.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x590CCA35 /* 89.12.202.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x590DB50A /* 89.13.181.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5910B09E /* 89.16.176.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5912AC64 /* 89.18.172.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5912AC70 /* 89.18.172.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5912AD29 /* 89.18.173.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5916613A /* 89.22.97.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x591661C1 /* 89.22.97.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x591F393A /* 89.31.57.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x591F60A8 /* 89.31.96.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59207FB2 /* 89.32.127.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59210618 /* 89.33.6.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5921CF50 /* 89.33.207.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5921F672 /* 89.33.246.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED15 /* 89.34.237.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED65 /* 89.34.237.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED79 /* 89.34.237.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED88 /* 89.34.237.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922EDC0 /* 89.34.237.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5923869A /* 89.35.134.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5923B268 /* 89.35.178.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5924DA7F /* 89.36.218.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5926D039 /* 89.38.208.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59274321 /* 89.39.67.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59284795 /* 89.40.71.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5928B56B /* 89.40.181.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592D2394 /* 89.45.35.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592D4389 /* 89.45.67.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592DE21C /* 89.45.226.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592E4662 /* 89.46.70.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592E6447 /* 89.46.100.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592E64A2 /* 89.46.100.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x594418D2 /* 89.68.24.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x594704AD /* 89.71.4.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5947A11E /* 89.71.161.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x594939B2 /* 89.73.57.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x595E01B3 /* 89.94.1.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59639B85 /* 89.99.155.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596408AB /* 89.100.8.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5964217D /* 89.100.33.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59661F13 /* 89.102.31.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59668C7A /* 89.102.140.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59669309 /* 89.102.147.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59676FD9 /* 89.103.111.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596B9BA2 /* 89.107.155.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596DE24B /* 89.109.226.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596E300A /* 89.110.48.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596F1444 /* 89.111.20.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5980CD65 /* 89.128.205.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5984E1FA /* 89.132.225.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59857E05 /* 89.133.126.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59900C0F /* 89.144.12.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5996AE32 /* 89.150.174.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x599F5484 /* 89.159.84.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A1600E /* 89.161.96.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3803B /* 89.163.128.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38042 /* 89.163.128.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3864C /* 89.163.134.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38D73 /* 89.163.141.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38D74 /* 89.163.141.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38DEF /* 89.163.141.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A39130 /* 89.163.145.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3925D /* 89.163.146.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3940D /* 89.163.148.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A39D4F /* 89.163.157.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A39F2C /* 89.163.159.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3C4DD /* 89.163.196.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D2A3 /* 89.163.210.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D2A4 /* 89.163.210.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D83C /* 89.163.216.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D926 /* 89.163.217.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3DB1B /* 89.163.219.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3DB76 /* 89.163.219.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E019 /* 89.163.224.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E0BB /* 89.163.224.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E0D4 /* 89.163.224.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E0FA /* 89.163.224.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E106 /* 89.163.225.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E107 /* 89.163.225.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E173 /* 89.163.225.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E191 /* 89.163.225.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E1B8 /* 89.163.225.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F574 /* 89.163.245.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F5B5 /* 89.163.245.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F5B8 /* 89.163.245.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F5C7 /* 89.163.245.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F67F /* 89.163.246.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F72B /* 89.163.247.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F9C8 /* 89.163.249.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F9C9 /* 89.163.249.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A6609C /* 89.166.96.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A67C0D /* 89.166.124.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59AC81D1 /* 89.172.129.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59AF1BA3 /* 89.175.27.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B011EA /* 89.176.17.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B2AAE4 /* 89.178.170.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B377A5 /* 89.179.119.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B37F7C /* 89.179.127.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B74400 /* 89.183.68.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB8ED0 /* 89.187.142.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB8F51 /* 89.187.143.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB907A /* 89.187.144.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB9167 /* 89.187.145.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BFC7F5 /* 89.191.199.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BFD901 /* 89.191.217.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59CF8196 /* 89.207.129.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD040 /* 89.221.208.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD08A /* 89.221.208.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD164 /* 89.221.209.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD27A /* 89.221.210.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD297 /* 89.221.210.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DF1BF1 /* 89.223.27.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EA9DFE /* 89.234.157.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EAB76E /* 89.234.183.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EABA24 /* 89.234.186.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EC2275 /* 89.236.34.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EE59C5 /* 89.238.89.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F6CC36 /* 89.246.204.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F8A69D /* 89.248.166.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F8AAE3 /* 89.248.170.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F94106 /* 89.249.65.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A0106B5 /* 90.1.6.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A06197C /* 90.6.25.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A2C5DDA /* 90.44.93.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A3FDA8B /* 90.63.218.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A416676 /* 90.65.102.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A4E1922 /* 90.78.25.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A4F659A /* 90.79.101.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A573FAD /* 90.87.63.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A685368 /* 90.104.83.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A6896BF /* 90.104.150.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A69A893 /* 90.105.168.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A700D78 /* 90.112.13.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A708FA7 /* 90.112.143.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A7887A8 /* 90.120.135.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A7EADC0 /* 90.126.173.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AB8DE76 /* 90.184.222.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AB8EF9A /* 90.184.239.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ABC1BB8 /* 90.188.27.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ABF645B /* 90.191.100.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AD0B354 /* 90.208.179.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ADC0A6E /* 90.220.10.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AE150DB /* 90.225.80.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AE2B287 /* 90.226.178.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AE68576 /* 90.230.133.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B007B9F /* 91.0.123.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B015603 /* 91.1.86.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B02AA6E /* 91.2.170.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B054CD4 /* 91.5.76.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B0846A3 /* 91.8.70.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B08D86F /* 91.8.216.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B09CB9D /* 91.9.203.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B0B28ED /* 91.11.40.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B1155E2 /* 91.17.85.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B12557C /* 91.18.85.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B12EA5A /* 91.18.234.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B13E9CF /* 91.19.233.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B147FDA /* 91.20.127.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B156D49 /* 91.21.109.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B208735 /* 91.32.135.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B20C025 /* 91.32.192.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B228FDD /* 91.34.143.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2529A9 /* 91.37.41.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B293947 /* 91.41.57.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B298B37 /* 91.41.139.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2A4735 /* 91.42.71.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2AB21C /* 91.42.178.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2D864A /* 91.45.134.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B31245C /* 91.49.36.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B339017 /* 91.51.144.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B352D2B /* 91.53.45.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B36C44C /* 91.54.196.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3B43E1 /* 91.59.67.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3BBE64 /* 91.59.190.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3E5239 /* 91.62.82.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3FA90B /* 91.63.169.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40007D /* 91.64.0.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B408F14 /* 91.64.143.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40A481 /* 91.64.164.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40D118 /* 91.64.209.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40FE7E /* 91.64.254.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B413DD9 /* 91.65.61.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B41A679 /* 91.65.166.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B42816A /* 91.66.129.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B436D56 /* 91.67.109.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B43858C /* 91.67.133.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B439B7F /* 91.67.155.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B4F1C58 /* 91.79.28.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B59FDD8 /* 91.89.253.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B600FC2 /* 91.96.15.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B61B4F8 /* 91.97.180.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6467C4 /* 91.100.103.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B69CB5C /* 91.105.203.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6A8BE1 /* 91.106.139.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6AAB1D /* 91.106.171.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6AAC3A /* 91.106.172.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6AAD4B /* 91.106.173.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6B68EE /* 91.107.104.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6B692E /* 91.107.105.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6D1DF1 /* 91.109.29.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6D9C46 /* 91.109.156.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B720536 /* 91.114.5.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B790114 /* 91.121.1.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B790E99 /* 91.121.14.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791043 /* 91.121.16.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791764 /* 91.121.23.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791C40 /* 91.121.28.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791C42 /* 91.121.28.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B793608 /* 91.121.54.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B794CAF /* 91.121.76.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B794D25 /* 91.121.77.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B794FBC /* 91.121.79.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795198 /* 91.121.81.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795219 /* 91.121.82.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79536C /* 91.121.83.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795489 /* 91.121.84.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795582 /* 91.121.85.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795DA0 /* 91.121.93.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79623A /* 91.121.98.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B796C40 /* 91.121.108.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B797168 /* 91.121.113.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B797422 /* 91.121.116.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79777A /* 91.121.119.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7985E1 /* 91.121.133.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B798884 /* 91.121.136.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799341 /* 91.121.147.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799991 /* 91.121.153.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799B21 /* 91.121.155.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799E11 /* 91.121.158.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799F24 /* 91.121.159.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79A006 /* 91.121.160.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79A698 /* 91.121.166.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79C09A /* 91.121.192.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79C384 /* 91.121.195.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79C3A9 /* 91.121.195.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79D144 /* 91.121.209.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E00A /* 91.121.224.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D0 /* 91.121.230.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D2 /* 91.121.230.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D4 /* 91.121.230.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D6 /* 91.121.230.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D8 /* 91.121.230.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6DA /* 91.121.230.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A1FAF /* 91.122.31.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A2FEA /* 91.122.47.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A34ED /* 91.122.52.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A640D /* 91.122.100.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7D1BBB /* 91.125.27.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7E2D22 /* 91.126.45.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868558 /* 91.134.133.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86870C /* 91.134.135.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86886B /* 91.134.136.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868963 /* 91.134.137.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868BC8 /* 91.134.139.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868BCF /* 91.134.139.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868BD7 /* 91.134.139.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B869BF4 /* 91.134.155.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86B4F0 /* 91.134.180.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86D8A0 /* 91.134.216.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86DAB0 /* 91.134.218.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86E830 /* 91.134.232.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86E831 /* 91.134.232.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86F3AD /* 91.134.243.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B88A4E3 /* 91.136.164.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8A1429 /* 91.138.20.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8A47EC /* 91.138.71.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8F50DC /* 91.143.80.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8F5B7D /* 91.143.91.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8F5B8E /* 91.143.91.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B9107E2 /* 91.145.7.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B91765D /* 91.145.118.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B927903 /* 91.146.121.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B927A2D /* 91.146.122.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B98713E /* 91.152.113.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B9A47D8 /* 91.154.71.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BA07B04 /* 91.160.123.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BB171C0 /* 91.177.113.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBA0896 /* 91.186.8.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBA3E92 /* 91.186.62.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBC7D80 /* 91.188.125.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBE754D /* 91.190.117.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBEEA42 /* 91.190.234.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC25A67 /* 91.194.90.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC5EA66 /* 91.197.234.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC5EA6A /* 91.197.234.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC6D4FA /* 91.198.212.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC80D07 /* 91.200.13.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCA2969 /* 91.202.41.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCA2EBD /* 91.202.46.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCAA8B8 /* 91.202.168.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCAA8B9 /* 91.202.168.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB0592 /* 91.203.5.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB05A1 /* 91.203.5.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB05A5 /* 91.203.5.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB927E /* 91.203.146.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCDAD52 /* 91.205.173.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCDAF8A /* 91.205.175.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD2685B /* 91.210.104.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD26A86 /* 91.210.106.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD36BAC /* 91.211.107.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD3F770 /* 91.211.247.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD50854 /* 91.213.8.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD50859 /* 91.213.8.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD50865 /* 91.213.8.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD508EB /* 91.213.8.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD508EC /* 91.213.8.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD5E93C /* 91.213.233.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD5E96B /* 91.213.233.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD5E98A /* 91.213.233.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD6A945 /* 91.214.169.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1C55 /* 91.219.28.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1C63 /* 91.219.28.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1CD3 /* 91.219.28.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1D8E /* 91.219.29.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1D9D /* 91.219.29.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1DBC /* 91.219.29.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1DEE /* 91.219.29.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECAE /* 91.219.236.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECDA /* 91.219.236.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECE8 /* 91.219.236.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECFA /* 91.219.236.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBED13 /* 91.219.237.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBED75 /* 91.219.237.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBED9A /* 91.219.237.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEDE5 /* 91.219.237.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEDEB /* 91.219.237.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEDF4 /* 91.219.237.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEEDD /* 91.219.238.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEF5C /* 91.219.239.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEFFA /* 91.219.239.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDCDC05 /* 91.220.220.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDD42DC /* 91.221.66.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDD7721 /* 91.221.119.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDF529C /* 91.223.82.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDF6A59 /* 91.223.106.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDF6A5A /* 91.223.106.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE09521 /* 91.224.149.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE09C75 /* 91.224.156.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE09D63 /* 91.224.157.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE434BA /* 91.228.52.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE43556 /* 91.228.53.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE5141B /* 91.229.20.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE54C7C /* 91.229.76.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE6CC50 /* 91.230.204.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE75665 /* 91.231.86.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE756CC /* 91.231.86.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE8E12B /* 91.232.225.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96A79 /* 91.233.106.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96A91 /* 91.233.106.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96AAC /* 91.233.106.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96AED /* 91.233.106.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE97433 /* 91.233.116.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE97477 /* 91.233.116.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE985F7 /* 91.233.133.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEB8832 /* 91.235.136.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEC7457 /* 91.236.116.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEC745D /* 91.236.116.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEC745E /* 91.236.116.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECEF87 /* 91.236.239.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECEF8C /* 91.236.239.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB15 /* 91.236.251.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB18 /* 91.236.251.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB1E /* 91.236.251.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB2A /* 91.236.251.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB48 /* 91.236.251.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BED34AA /* 91.237.52.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BED5867 /* 91.237.88.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BED58B5 /* 91.237.88.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEDF43E /* 91.237.244.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEDF73E /* 91.237.247.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEFE851 /* 91.239.232.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF04305 /* 91.240.67.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF0E5C3 /* 91.240.229.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF2A3BA /* 91.242.163.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF3CB50 /* 91.243.203.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF3D521 /* 91.243.213.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF7FB1A /* 91.247.251.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF817F0 /* 91.248.23.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BFA75FC /* 91.250.117.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C1B07D1 /* 92.27.7.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C267E8C /* 92.38.126.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C26AD50 /* 92.38.173.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C27F62D /* 92.39.246.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C32A1F6 /* 92.50.161.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C33F583 /* 92.51.245.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FACF7 /* 92.63.172.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FAD18 /* 92.63.173.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FAE24 /* 92.63.174.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FAE47 /* 92.63.174.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C4BBA9C /* 92.75.186.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C4C66DE /* 92.76.102.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C59523D /* 92.89.82.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C5E640B /* 92.94.100.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C5F4274 /* 92.95.66.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C648326 /* 92.100.131.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6CC255 /* 92.108.194.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6D527B /* 92.109.82.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6F04B1 /* 92.111.4.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6F59EE /* 92.111.89.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C824D96 /* 92.130.77.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CA75FDB /* 92.167.95.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CA78C44 /* 92.167.140.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CA916D1 /* 92.169.22.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CC344A6 /* 92.195.68.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CC905E2 /* 92.201.5.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CCC0195 /* 92.204.1.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CCE1A1D /* 92.206.26.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CD3274D /* 92.211.39.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDC4808 /* 92.220.72.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDC4ED7 /* 92.220.78.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDD5AA1 /* 92.221.90.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDDC98A /* 92.221.201.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE0466 /* 92.222.4.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE060C /* 92.222.6.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1482 /* 92.222.20.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1625 /* 92.222.22.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1671 /* 92.222.22.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE17C2 /* 92.222.23.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE19BF /* 92.222.25.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1AD8 /* 92.222.26.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1CF3 /* 92.222.28.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE2643 /* 92.222.38.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE27B7 /* 92.222.39.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE27C4 /* 92.222.39.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE4519 /* 92.222.69.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE45AD /* 92.222.69.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE46AC /* 92.222.70.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE4ACB /* 92.222.74.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE4AE2 /* 92.222.74.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5488 /* 92.222.84.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE55AB /* 92.222.85.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE59BF /* 92.222.89.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5A9C /* 92.222.90.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5CFA /* 92.222.92.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5E33 /* 92.222.94.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE67E8 /* 92.222.103.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE67E9 /* 92.222.103.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE731C /* 92.222.115.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE9993 /* 92.222.153.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEA236 /* 92.222.162.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEB457 /* 92.222.180.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEB568 /* 92.222.181.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEB57B /* 92.222.181.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDECC60 /* 92.222.204.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CE0048E /* 92.224.4.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CE0AC08 /* 92.224.172.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CE10812 /* 92.225.8.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF228C0 /* 92.242.40.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF24A87 /* 92.242.74.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF3141E /* 92.243.20.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF31ED0 /* 92.243.30.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF34569 /* 92.243.69.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF41F1C /* 92.244.31.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF733A9 /* 92.247.51.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF8E784 /* 92.248.231.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF98F77 /* 92.249.143.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF9955F /* 92.249.149.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFE3951 /* 92.254.57.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFFB08A /* 92.255.176.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFFCF59 /* 92.255.207.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFFFB42 /* 92.255.251.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D1B3351 /* 93.27.51.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D32BA03 /* 93.50.186.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D3A0B18 /* 93.58.11.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D40CF37 /* 93.64.207.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D41D51F /* 93.65.213.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D42D1BC /* 93.66.209.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D492760 /* 93.73.39.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D4A2AE6 /* 93.74.42.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D59651B /* 93.89.101.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5CCB71 /* 93.92.203.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64A4 /* 93.95.100.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64A6 /* 93.95.100.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64CA /* 93.95.100.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64CB /* 93.95.100.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5FE3F5 /* 93.95.227.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5FE431 /* 93.95.228.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5FE450 /* 93.95.228.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D648EB6 /* 93.100.142.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D64D3D8 /* 93.100.211.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D67E349 /* 93.103.227.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68762D /* 93.104.118.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68A579 /* 93.104.165.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D06A /* 93.104.208.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D120 /* 93.104.209.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D19E /* 93.104.209.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D33E /* 93.104.211.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D541 /* 93.104.213.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D71AF19 /* 93.113.175.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D731B34 /* 93.115.27.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D731C0D /* 93.115.28.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D731D56 /* 93.115.29.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73548F /* 93.115.84.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735B42 /* 93.115.91.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735F26 /* 93.115.95.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FC9 /* 93.115.95.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCA /* 93.115.95.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCC /* 93.115.95.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCD /* 93.115.95.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCE /* 93.115.95.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCF /* 93.115.95.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FD8 /* 93.115.95.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D7361F2 /* 93.115.97.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73F102 /* 93.115.241.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73F132 /* 93.115.241.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73F1C2 /* 93.115.241.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D760102 /* 93.118.1.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D7B5A0D /* 93.123.90.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D7BE197 /* 93.123.225.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D81296E /* 93.129.41.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D989FDF /* 93.152.159.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9D3316 /* 93.157.51.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9ED834 /* 93.158.216.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9ED83F /* 93.158.216.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9ED88E /* 93.158.216.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4D94 /* 93.170.77.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4DAE /* 93.170.77.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4DDF /* 93.170.77.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4DE7 /* 93.170.77.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAAA93E /* 93.170.169.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAE5D85 /* 93.174.93.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB4882B /* 93.180.136.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB49A5E /* 93.180.154.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB49C54 /* 93.180.156.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB49D9A /* 93.180.157.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB5035B /* 93.181.3.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB81462 /* 93.184.20.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB81E14 /* 93.184.30.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB842E3 /* 93.184.66.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB96DBF /* 93.185.109.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBA0E46 /* 93.186.14.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBAC844 /* 93.186.200.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBAC8D5 /* 93.186.200.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBACAC3 /* 93.186.202.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBACAF1 /* 93.186.202.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBD1A16 /* 93.189.26.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBD5AF4 /* 93.189.90.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBE5F18 /* 93.190.95.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBE8D73 /* 93.190.141.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DC27838 /* 93.194.120.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DC4E9F0 /* 93.196.233.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DC5F186 /* 93.197.241.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCBFEFE /* 93.203.254.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCDACFE /* 93.205.172.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCDE0CA /* 93.205.224.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCE42BD /* 93.206.66.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCF77FA /* 93.207.119.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD12CEB /* 93.209.44.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD1A8B8 /* 93.209.168.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD3D5CF /* 93.211.213.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD4544A /* 93.212.84.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD77920 /* 93.215.121.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDA60B7 /* 93.218.96.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDB4A99 /* 93.219.74.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDB4F18 /* 93.219.79.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDEE4A5 /* 93.222.228.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDF73C6 /* 93.223.115.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE03EA0 /* 93.224.62.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE1B52D /* 93.225.181.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE32C29 /* 93.227.44.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE38F2B /* 93.227.143.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE44117 /* 93.228.65.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE79F0B /* 93.231.159.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE7E5FC /* 93.231.229.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE8FF95 /* 93.232.255.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE98875 /* 93.233.136.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DEAADD4 /* 93.234.173.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DECF646 /* 93.236.246.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DED9761 /* 93.237.151.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DED9CAC /* 93.237.156.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DEF2BAB /* 93.239.43.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DF42B23 /* 93.244.43.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E108907 /* 94.16.137.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E10AD6A /* 94.16.173.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E15EB8D /* 94.21.235.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E16C5B3 /* 94.22.197.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1701A4 /* 94.23.1.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1707A1 /* 94.23.7.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17113A /* 94.23.17.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1712A9 /* 94.23.18.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17141C /* 94.23.20.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E171DCC /* 94.23.29.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E179031 /* 94.23.144.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1799F1 /* 94.23.153.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E179A24 /* 94.23.154.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17A526 /* 94.23.165.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17AD5D /* 94.23.173.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17ADF9 /* 94.23.173.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17AE1A /* 94.23.174.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17CCAF /* 94.23.204.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17DBC0 /* 94.23.219.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17DC58 /* 94.23.220.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17F72A /* 94.23.247.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17F89E /* 94.23.248.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1A5862 /* 94.26.88.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1A8C96 /* 94.26.140.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1CF47B /* 94.28.244.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1F35CB /* 94.31.53.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E225DB0 /* 94.34.93.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E2E0D0B /* 94.46.13.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E2E52EC /* 94.46.82.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E32882A /* 94.50.136.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E3CFF2A /* 94.60.255.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E3DCC41 /* 94.61.204.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4A5171 /* 94.74.81.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4BE8F2 /* 94.75.232.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4F89B6 /* 94.79.137.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4FADE2 /* 94.79.173.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E640617 /* 94.100.6.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E64061B /* 94.100.6.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E6415A2 /* 94.100.21.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E641712 /* 94.100.23.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E64171A /* 94.100.23.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E66322A /* 94.102.50.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E663C55 /* 94.102.60.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E70D94D /* 94.112.217.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E72ACDC /* 94.114.172.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E7EAAA5 /* 94.126.170.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E897888 /* 94.137.120.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8C7868 /* 94.140.120.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8C7882 /* 94.140.120.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8C7A16 /* 94.140.122.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8EF18A /* 94.142.241.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8EF254 /* 94.142.242.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8EF5CE /* 94.142.245.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9B312F /* 94.155.49.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9C4DC0 /* 94.156.77.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9C800A /* 94.156.128.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9CAF78 /* 94.156.175.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB08BBA /* 94.176.139.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB1E450 /* 94.177.228.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB1EAF3 /* 94.177.234.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB52C2D /* 94.181.44.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB52DED /* 94.181.45.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB95A56 /* 94.185.90.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC1F171 /* 94.193.241.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC6445C /* 94.198.68.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66218 /* 94.198.98.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66247 /* 94.198.98.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66411 /* 94.198.100.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66412 /* 94.198.100.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED1AF86 /* 94.209.175.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED1C399 /* 94.209.195.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED57791 /* 94.213.119.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED6CC43 /* 94.214.204.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED8790D /* 94.216.121.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EDABF26 /* 94.218.191.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EDB188C /* 94.219.24.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EDF9D93 /* 94.223.157.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE02CA2 /* 94.224.44.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE16454 /* 94.225.100.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE26BA5 /* 94.226.107.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE4560B /* 94.228.86.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE45790 /* 94.228.87.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE8AE42 /* 94.232.174.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EECF049 /* 94.236.240.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF12A9C /* 94.241.42.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23902 /* 94.242.57.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23954 /* 94.242.57.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23970 /* 94.242.57.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF239A1 /* 94.242.57.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF239D4 /* 94.242.57.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23A02 /* 94.242.58.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23A97 /* 94.242.58.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23AE9 /* 94.242.58.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23B2F /* 94.242.59.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23B93 /* 94.242.59.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23BB6 /* 94.242.59.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23BBB /* 94.242.59.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2D178 /* 94.242.209.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2D179 /* 94.242.209.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2D1F4 /* 94.242.209.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2DE19 /* 94.242.222.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2DE81 /* 94.242.222.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2DED9 /* 94.242.222.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2E4AE /* 94.242.228.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2F617 /* 94.242.246.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2F618 /* 94.242.246.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2FA76 /* 94.242.250.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2FF70 /* 94.242.255.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF53531 /* 94.245.53.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFD0CCB /* 94.253.12.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFDB1E7 /* 94.253.177.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE121F /* 94.254.18.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE1905 /* 94.254.25.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE56CC /* 94.254.86.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE5E9B /* 94.254.94.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F199543 /* 95.25.149.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1B83EE /* 95.27.131.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1BA3AC /* 95.27.163.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1BC4E5 /* 95.27.196.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1C06B0 /* 95.28.6.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1C290B /* 95.28.41.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1C3802 /* 95.28.56.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F0EA0 /* 95.31.14.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F1892 /* 95.31.24.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F26D1 /* 95.31.38.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F7F71 /* 95.31.127.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1FF207 /* 95.31.242.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F26CA17 /* 95.38.202.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F2A7EA7 /* 95.42.126.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F2E6211 /* 95.46.98.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F45E818 /* 95.69.232.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F479350 /* 95.71.147.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F47F93B /* 95.71.249.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F4947DE /* 95.73.71.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F4968B5 /* 95.73.104.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F4F6007 /* 95.79.96.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F502D4A /* 95.80.45.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F54A422 /* 95.84.164.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F54D17E /* 95.84.209.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F550171 /* 95.85.1.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5503BF /* 95.85.3.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5508E2 /* 95.85.8.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F550A47 /* 95.85.10.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F55132E /* 95.85.19.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5513A2 /* 95.85.19.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F551449 /* 95.85.20.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5516AD /* 95.85.22.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F55200A /* 95.85.32.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F55256F /* 95.85.37.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F553236 /* 95.85.50.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5820BA /* 95.88.32.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F585BC5 /* 95.88.91.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F59EB89 /* 95.89.235.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5AB216 /* 95.90.178.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B057D /* 95.91.5.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B1017 /* 95.91.16.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B222D /* 95.91.34.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B95DA /* 95.91.149.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F69A49D /* 95.105.164.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F6C7B1D /* 95.108.123.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F6D7A90 /* 95.109.122.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F722090 /* 95.114.32.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F77AD1B /* 95.119.173.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F7B33AC /* 95.123.51.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F802BA4 /* 95.128.43.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8137AD /* 95.129.55.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820B05 /* 95.130.11.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820B0F /* 95.130.11.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820B93 /* 95.130.11.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820BAA /* 95.130.11.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820BBA /* 95.130.11.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820C1F /* 95.130.12.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820C77 /* 95.130.12.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F841A81 /* 95.132.26.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8C2AB7 /* 95.140.42.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8D230F /* 95.141.35.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8D5392 /* 95.141.83.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8EA0E9 /* 95.142.160.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8EA13F /* 95.142.161.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8EAD12 /* 95.142.173.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FAC8C /* 95.143.172.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FAC93 /* 95.143.172.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACBC /* 95.143.172.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACD4 /* 95.143.172.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACD6 /* 95.143.172.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACE3 /* 95.143.172.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FC191 /* 95.143.193.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9281D1 /* 95.146.129.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9749C7 /* 95.151.73.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9914D4 /* 95.153.20.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F991F08 /* 95.153.31.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9C5F08 /* 95.156.95.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA37923 /* 95.163.121.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA37997 /* 95.163.121.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA58516 /* 95.165.133.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA58F70 /* 95.165.143.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA5940C /* 95.165.148.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA88A56 /* 95.168.138.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA894E9 /* 95.168.148.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA9BC67 /* 95.169.188.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FACEC3F /* 95.172.236.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FAEE6C9 /* 95.174.230.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB7300C /* 95.183.48.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB73081 /* 95.183.48.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB730B4 /* 95.183.48.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB7328A /* 95.183.50.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB732D0 /* 95.183.50.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB7337E /* 95.183.51.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB734AC /* 95.183.52.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB73735 /* 95.183.55.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD0AFA1 /* 95.208.175.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3079E /* 95.211.7.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD31B84 /* 95.211.27.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD376C2 /* 95.211.118.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD38A07 /* 95.211.138.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD38A33 /* 95.211.138.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD39362 /* 95.211.147.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3A094 /* 95.211.160.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3BA50 /* 95.211.186.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3CD8A /* 95.211.205.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3D149 /* 95.211.209.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3D248 /* 95.211.210.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3D809 /* 95.211.216.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E00C /* 95.211.224.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E1A7 /* 95.211.225.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E242 /* 95.211.226.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E65E /* 95.211.230.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD5C3AB /* 95.213.195.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD5CAB2 /* 95.213.202.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD5FB52 /* 95.213.251.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72C66 /* 95.215.44.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72C69 /* 95.215.44.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72CA7 /* 95.215.44.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72CC2 /* 95.215.44.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72CE8 /* 95.215.44.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72D44 /* 95.215.45.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72D8E /* 95.215.45.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72DBC /* 95.215.45.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72E2E /* 95.215.46.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72E45 /* 95.215.46.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72E7B /* 95.215.46.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72EF2 /* 95.215.46.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72EF4 /* 95.215.46.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72F4B /* 95.215.47.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72F96 /* 95.215.47.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72FFB /* 95.215.47.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD73D04 /* 95.215.61.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FDC073C /* 95.220.7.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FDCDFA9 /* 95.220.223.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FDF4CB8 /* 95.223.76.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FEB08A7 /* 95.235.8.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6009F230 /* 96.9.242.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6012AAD4 /* 96.18.170.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602112CA /* 96.33.18.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60238285 /* 96.35.130.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602785DB /* 96.39.133.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602B82B2 /* 96.43.130.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602FEF99 /* 96.47.239.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6034D4A3 /* 96.52.212.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x604144C1 /* 96.65.68.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60417BF9 /* 96.65.123.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60420F93 /* 96.66.15.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60553F29 /* 96.85.63.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60559BD9 /* 96.85.155.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60598D1D /* 96.89.141.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x605B0B51 /* 96.91.11.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x605C7632 /* 96.92.118.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E6009 /* 96.126.96.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E605A /* 96.126.96.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E69DB /* 96.126.105.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E7AA6 /* 96.126.122.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E7DBB /* 96.126.125.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60E94CE8 /* 96.233.76.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60EB82FC /* 96.235.130.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60ED40D5 /* 96.237.64.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60EF7A14 /* 96.239.122.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F20D06 /* 96.242.13.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F29FB1 /* 96.242.159.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F2FC93 /* 96.242.252.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F805AC /* 96.248.5.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F9FE16 /* 96.249.254.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60FD4E6C /* 96.253.78.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60FF478B /* 96.255.71.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x614AEDC4 /* 97.74.237.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x61520CB7 /* 97.82.12.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x61553F86 /* 97.85.63.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x615E705B /* 97.94.112.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x615F230D /* 97.95.35.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x615FD82C /* 97.95.216.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8418 /* 97.107.132.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B867F /* 97.107.134.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8A44 /* 97.107.138.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8B1C /* 97.107.139.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8B6C /* 97.107.139.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8E85 /* 97.107.142.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8EEA /* 97.107.142.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x61785EA3 /* 97.120.94.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x617EC6DC /* 97.126.198.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x617F1B73 /* 97.127.27.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x621A2219 /* 98.26.34.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x621A3022 /* 98.26.48.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6273D502 /* 98.115.213.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62A404DF /* 98.164.4.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62B50CA9 /* 98.181.12.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62C931E2 /* 98.201.49.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D14F33 /* 98.209.79.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D88697 /* 98.216.134.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D90833 /* 98.217.8.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D97962 /* 98.217.121.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62DB0831 /* 98.219.8.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62E19AB7 /* 98.225.154.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62E3E03A /* 98.227.224.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62EBB9A7 /* 98.235.185.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62ED8805 /* 98.237.136.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62F802E4 /* 98.248.2.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62F82838 /* 98.248.40.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x63060E37 /* 99.6.14.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6334B0A2 /* 99.52.176.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x63474BAC /* 99.71.75.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x63F57360 /* 99.245.115.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640069DB /* 100.0.105.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640203AC /* 100.2.3.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6406B61E /* 100.6.182.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6408FAC3 /* 100.8.250.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640B7706 /* 100.11.119.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640F27AD /* 100.15.39.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640F7203 /* 100.15.114.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6410DA28 /* 100.16.218.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x65377D0A /* 101.55.125.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x65648D37 /* 101.100.141.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x656490AE /* 101.100.144.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x65649FD6 /* 101.100.159.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67033D72 /* 103.3.61.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67084FE5 /* 103.8.79.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x670AC532 /* 103.10.197.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x670AC764 /* 103.10.199.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x670E2976 /* 103.14.41.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67193A22 /* 103.25.58.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x671B7C52 /* 103.27.124.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x671D4617 /* 103.29.70.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67233816 /* 103.35.56.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6729B13E /* 103.41.177.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6729B140 /* 103.41.177.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x672AE17E /* 103.42.225.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6738CF54 /* 103.56.207.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67C7103A /* 103.199.16.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67E26B10 /* 103.226.107.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67EADCC5 /* 103.234.220.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67ECC96E /* 103.236.201.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67FA49C3 /* 103.250.73.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67FA49E8 /* 103.250.73.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68201531 /* 104.32.21.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68253D9F /* 104.37.61.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6825C09C /* 104.37.192.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68299523 /* 104.41.149.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6880E070 /* 104.128.224.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6880E249 /* 104.128.226.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6882A979 /* 104.130.169.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688304ED /* 104.131.4.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68830BD6 /* 104.131.11.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68830C8B /* 104.131.12.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68831377 /* 104.131.19.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883177F /* 104.131.23.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68831C36 /* 104.131.28.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883248A /* 104.131.36.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68832A95 /* 104.131.42.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68832D66 /* 104.131.45.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688341E1 /* 104.131.65.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688342C2 /* 104.131.66.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883483D /* 104.131.72.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68835477 /* 104.131.84.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68835684 /* 104.131.86.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688357B4 /* 104.131.87.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688365FB /* 104.131.101.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68836AB5 /* 104.131.106.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68836C07 /* 104.131.108.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68836ECC /* 104.131.110.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68837B10 /* 104.131.123.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688380F7 /* 104.131.128.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883811E /* 104.131.129.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68838282 /* 104.131.130.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68838C45 /* 104.131.140.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68839456 /* 104.131.148.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68839554 /* 104.131.149.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883B286 /* 104.131.178.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883B5AE /* 104.131.181.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883B815 /* 104.131.184.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883CC93 /* 104.131.204.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883CDC0 /* 104.131.205.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883CE17 /* 104.131.206.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883F537 /* 104.131.245.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689C3CA3 /* 104.156.60.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689C3CA6 /* 104.156.60.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689C66C8 /* 104.156.102.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689CE053 /* 104.156.224.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689CE299 /* 104.156.226.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689CE688 /* 104.156.230.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A7645F /* 104.167.100.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A76D4D /* 104.167.109.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A774EA /* 104.167.116.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A83EAE /* 104.168.62.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A83ED1 /* 104.168.62.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A857A7 /* 104.168.87.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A8A722 /* 104.168.167.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A92625 /* 104.169.38.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68BEA4AC /* 104.190.164.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C00747 /* 104.192.7.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C810E3 /* 104.200.16.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C812F4 /* 104.200.18.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C8142E /* 104.200.20.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C8148E /* 104.200.20.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CEED15 /* 104.206.237.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CEED18 /* 104.206.237.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CF802A /* 104.207.128.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CF8069 /* 104.207.128.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CF8514 /* 104.207.133.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68D12CF8 /* 104.209.44.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DC3938 /* 104.220.57.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF0138 /* 104.223.1.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF0CE9 /* 104.223.12.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF1097 /* 104.223.16.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF67BB /* 104.223.103.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7A45 /* 104.223.122.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7A73 /* 104.223.122.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7AD5 /* 104.223.122.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7AEF /* 104.223.122.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E0AD3A /* 104.224.173.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E8775D /* 104.232.119.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E9500F /* 104.233.80.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E953CE /* 104.233.83.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E95629 /* 104.233.86.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E95EB5 /* 104.233.94.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E96AD2 /* 104.233.106.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E97255 /* 104.233.114.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E9773E /* 104.233.119.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E9786C /* 104.233.120.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E97B49 /* 104.233.123.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC1696 /* 104.236.22.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC21AE /* 104.236.33.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2938 /* 104.236.41.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2C85 /* 104.236.44.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2CE0 /* 104.236.44.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2E0A /* 104.236.46.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC3410 /* 104.236.52.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC46C8 /* 104.236.70.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC575A /* 104.236.87.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC656C /* 104.236.101.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC67A7 /* 104.236.103.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC6881 /* 104.236.104.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC830F /* 104.236.131.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC8D9C /* 104.236.141.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC97A0 /* 104.236.151.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECAFCB /* 104.236.175.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECB6CD /* 104.236.182.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECB739 /* 104.236.183.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECC7D9 /* 104.236.199.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECE0E1 /* 104.236.224.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECE7C5 /* 104.236.231.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECEAB2 /* 104.236.234.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECF7DA /* 104.236.247.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECFCA9 /* 104.236.252.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECFD26 /* 104.236.253.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ED9CD6 /* 104.237.156.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EE86B8 /* 104.238.134.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EE9FBF /* 104.238.159.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EEA76F /* 104.238.167.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EEBC62 /* 104.238.188.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EEBE82 /* 104.238.190.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F323C4 /* 104.243.35.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F44A0D /* 104.244.74.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F44D8F /* 104.244.77.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F4DFCC /* 104.244.223.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F52450 /* 104.245.36.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68FA976C /* 104.250.151.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x699E356E /* 105.158.53.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6AB91C19 /* 106.185.28.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6ABA7981 /* 106.186.121.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6ABB2565 /* 106.187.37.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6ABB2F11 /* 106.187.47.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B02D620 /* 107.2.214.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B041F6F /* 107.4.31.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B0D7797 /* 107.13.119.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B9EFF15 /* 107.158.255.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B9EFF16 /* 107.158.255.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA111B4 /* 107.161.17.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA11271 /* 107.161.18.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA11286 /* 107.161.18.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA150C3 /* 107.161.80.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA1AC97 /* 107.161.172.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA2047 /* 107.170.32.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA4E2A /* 107.170.78.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA4E53 /* 107.170.78.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA5CED /* 107.170.92.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA5D0D /* 107.170.93.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA6527 /* 107.170.101.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA6CDE /* 107.170.108.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA711C /* 107.170.113.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA71D4 /* 107.170.113.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA771F /* 107.170.119.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA8F75 /* 107.170.143.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA9607 /* 107.170.150.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA9950 /* 107.170.153.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA9ED4 /* 107.170.158.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAABC9B /* 107.170.188.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAC10E /* 107.170.193.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAACD08 /* 107.170.205.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAD546 /* 107.170.213.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAE7A9 /* 107.170.231.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAE84B /* 107.170.232.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAF442 /* 107.170.244.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAF67B /* 107.170.246.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAF721 /* 107.170.247.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAFD74 /* 107.170.253.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAC170B /* 107.172.23.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAD2B23 /* 107.173.43.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAE3490 /* 107.174.52.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB39941 /* 107.179.153.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB59B83 /* 107.181.155.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5A60B /* 107.181.166.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5AE16 /* 107.181.174.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5AE54 /* 107.181.174.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5BBC7 /* 107.181.187.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB6B3DC /* 107.182.179.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBCBC39 /* 107.188.188.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF2ECC /* 107.191.46.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF2F57 /* 107.191.47.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF38C0 /* 107.191.56.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF672A /* 107.191.103.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF76AB /* 107.191.118.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF7EB8 /* 107.191.126.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BD3F863 /* 107.211.248.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C0431B5 /* 108.4.49.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C0CC48C /* 108.12.196.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C1D0041 /* 108.29.0.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C1F2805 /* 108.31.40.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C1FA9E8 /* 108.31.169.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C203114 /* 108.32.49.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C2304B7 /* 108.35.4.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C2929C7 /* 108.41.41.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C2E22E8 /* 108.46.34.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C331A8D /* 108.51.26.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C339122 /* 108.51.145.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C33EC02 /* 108.51.236.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C35D09D /* 108.53.208.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3A90EA /* 108.58.144.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3B02D0 /* 108.59.2.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D6027 /* 108.61.96.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D60E6 /* 108.61.96.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D6307 /* 108.61.99.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D6395 /* 108.61.99.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D774B /* 108.61.119.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DA500 /* 108.61.165.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DA5A9 /* 108.61.165.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DA7D3 /* 108.61.167.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DB64A /* 108.61.182.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DBE8B /* 108.61.190.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DD44E /* 108.61.212.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C55630A /* 108.85.99.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CA185BD /* 108.161.133.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CA2AB42 /* 108.162.171.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CA84202 /* 108.168.66.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAA920A /* 108.170.146.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAA9FFB /* 108.170.159.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAF02CD /* 108.175.2.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAF0BE6 /* 108.175.11.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CB80514 /* 108.184.5.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CF0B68C /* 108.240.182.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CF857F2 /* 108.248.87.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D00AA2D /* 109.0.170.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D08CFA6 /* 109.8.207.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D18C1D8 /* 109.24.193.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D18DC07 /* 109.24.220.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D1EC5DE /* 109.30.197.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D3FEBB6 /* 109.63.235.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D44AE3C /* 109.68.174.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D44BF84 /* 109.68.191.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D44BF85 /* 109.68.191.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D454311 /* 109.69.67.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4676A4 /* 109.70.118.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4AC3BE /* 109.74.195.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4ACE15 /* 109.74.206.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4BB84D /* 109.75.184.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5A0231 /* 109.90.2.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5A4BC0 /* 109.90.75.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5A6963 /* 109.90.105.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5AB5BD /* 109.90.181.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5B73C8 /* 109.91.115.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6832B3 /* 109.104.50.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D696DA2 /* 109.105.109.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6A3DF9 /* 109.106.61.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6B239A /* 109.107.35.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6C0357 /* 109.108.3.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6C1DF2 /* 109.108.29.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D78B4F5 /* 109.120.180.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D78B5B1 /* 109.120.181.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D7E09E4 /* 109.126.9.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D806B66 /* 109.128.107.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D8086E1 /* 109.128.134.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D827E43 /* 109.130.126.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D914022 /* 109.145.64.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D92A821 /* 109.146.168.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D948254 /* 109.148.130.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D94B389 /* 109.148.179.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D9657AC /* 109.150.87.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D9CC5B9 /* 109.156.197.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D9DDFF9 /* 109.157.223.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA02 /* 109.163.234.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA04 /* 109.163.234.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA05 /* 109.163.234.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA07 /* 109.163.234.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA08 /* 109.163.234.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA09 /* 109.163.234.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA4ECE7 /* 109.164.236.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA921A3 /* 109.169.33.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD29A1 /* 109.173.41.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD3936 /* 109.173.57.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD39A9 /* 109.173.57.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD4CF8 /* 109.173.76.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBBF630 /* 109.187.246.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBC49D8 /* 109.188.73.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBD4EDF /* 109.189.78.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBD9D3F /* 109.189.157.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBE1822 /* 109.190.24.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBE4295 /* 109.190.66.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBEB62C /* 109.190.182.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC01159 /* 109.192.17.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC0DDFB /* 109.192.221.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC13134 /* 109.193.49.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC146DB /* 109.193.70.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC26E91 /* 109.194.110.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC2E7B4 /* 109.194.231.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC373CA /* 109.195.115.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC393F8 /* 109.195.147.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC41236 /* 109.196.18.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC5C1A0 /* 109.197.193.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC98564 /* 109.201.133.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC99408 /* 109.201.148.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE26195 /* 109.226.97.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE48298 /* 109.228.130.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE6E7A5 /* 109.230.231.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE6EC59 /* 109.230.236.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE97FE9 /* 109.233.127.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DEA24C4 /* 109.234.36.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DEC5809 /* 109.236.88.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DFE5606 /* 109.254.86.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DFF006B /* 109.255.0.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DFFBD87 /* 109.255.189.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6E042F8B /* 110.4.47.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6E43583F /* 110.67.88.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6E93A5CA /* 110.147.165.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F59788D /* 111.89.120.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F59A849 /* 111.89.168.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F5A8C51 /* 111.90.140.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F5A92DC /* 111.90.146.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F5A94B2 /* 111.90.148.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x704E06F1 /* 112.78.6.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x71141F2D /* 113.20.31.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x71921957 /* 113.146.25.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7197112D /* 113.151.17.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x71C5335F /* 113.197.51.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x72B688D9 /* 114.182.136.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73463970 /* 115.70.57.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x734D68ED /* 115.77.104.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7354E85B /* 115.84.232.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x737C70EB /* 115.124.112.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73927FE0 /* 115.146.127.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73A36FBA /* 115.163.111.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73BAF33C /* 115.186.243.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73BBF6B8 /* 115.187.246.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7464807E /* 116.100.128.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x751263F9 /* 117.18.99.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x75C9F002 /* 117.201.240.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76094F93 /* 118.9.79.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7612FD23 /* 118.18.253.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x767F6C88 /* 118.127.108.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76A34A9D /* 118.163.74.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76D097C0 /* 118.208.151.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76D0DAD3 /* 118.208.218.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x773B7F68 /* 119.59.127.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x77EBF988 /* 119.235.249.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x781DD92E /* 120.29.217.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7838AA63 /* 120.56.170.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x792CD234 /* 121.44.210.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x792DBF12 /* 121.45.191.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7936AF32 /* 121.54.175.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x794953C0 /* 121.73.83.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7963E40E /* 121.99.228.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7976CB7A /* 121.118.203.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x797971EA /* 121.121.113.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x797FFA9C /* 121.127.250.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7A3B7991 /* 122.59.121.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7B1E8847 /* 123.30.136.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7C521DB5 /* 124.82.29.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7C6D01CF /* 124.109.1.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CA8D5E7 /* 124.168.213.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9F316 /* 124.217.243.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FA48 /* 124.217.250.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FE37 /* 124.217.254.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FE46 /* 124.217.254.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FE63 /* 124.217.254.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FEB1 /* 124.217.254.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CF8F4AE /* 124.248.244.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7D01E599 /* 125.1.229.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD19718 /* 125.209.151.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD4D9C5 /* 125.212.217.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD4DC3C /* 125.212.220.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD4F1B6 /* 125.212.241.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DEEFF4B /* 125.238.255.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7E460792 /* 126.70.7.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x800CB13B /* 128.12.177.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x801E4FCA /* 128.30.79.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x801F0022 /* 128.31.0.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8027081D /* 128.39.8.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80348069 /* 128.52.128.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8034B2E9 /* 128.52.178.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8034B3C0 /* 128.52.179.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8044C9FA /* 128.68.201.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8048D327 /* 128.72.211.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F2821 /* 128.127.40.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F2F40 /* 128.127.47.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F6A31 /* 128.127.106.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F6F19 /* 128.127.111.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8082CC5B /* 128.130.204.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8099927D /* 128.153.146.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7227A /* 128.199.34.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C72305 /* 128.199.35.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C723A2 /* 128.199.35.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7250C /* 128.199.37.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C729EE /* 128.199.41.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C72FA0 /* 128.199.47.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C72FEB /* 128.199.47.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C73725 /* 128.199.55.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C737CF /* 128.199.55.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C73B14 /* 128.199.59.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C745EA /* 128.199.69.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C75130 /* 128.199.81.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C755A5 /* 128.199.85.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C77A68 /* 128.199.122.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C783A8 /* 128.199.131.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C78407 /* 128.199.132.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7859A /* 128.199.133.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C78A4A /* 128.199.138.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C78BE0 /* 128.199.139.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C79C12 /* 128.199.156.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7A36C /* 128.199.163.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7AAF6 /* 128.199.170.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7B364 /* 128.199.179.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C0E6 /* 128.199.192.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C270 /* 128.199.194.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C76B /* 128.199.199.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C778 /* 128.199.199.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7D230 /* 128.199.210.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7DD23 /* 128.199.221.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7E058 /* 128.199.224.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7E42A /* 128.199.228.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7E43D /* 128.199.228.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7EA03 /* 128.199.234.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7EAFC /* 128.199.234.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7EC3C /* 128.199.236.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7F0C1 /* 128.199.240.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7F24B /* 128.199.242.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7F4CE /* 128.199.244.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7FB59 /* 128.199.251.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7FCC5 /* 128.199.252.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80D002E9 /* 128.208.2.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80E81239 /* 128.232.18.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73D9 /* 129.10.115.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73DA /* 129.10.115.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73DB /* 129.10.115.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73DC /* 129.10.115.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8164226A /* 129.100.34.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x81E8E70A /* 129.232.231.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x81F2DB33 /* 129.242.219.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x823FAD7E /* 130.63.173.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82950E1F /* 130.149.14.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8295C80A /* 130.149.200.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B417E6 /* 130.180.23.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B41EFE /* 130.180.30.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B43F96 /* 130.180.63.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B448B2 /* 130.180.72.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B46F5E /* 130.180.111.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B96832 /* 130.185.104.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B9FA4C /* 130.185.250.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B9FA4D /* 130.185.250.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B9FAAB /* 130.185.250.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82C10FBA /* 130.193.15.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82CCA103 /* 130.204.161.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E1FE67 /* 130.225.254.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E4 /* 130.230.113.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E5 /* 130.230.113.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E6 /* 130.230.113.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E7 /* 130.230.113.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E8 /* 130.230.113.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E9 /* 130.230.113.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671EA /* 130.230.113.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671EB /* 130.230.113.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671EC /* 130.230.113.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671ED /* 130.230.113.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82FF0ABF /* 130.255.10.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82FF48A4 /* 130.255.72.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83828E62 /* 131.130.142.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x839B477C /* 131.155.71.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83BC28BC /* 131.188.40.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83BC28BD /* 131.188.40.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83D7ACD6 /* 131.215.172.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83FF05EF /* 131.255.5.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83FF073A /* 131.255.7.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x84D83602 /* 132.216.54.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x84E69651 /* 132.230.150.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8526CAC6 /* 133.38.202.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85827CB9 /* 133.130.124.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85E8E634 /* 133.232.230.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85F29226 /* 133.242.146.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85F2924E /* 133.242.146.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x860304E1 /* 134.3.4.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86035FCB /* 134.3.95.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8613B16D /* 134.19.177.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86229380 /* 134.34.147.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8631E95E /* 134.49.233.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x863A2C06 /* 134.58.44.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x863A2C3B /* 134.58.44.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x865B4E8F /* 134.91.78.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x866370A8 /* 134.99.112.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8666167A /* 134.102.22.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8666C865 /* 134.102.200.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86770302 /* 134.119.3.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x867703A4 /* 134.119.3.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86770923 /* 134.119.9.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86771AC1 /* 134.119.26.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x867720D0 /* 134.119.32.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x867720F7 /* 134.119.32.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86772487 /* 134.119.36.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8682B52B /* 134.130.181.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8682B531 /* 134.130.181.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8682B5D4 /* 134.130.181.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x87177229 /* 135.23.114.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8820EE8D /* 136.32.238.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x883E0ED6 /* 136.62.14.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x883E12DD /* 136.62.18.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x883E1876 /* 136.62.24.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88A8C999 /* 136.168.201.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3019C /* 136.243.1.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F346C7 /* 136.243.70.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3620C /* 136.243.98.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F36686 /* 136.243.102.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F36B04 /* 136.243.107.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3723E /* 136.243.114.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F39552 /* 136.243.149.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3AE61 /* 136.243.174.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3B094 /* 136.243.176.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3B185 /* 136.243.177.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3BBA5 /* 136.243.187.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3D134 /* 136.243.209.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3D689 /* 136.243.214.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A15AD /* 137.74.21.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A19AF /* 137.74.25.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A284D /* 137.74.40.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A74A8 /* 137.74.116.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A74D6 /* 137.74.116.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A7534 /* 137.74.117.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA191 /* 137.74.161.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA4D5 /* 137.74.164.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA760 /* 137.74.167.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA7A1 /* 137.74.167.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA7E0 /* 137.74.167.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA9F1 /* 137.74.169.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AAD8F /* 137.74.173.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AE084 /* 137.74.224.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x89656D65 /* 137.101.109.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x898708E9 /* 137.135.8.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x89CD7C23 /* 137.205.124.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x89E26F7B /* 137.226.111.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440004 /* 138.68.0.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440077 /* 138.68.0.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44060F /* 138.68.6.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44082B /* 138.68.8.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440AF0 /* 138.68.10.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440DAB /* 138.68.13.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440E2A /* 138.68.14.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440FBF /* 138.68.15.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4425B2 /* 138.68.37.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A443215 /* 138.68.50.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A444545 /* 138.68.69.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44505B /* 138.68.80.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44506C /* 138.68.80.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A446159 /* 138.68.97.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A446BA3 /* 138.68.107.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A446D32 /* 138.68.109.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44815D /* 138.68.129.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44829E /* 138.68.130.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4486F9 /* 138.68.134.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A448CD7 /* 138.68.140.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A448E83 /* 138.68.142.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4496A8 /* 138.68.150.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A449F8E /* 138.68.159.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44E89B /* 138.68.232.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4B48B1 /* 138.75.72.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A75942D /* 138.117.148.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5044D /* 138.197.4.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC50EE2 /* 138.197.14.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC53B16 /* 138.197.59.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC54C0C /* 138.197.76.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC56030 /* 138.197.96.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC57DFC /* 138.197.125.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58551 /* 138.197.133.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC585FF /* 138.197.133.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58893 /* 138.197.136.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58B4F /* 138.197.139.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58F84 /* 138.197.143.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5C2E6 /* 138.197.194.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5C432 /* 138.197.196.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CA23 /* 138.197.202.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CD32 /* 138.197.205.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CFB0 /* 138.197.207.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CFB1 /* 138.197.207.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CFF3 /* 138.197.207.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5D1FE /* 138.197.209.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5D60B /* 138.197.214.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5DFFA /* 138.197.223.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9034B /* 138.201.3.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9396D /* 138.201.57.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC93ACE /* 138.201.58.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC94B06 /* 138.201.75.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC953AB /* 138.201.83.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95BD2 /* 138.201.91.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95C74 /* 138.201.92.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95CB7 /* 138.201.92.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95EF9 /* 138.201.94.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95F7D /* 138.201.95.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC96AD1 /* 138.201.106.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC975A7 /* 138.201.117.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC976FE /* 138.201.118.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC98411 /* 138.201.132.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9876C /* 138.201.135.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC98FBA /* 138.201.143.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99514 /* 138.201.149.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99515 /* 138.201.149.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99AD1 /* 138.201.154.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99E2C /* 138.201.158.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9A90C /* 138.201.169.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9C6A4 /* 138.201.198.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9D3EA /* 138.201.211.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9D3EB /* 138.201.211.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9F557 /* 138.201.245.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9F702 /* 138.201.247.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9F712 /* 138.201.247.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9FFF5 /* 138.201.255.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8ACCAB67 /* 138.204.171.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8ADB2B8D /* 138.219.43.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B121923 /* 139.18.25.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0006 /* 139.59.0.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0025 /* 139.59.0.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B005E /* 139.59.0.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0282 /* 139.59.2.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B02BA /* 139.59.2.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B077C /* 139.59.7.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0886 /* 139.59.8.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0B21 /* 139.59.11.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0DD9 /* 139.59.13.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1005 /* 139.59.16.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1453 /* 139.59.20.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B16D5 /* 139.59.22.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1AA7 /* 139.59.26.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1D2E /* 139.59.29.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1F4C /* 139.59.31.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1FE3 /* 139.59.31.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B20BE /* 139.59.32.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B21AC /* 139.59.33.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B22D1 /* 139.59.34.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2439 /* 139.59.36.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2495 /* 139.59.36.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2498 /* 139.59.36.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2565 /* 139.59.37.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2735 /* 139.59.39.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B29C5 /* 139.59.41.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2ADF /* 139.59.42.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2BBA /* 139.59.43.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2C60 /* 139.59.44.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2C79 /* 139.59.44.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2E46 /* 139.59.46.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2EAB /* 139.59.46.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B81A3 /* 139.59.129.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B9BAE /* 139.59.155.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B9ED2 /* 139.59.158.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3BAC5D /* 139.59.172.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3BEBAC /* 139.59.235.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B8CB597 /* 139.140.181.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA20728 /* 139.162.7.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA20991 /* 139.162.9.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA20A48 /* 139.162.10.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2100D /* 139.162.16.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA213E9 /* 139.162.19.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA21C17 /* 139.162.28.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA21C1F /* 139.162.28.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA22C80 /* 139.162.44.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA239A7 /* 139.162.57.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA23D2C /* 139.162.61.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA23DB1 /* 139.162.61.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA24E3D /* 139.162.78.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA254B8 /* 139.162.84.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA26052 /* 139.162.96.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2706F /* 139.162.112.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA28E1B /* 139.162.142.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA28E78 /* 139.162.142.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29085 /* 139.162.144.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29424 /* 139.162.148.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29610 /* 139.162.150.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29756 /* 139.162.151.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2A543 /* 139.162.165.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2B513 /* 139.162.181.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2B978 /* 139.162.185.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2BAB3 /* 139.162.186.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2BFF3 /* 139.162.191.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2D9DB /* 139.162.217.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2E2F5 /* 139.162.226.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2E81C /* 139.162.232.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2F145 /* 139.162.241.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2F578 /* 139.162.245.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2F80D /* 139.162.248.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C71D049 /* 140.113.208.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C71D05B /* 140.113.208.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C71EB97 /* 140.113.235.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C73BDA4 /* 140.115.189.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C73BDBD /* 140.115.189.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C8A90AA /* 140.138.144.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8CC0DA8B /* 140.192.218.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D00920E /* 141.0.146.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D142143 /* 141.20.33.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D142144 /* 141.20.33.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D146719 /* 141.20.103.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D160A39 /* 141.22.10.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D337D10 /* 141.51.125.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D369FB8 /* 141.54.159.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D45CD79 /* 141.69.205.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D467DE8 /* 141.70.125.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D69433A /* 141.105.67.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D8A8DD0 /* 141.138.141.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DAA0235 /* 141.170.2.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFF0B78 /* 141.255.11.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA1A6 /* 141.255.161.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA1A7 /* 141.255.161.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA566 /* 141.255.165.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA68E /* 141.255.166.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA696 /* 141.255.166.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA6BD /* 141.255.166.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFBDA1 /* 141.255.189.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E0420C4 /* 142.4.32.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E04D3BD /* 142.4.211.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E04D480 /* 142.4.212.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E04D6BB /* 142.4.214.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E36BAB2 /* 142.54.186.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E36BEFA /* 142.54.190.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8F6A3C46 /* 143.106.60.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8F6A3C56 /* 143.106.60.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8FB03433 /* 143.176.52.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8FF8394B /* 143.248.57.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8FF8DF6F /* 143.248.223.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C06C7 /* 144.76.6.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C0B64 /* 144.76.11.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C0E91 /* 144.76.14.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C1AAF /* 144.76.26.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C1EA7 /* 144.76.30.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C1FCA /* 144.76.31.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C25F2 /* 144.76.37.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C2879 /* 144.76.40.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C2AEF /* 144.76.42.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C2D4A /* 144.76.45.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C3225 /* 144.76.50.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C357D /* 144.76.53.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C3D28 /* 144.76.61.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C4042 /* 144.76.64.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C438C /* 144.76.67.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C4629 /* 144.76.70.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C498C /* 144.76.73.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C5044 /* 144.76.80.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C51D7 /* 144.76.81.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C5ACD /* 144.76.90.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C5CB0 /* 144.76.92.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C6007 /* 144.76.96.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C6975 /* 144.76.105.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C6D8A /* 144.76.109.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C7055 /* 144.76.112.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C75A9 /* 144.76.117.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C843C /* 144.76.132.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C9E88 /* 144.76.158.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CA35D /* 144.76.163.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CACBB /* 144.76.172.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CAFCD /* 144.76.175.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CFDE5 /* 144.76.253.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90880513 /* 144.136.5.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D90FA4 /* 144.217.15.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D90FB3 /* 144.217.15.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9388C /* 144.217.56.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9388D /* 144.217.56.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D93CD3 /* 144.217.60.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D93CEF /* 144.217.60.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9574E /* 144.217.87.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D95A8A /* 144.217.90.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9632E /* 144.217.99.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9A177 /* 144.217.161.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9A29E /* 144.217.162.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x918102BC /* 145.129.2.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x91842AEA /* 145.132.42.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x91852984 /* 145.133.41.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x91FFF332 /* 145.255.243.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9200207A /* 146.0.32.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002084 /* 146.0.32.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002090 /* 146.0.32.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002A2B /* 146.0.42.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002B79 /* 146.0.43.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002B7E /* 146.0.43.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92004D32 /* 146.0.77.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92004FF3 /* 146.0.79.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x923449B4 /* 146.52.73.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92345305 /* 146.52.83.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x923496A2 /* 146.52.150.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9234CF31 /* 146.52.207.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92732C7C /* 146.115.44.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9273918F /* 146.115.145.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9273A25B /* 146.115.162.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B98269 /* 146.185.130.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B983EF /* 146.185.131.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B98823 /* 146.185.136.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B98DA3 /* 146.185.141.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B99170 /* 146.185.145.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B996DB /* 146.185.150.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B99BDA /* 146.185.155.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B99D3D /* 146.185.157.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9A01E /* 146.185.160.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9A32C /* 146.185.163.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9A374 /* 146.185.163.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9AA23 /* 146.185.170.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9B024 /* 146.185.176.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9B167 /* 146.185.177.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9BDC5 /* 146.185.189.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9BDCB /* 146.185.189.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9FB28 /* 146.185.251.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9FD65 /* 146.185.253.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92FF39E4 /* 146.255.57.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9353AF2F /* 147.83.175.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9393BD78 /* 147.147.189.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x93AFBB8F /* 147.175.187.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x93AFBBB4 /* 147.175.187.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x93FB2ADD /* 147.251.42.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB2AA4 /* 148.251.42.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB31B4 /* 148.251.49.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB324A /* 148.251.50.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB37F6 /* 148.251.55.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB4464 /* 148.251.68.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB5884 /* 148.251.88.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB71E6 /* 148.251.113.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB809C /* 148.251.128.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB8854 /* 148.251.136.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB97F0 /* 148.251.151.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBA8E2 /* 148.251.168.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBB019 /* 148.251.176.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBB652 /* 148.251.182.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBBEE5 /* 148.251.190.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBCE86 /* 148.251.206.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBD635 /* 148.251.214.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBDDA3 /* 148.251.221.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBE30E /* 148.251.227.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBEEFD /* 148.251.238.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBF597 /* 148.251.245.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBFEE5 /* 148.251.254.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBFF5C /* 148.251.255.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9509001B /* 149.9.0.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x953801CC /* 149.56.1.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95380C4E /* 149.56.12.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95381954 /* 149.56.25.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95382DC8 /* 149.56.45.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x953860A5 /* 149.56.96.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386319 /* 149.56.99.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386494 /* 149.56.100.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386776 /* 149.56.103.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386CC4 /* 149.56.108.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386EFA /* 149.56.110.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x953884A8 /* 149.56.132.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538B938 /* 149.56.185.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538C943 /* 149.56.201.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538C9A8 /* 149.56.201.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538CC7E /* 149.56.204.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538CCDA /* 149.56.204.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538DFF0 /* 149.56.223.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538DFF2 /* 149.56.223.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538DFF4 /* 149.56.223.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538E510 /* 149.56.229.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538E511 /* 149.56.229.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538E98E /* 149.56.233.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x955675C2 /* 149.86.117.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x955B5261 /* 149.91.82.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9879 /* 149.154.152.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9D50 /* 149.154.157.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9E7A /* 149.154.158.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9EE4 /* 149.154.158.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9F57 /* 149.154.159.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9FAC /* 149.154.159.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95AC95AA /* 149.172.149.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA026A /* 149.202.2.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA186A /* 149.202.24.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3157 /* 149.202.49.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA39D6 /* 149.202.57.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3A29 /* 149.202.58.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3F64 /* 149.202.63.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3FD6 /* 149.202.63.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA62A0 /* 149.202.98.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA62A1 /* 149.202.98.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAA045 /* 149.202.160.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAB5D6 /* 149.202.181.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CABE0E /* 149.202.190.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAC0CB /* 149.202.192.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CADC50 /* 149.202.220.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAEEC6 /* 149.202.238.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAEECC /* 149.202.238.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2A4E4 /* 149.210.164.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2DA29 /* 149.210.218.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2DD30 /* 149.210.221.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2E29B /* 149.210.226.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95FF255A /* 149.255.37.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x965F8736 /* 150.95.135.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x965F8A2A /* 150.95.138.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9665F363 /* 150.101.243.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x966B9624 /* 150.107.150.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x966B9665 /* 150.107.150.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x966B9666 /* 150.107.150.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x969202F5 /* 150.146.2.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9701B6D9 /* 151.1.182.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x971B6AE0 /* 151.27.106.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x972DDDDB /* 151.45.221.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97378BF5 /* 151.55.139.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97437350 /* 151.67.115.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502591 /* 151.80.37.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502643 /* 151.80.38.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502848 /* 151.80.40.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502A67 /* 151.80.42.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502D31 /* 151.80.45.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9750388D /* 151.80.56.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97503B90 /* 151.80.59.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97506DA8 /* 151.80.109.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x975073B4 /* 151.80.115.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9750800C /* 151.80.128.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97509399 /* 151.80.147.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9750EE98 /* 151.80.238.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97E06098 /* 151.224.96.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97E46D46 /* 151.228.109.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC066E /* 151.236.6.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC06C2 /* 151.236.6.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC0B72 /* 151.236.11.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC0C7E /* 151.236.12.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97ECDA43 /* 151.236.218.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97ECDD2C /* 151.236.221.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97ECDED9 /* 151.236.222.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EDBE32 /* 151.237.190.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EDE583 /* 151.237.229.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7EEA /* 153.92.126.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7F69 /* 153.92.127.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7FCE /* 153.92.127.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7FEF /* 153.92.127.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x99782A89 /* 153.120.42.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9978ABB7 /* 153.120.171.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997925A6 /* 153.121.37.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x99792C1E /* 153.121.44.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997E9E41 /* 153.126.158.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997EC45F /* 153.126.196.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997FC77C /* 153.127.199.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x999562FB /* 153.149.98.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x99F80697 /* 153.248.6.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A23AFE1 /* 154.35.175.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A31D448 /* 154.49.212.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A4699AF /* 154.70.153.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3C5C /* 154.127.60.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3C9A /* 154.127.60.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3D86 /* 154.127.61.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3DF9 /* 154.127.61.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B0409EA /* 155.4.9.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B0467D6 /* 155.4.103.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B04B45D /* 155.4.180.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B04D4B5 /* 155.4.212.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B5EB5B3 /* 155.94.181.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B620506 /* 155.98.5.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B8526E2 /* 155.133.38.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9BFE31B2 /* 155.254.49.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA02 /* 158.58.170.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA1B /* 158.58.170.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA3F /* 158.58.170.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA42 /* 158.58.170.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA43 /* 158.58.170.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA63 /* 158.58.170.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA6F /* 158.58.170.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA8F /* 158.58.170.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA95 /* 158.58.170.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA9D /* 158.58.170.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA9F /* 158.58.170.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAAB7 /* 158.58.170.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAAC3 /* 158.58.170.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAADC /* 158.58.170.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAB8F /* 158.58.171.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAB90 /* 158.58.171.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAD4E /* 158.58.173.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E452483 /* 158.69.36.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E452498 /* 158.69.36.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E4525D5 /* 158.69.37.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45304D /* 158.69.48.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E455C7F /* 158.69.92.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E4566D0 /* 158.69.102.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E457723 /* 158.69.119.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45C1F3 /* 158.69.193.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CC24 /* 158.69.204.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CD5C /* 158.69.205.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CDCC /* 158.69.205.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CDD7 /* 158.69.205.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CDF7 /* 158.69.205.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CE9A /* 158.69.206.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CFD8 /* 158.69.207.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45D59A /* 158.69.213.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45D812 /* 158.69.216.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45D922 /* 158.69.217.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45F750 /* 158.69.247.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E8200F2 /* 158.130.0.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EC19905 /* 158.193.153.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EC19906 /* 158.193.153.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF04F1 /* 158.255.4.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF0575 /* 158.255.5.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05B4 /* 158.255.5.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05B5 /* 158.255.5.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05CE /* 158.255.5.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05CF /* 158.255.5.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF06F2 /* 158.255.6.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF073D /* 158.255.7.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFFD4B2 /* 158.255.212.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFFD729 /* 158.255.215.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F7A02D1 /* 159.122.2.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BA90 /* 159.148.186.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAA2 /* 159.148.186.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAC0 /* 159.148.186.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAC4 /* 159.148.186.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAC7 /* 159.148.186.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAEC /* 159.148.186.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0156 /* 159.203.1.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB03E0 /* 159.203.3.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0551 /* 159.203.5.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0F64 /* 159.203.15.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0F94 /* 159.203.15.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1017 /* 159.203.16.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB10E9 /* 159.203.16.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1167 /* 159.203.17.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1263 /* 159.203.18.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1633 /* 159.203.22.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1B05 /* 159.203.27.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1B6F /* 159.203.27.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1DF0 /* 159.203.29.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2095 /* 159.203.32.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2136 /* 159.203.33.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB26FA /* 159.203.38.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2977 /* 159.203.41.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2985 /* 159.203.41.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2A6B /* 159.203.42.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2EAE /* 159.203.46.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2FA6 /* 159.203.47.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB5558 /* 159.203.85.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB678A /* 159.203.103.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBABFE /* 159.203.171.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBAD26 /* 159.203.173.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBC148 /* 159.203.193.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBC1AF /* 159.203.193.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBDB65 /* 159.203.219.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBE019 /* 159.203.224.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBEAF4 /* 159.203.234.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBFBEC /* 159.203.251.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBFDB7 /* 159.203.253.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA135A068 /* 161.53.160.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA161C332 /* 161.97.195.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA161C71E /* 161.97.199.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2C1E616 /* 162.193.230.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DAEF7D /* 162.218.239.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DB0739 /* 162.219.7.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DCA5B9 /* 162.220.165.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DCDA6D /* 162.220.218.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DCF6E6 /* 162.220.246.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DDC939 /* 162.221.201.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DDCAE6 /* 162.221.202.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DE3486 /* 162.222.52.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F308A1 /* 162.243.8.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F32430 /* 162.243.36.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F337CB /* 162.243.55.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F33C60 /* 162.243.60.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3411C /* 162.243.65.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F348C6 /* 162.243.72.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F364E1 /* 162.243.100.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3733B /* 162.243.115.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F386BC /* 162.243.134.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3969C /* 162.243.150.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F396E5 /* 162.243.150.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3A689 /* 162.243.166.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3C376 /* 162.243.195.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F419D6 /* 162.244.25.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F41A09 /* 162.244.26.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F41A4C /* 162.244.26.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F517B0 /* 162.245.23.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F74807 /* 162.247.72.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F7481B /* 162.247.72.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748C7 /* 162.247.72.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748C8 /* 162.247.72.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748C9 /* 162.247.72.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748CA /* 162.247.72.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748D5 /* 162.247.72.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748D8 /* 162.247.72.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748D9 /* 162.247.72.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F7494A /* 162.247.73.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F749C3 /* 162.247.73.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F749CC /* 162.247.73.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F749CE /* 162.247.73.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F74B76 /* 162.247.75.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F80A84 /* 162.248.10.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F80BB0 /* 162.248.11.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F8A50E /* 162.248.165.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2FCCC3E /* 162.252.204.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2FCF250 /* 162.252.242.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2FCF314 /* 162.252.243.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA31611D3 /* 163.22.17.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA32C709C /* 163.44.112.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA32C70E6 /* 163.44.112.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA32C951F /* 163.44.149.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA39EA814 /* 163.158.168.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA39EB313 /* 163.158.179.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0826 /* 163.172.8.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0AD0 /* 163.172.10.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0DA5 /* 163.172.13.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0EDD /* 163.172.14.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1560 /* 163.172.21.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1976 /* 163.172.25.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1B27 /* 163.172.27.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1B3E /* 163.172.27.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1D14 /* 163.172.29.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1D15 /* 163.172.29.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC23D3 /* 163.172.35.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC23F7 /* 163.172.35.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC23F9 /* 163.172.35.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC2421 /* 163.172.36.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC249C /* 163.172.36.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC2AEF /* 163.172.42.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC2D1E /* 163.172.45.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC38F8 /* 163.172.56.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC3D1C /* 163.172.61.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC43B4 /* 163.172.67.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC5203 /* 163.172.82.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC527C /* 163.172.82.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC545F /* 163.172.84.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC59E3 /* 163.172.89.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC5A80 /* 163.172.90.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC6B92 /* 163.172.107.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC7316 /* 163.172.115.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8097 /* 163.172.128.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC811D /* 163.172.129.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8132 /* 163.172.129.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8143 /* 163.172.129.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8251 /* 163.172.130.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8358 /* 163.172.131.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC83A4 /* 163.172.131.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC83C0 /* 163.172.131.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC84B2 /* 163.172.132.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8536 /* 163.172.133.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8627 /* 163.172.134.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC86EE /* 163.172.134.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC87AC /* 163.172.135.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8865 /* 163.172.136.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8904 /* 163.172.137.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC898D /* 163.172.137.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8A16 /* 163.172.138.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B68 /* 163.172.139.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B6F /* 163.172.139.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B86 /* 163.172.139.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B91 /* 163.172.139.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8D0A /* 163.172.141.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8D21 /* 163.172.141.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8E0F /* 163.172.142.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8E5C /* 163.172.142.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC90EC /* 163.172.144.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC915B /* 163.172.145.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC92CC /* 163.172.146.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC92E8 /* 163.172.146.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC957A /* 163.172.149.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC959B /* 163.172.149.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC972F /* 163.172.151.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC97AE /* 163.172.151.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC98E7 /* 163.172.152.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC98ED /* 163.172.152.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC990C /* 163.172.153.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9BB5 /* 163.172.155.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9C4C /* 163.172.156.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9C89 /* 163.172.156.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9DD5 /* 163.172.157.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9F1B /* 163.172.159.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9FE7 /* 163.172.159.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA0B6 /* 163.172.160.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA0EF /* 163.172.160.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA287 /* 163.172.162.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA2B6 /* 163.172.162.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA506 /* 163.172.165.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA5CB /* 163.172.165.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA601 /* 163.172.166.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA603 /* 163.172.166.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA71C /* 163.172.167.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAA17 /* 163.172.170.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAA34 /* 163.172.170.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAAD4 /* 163.172.170.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAED1 /* 163.172.174.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAFAE /* 163.172.175.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB0A7 /* 163.172.176.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB2B6 /* 163.172.178.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB5A2 /* 163.172.181.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB5F0 /* 163.172.181.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB774 /* 163.172.183.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB7A1 /* 163.172.183.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB7DC /* 163.172.183.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB984 /* 163.172.185.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBAC8 /* 163.172.186.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBB98 /* 163.172.187.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBD64 /* 163.172.189.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBE22 /* 163.172.190.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBE6E /* 163.172.190.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACC235 /* 163.172.194.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACC93E /* 163.172.201.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1A1 /* 163.172.209.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1A2 /* 163.172.209.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1D6 /* 163.172.209.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1D8 /* 163.172.209.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD5C9 /* 163.172.213.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD666 /* 163.172.214.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD73C /* 163.172.215.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD74E /* 163.172.215.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD8C3 /* 163.172.216.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD8CA /* 163.172.216.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD932 /* 163.172.217.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD999 /* 163.172.217.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDDD1 /* 163.172.221.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDF52 /* 163.172.223.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDF84 /* 163.172.223.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDFA5 /* 163.172.223.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDFC8 /* 163.172.223.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDFD7 /* 163.172.223.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACE4BF /* 163.172.228.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA43A5114 /* 164.58.81.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA44601C1 /* 164.70.1.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA44D85DC /* 164.77.133.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48414D1 /* 164.132.20.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4842DF0 /* 164.132.45.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48431CD /* 164.132.49.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484335B /* 164.132.51.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4844DAF /* 164.132.77.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48461EA /* 164.132.97.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4846A62 /* 164.132.106.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4846B6C /* 164.132.107.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48498B8 /* 164.132.152.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484C426 /* 164.132.196.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484D183 /* 164.132.209.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484D464 /* 164.132.212.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484E1F8 /* 164.132.225.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484E622 /* 164.132.230.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484F9F4 /* 164.132.249.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4D774C2 /* 164.215.116.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA5E700F2 /* 165.231.0.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA5FF3BC4 /* 165.255.59.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA5FFD8F5 /* 165.255.216.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA6460F0E /* 166.70.15.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA6465E6A /* 166.70.94.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA646CF02 /* 166.70.207.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA64E6DCB /* 166.78.109.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA64E770D /* 166.78.119.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA65215C8 /* 166.82.21.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA6540737 /* 166.84.7.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA73F77A5 /* 167.63.119.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA758236C /* 167.88.35.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA75828AB /* 167.88.40.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA75829C2 /* 167.88.41.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA75871BB /* 167.88.113.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA77203A6 /* 167.114.3.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA77207A6 /* 167.114.7.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7722102 /* 167.114.33.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7722296 /* 167.114.34.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772231C /* 167.114.35.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7722366 /* 167.114.35.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772236B /* 167.114.35.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772423D /* 167.114.66.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7724304 /* 167.114.67.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA77247BD /* 167.114.71.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7726024 /* 167.114.96.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7726713 /* 167.114.103.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7727130 /* 167.114.113.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7727186 /* 167.114.113.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7729864 /* 167.114.152.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7729BF9 /* 167.114.155.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772AB04 /* 167.114.171.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772ACDB /* 167.114.172.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772DB3D /* 167.114.219.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772E668 /* 167.114.230.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772ED8C /* 167.114.237.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772F566 /* 167.114.245.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7A0B988 /* 167.160.185.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7A0B9CA /* 167.160.185.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA896FB0F /* 168.150.251.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB431E /* 168.235.67.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB454F /* 168.235.69.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB5AA5 /* 168.235.90.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB5CB7 /* 168.235.92.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB9214 /* 168.235.146.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB99CB /* 168.235.153.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA939A547 /* 169.57.165.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA939A55E /* 169.57.165.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA48070A /* 170.72.7.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA4BA257 /* 170.75.162.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA4BA374 /* 170.75.163.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA4EE41E /* 170.78.228.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA8C7745 /* 170.140.119.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C109 /* 171.25.193.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C114 /* 171.25.193.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C119 /* 171.25.193.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C14D /* 171.25.193.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C14E /* 171.25.193.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C183 /* 171.25.193.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C184 /* 171.25.193.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C1EB /* 171.25.193.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB4F744F /* 171.79.116.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC56900F /* 172.86.144.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC56940A /* 172.86.148.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC5D333C /* 172.93.51.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC5D3353 /* 172.93.51.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC61672F /* 172.97.103.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC634E22 /* 172.99.78.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC71F0D7 /* 172.113.240.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF18C1A /* 172.241.140.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF518E4 /* 172.245.24.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF520B9 /* 172.245.32.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF520BA /* 172.245.32.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF5630A /* 172.245.99.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF57E46 /* 172.245.126.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF57E60 /* 172.245.126.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF5DB85 /* 172.245.219.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD03F223 /* 173.3.242.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD08D34A /* 173.8.211.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD0EADE3 /* 173.14.173.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD122918 /* 173.18.41.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD1C99C7 /* 173.28.153.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD309D99 /* 173.48.157.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD32AF5A /* 173.50.175.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD351E5B /* 173.53.30.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD429470 /* 173.66.148.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD431BE1 /* 173.67.27.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD48240E /* 173.72.36.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD494827 /* 173.73.72.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD4F3E9F /* 173.79.62.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD4FA2DC /* 173.79.162.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA0B4BD /* 173.160.180.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA4CEB5 /* 173.164.206.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA4DBFA /* 173.164.219.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA5CF1A /* 173.165.207.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA5F099 /* 173.165.240.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD0D572 /* 173.208.213.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD4C570 /* 173.212.197.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD56C74 /* 173.213.108.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD5719B /* 173.213.113.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE45B1D /* 173.228.91.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE6835A /* 173.230.131.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE6895B /* 173.230.137.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE6996D /* 173.230.153.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE69A5A /* 173.230.154.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADEF4FCB /* 173.239.79.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADEF4FD2 /* 173.239.79.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED842 /* 173.254.216.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED843 /* 173.254.216.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED844 /* 173.254.216.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED845 /* 173.254.216.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFF7392 /* 173.255.115.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFCD71 /* 173.255.205.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFD745 /* 173.255.215.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFD9DE /* 173.255.217.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFDD60 /* 173.255.221.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE28E /* 173.255.226.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE455 /* 173.255.228.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE486 /* 173.255.228.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE508 /* 173.255.229.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE5C2 /* 173.255.229.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE77D /* 173.255.231.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFF1EB /* 173.255.241.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFF574 /* 173.255.245.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFF6A2 /* 173.255.246.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFFAE7 /* 173.255.250.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE14C8EF /* 174.20.200.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE22E1D7 /* 174.34.225.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE33B292 /* 174.51.178.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE43DA0C /* 174.67.218.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE444AE7 /* 174.68.74.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE6113E6 /* 174.97.19.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE64402E /* 174.100.64.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE681A7D /* 174.104.26.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE7FE48A /* 174.127.228.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE886952 /* 174.136.105.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE886953 /* 174.136.105.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE886C52 /* 174.136.108.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE8DC829 /* 174.141.200.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB008995C /* 176.8.153.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00901D3 /* 176.9.1.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00904CE /* 176.9.4.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0090574 /* 176.9.5.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0091FD7 /* 176.9.31.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0092626 /* 176.9.38.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00927DA /* 176.9.39.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0092831 /* 176.9.40.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0092B1A /* 176.9.43.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00932F0 /* 176.9.50.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0093534 /* 176.9.53.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0093603 /* 176.9.54.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009368E /* 176.9.54.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0094B6C /* 176.9.75.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0095425 /* 176.9.84.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009558D /* 176.9.85.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0095AD7 /* 176.9.90.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096386 /* 176.9.99.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096623 /* 176.9.102.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096708 /* 176.9.103.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096E12 /* 176.9.110.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096E8A /* 176.9.110.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00972B6 /* 176.9.114.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0097516 /* 176.9.117.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0097A33 /* 176.9.122.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009859A /* 176.9.133.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0098C6C /* 176.9.140.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0098FD0 /* 176.9.143.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00993D5 /* 176.9.147.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00994B0 /* 176.9.148.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0099E76 /* 176.9.158.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009B42F /* 176.9.180.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009BEF0 /* 176.9.190.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009C0AB /* 176.9.192.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009D740 /* 176.9.215.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63C8 /* 176.10.99.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63C9 /* 176.10.99.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CA /* 176.10.99.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CB /* 176.10.99.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CC /* 176.10.99.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CD /* 176.10.99.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CE /* 176.10.99.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CF /* 176.10.99.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63D0 /* 176.10.99.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63D1 /* 176.10.99.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A68F0 /* 176.10.104.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A68F3 /* 176.10.104.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A6BB4 /* 176.10.107.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A8346 /* 176.10.131.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00AD7A4 /* 176.10.215.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00AD98E /* 176.10.217.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00AFFFD /* 176.10.255.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00F7438 /* 176.15.116.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB014C4C1 /* 176.20.196.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB014EA66 /* 176.20.234.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0172222 /* 176.23.34.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0189B30 /* 176.24.155.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F0B7A /* 176.31.11.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F1760 /* 176.31.23.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F1C3F /* 176.31.28.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F2395 /* 176.31.35.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F2B33 /* 176.31.43.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F2D03 /* 176.31.45.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F5073 /* 176.31.80.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F6E30 /* 176.31.110.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F748C /* 176.31.116.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F7506 /* 176.31.117.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F78D7 /* 176.31.120.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F7E90 /* 176.31.126.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F9CC7 /* 176.31.156.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FAB0F /* 176.31.171.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FB49D /* 176.31.180.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FB8FF /* 176.31.184.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FBF1A /* 176.31.191.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FC87A /* 176.31.200.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FD79D /* 176.31.215.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0228589 /* 176.34.133.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0268C0D /* 176.38.140.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0269D26 /* 176.38.157.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB026A34D /* 176.38.163.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB026B1D0 /* 176.38.177.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB035168E /* 176.53.22.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB038EC5F /* 176.56.236.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB038EDBF /* 176.56.237.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A60C7 /* 176.58.96.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A6462 /* 176.58.100.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A6E42 /* 176.58.110.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A7122 /* 176.58.113.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A7816 /* 176.58.120.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB043A8D2 /* 176.67.168.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB043A9FE /* 176.67.169.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0653809 /* 176.101.56.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0653B22 /* 176.101.59.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0686AD0 /* 176.104.106.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB070E847 /* 176.112.232.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0728075 /* 176.114.128.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB072F82F /* 176.114.248.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB073FFA0 /* 176.115.255.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0746831 /* 176.116.104.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B01FD /* 176.123.1.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B0208 /* 176.123.2.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B02FA /* 176.123.2.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B02FE /* 176.123.2.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B03B4 /* 176.123.3.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B03D4 /* 176.123.3.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B04AB /* 176.123.4.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B07C5 /* 176.123.7.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B1A08 /* 176.123.26.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B1D38 /* 176.123.29.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07EF231 /* 176.126.242.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07EFC0B /* 176.126.252.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07EFC0C /* 176.126.252.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0804B55 /* 176.128.75.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB082E4AD /* 176.130.228.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0881911 /* 176.136.25.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0889529 /* 176.136.149.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB08F08C3 /* 176.143.8.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0952D53 /* 176.149.45.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09E8A7A /* 176.158.138.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09E9B78 /* 176.158.155.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09F0253 /* 176.159.2.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09F0B1E /* 176.159.11.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0BD77B6 /* 176.189.119.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C0B18F /* 176.192.177.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C0C197 /* 176.192.193.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C2F247 /* 176.194.242.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C68452 /* 176.198.132.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C694D1 /* 176.198.148.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C6CC54 /* 176.198.204.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C75545 /* 176.199.85.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C79952 /* 176.199.153.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C7DA8E /* 176.199.218.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0D5958D /* 176.213.149.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0D63585 /* 176.214.53.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0E29A3C /* 176.226.154.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB1CDB43D /* 177.205.180.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB203BAF1 /* 178.3.186.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20441E6 /* 178.4.65.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2078D71 /* 178.7.141.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2083C01 /* 178.8.60.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20A3039 /* 178.10.48.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20A53E1 /* 178.10.83.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20A6F56 /* 178.10.111.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D037 /* 178.16.208.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D038 /* 178.16.208.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D039 /* 178.16.208.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03A /* 178.16.208.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03B /* 178.16.208.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03C /* 178.16.208.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03D /* 178.16.208.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03E /* 178.16.208.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AA1B /* 178.17.170.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AA4D /* 178.17.170.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AA95 /* 178.17.170.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AAA4 /* 178.17.170.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AAB3 /* 178.17.170.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AAD4 /* 178.17.170.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB28 /* 178.17.171.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB2B /* 178.17.171.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB56 /* 178.17.171.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB5D /* 178.17.171.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AD16 /* 178.17.173.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE02 /* 178.17.174.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE0A /* 178.17.174.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE20 /* 178.17.174.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE4F /* 178.17.174.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21253D7 /* 178.18.83.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2136072 /* 178.19.96.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21368E3 /* 178.19.104.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2143710 /* 178.20.55.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2143712 /* 178.20.55.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2183362 /* 178.24.51.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2189BC3 /* 178.24.155.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB219DB1E /* 178.25.219.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21A856D /* 178.26.133.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21B5735 /* 178.27.87.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21B79E6 /* 178.27.121.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220225B /* 178.32.34.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2202F8C /* 178.32.47.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220355E /* 178.32.53.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220422B /* 178.32.66.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2204C5F /* 178.32.76.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2206457 /* 178.32.100.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B560 /* 178.32.181.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B561 /* 178.32.181.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B562 /* 178.32.181.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B563 /* 178.32.181.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220BD58 /* 178.32.189.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220BE0F /* 178.32.190.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220D861 /* 178.32.216.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220D892 /* 178.32.216.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220D944 /* 178.32.217.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DC3D /* 178.32.220.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DCBA /* 178.32.220.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DD3A /* 178.32.221.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DD97 /* 178.32.221.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DDCF /* 178.32.221.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DE15 /* 178.32.222.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DE7D /* 178.32.222.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2216B6D /* 178.33.107.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB221B7FB /* 178.33.183.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB221BC93 /* 178.33.188.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB22D27CC /* 178.45.39.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB22DC8CD /* 178.45.200.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB231FDD7 /* 178.49.253.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23CA523 /* 178.60.165.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E08BD /* 178.62.8.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E0999 /* 178.62.9.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E1475 /* 178.62.20.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E1624 /* 178.62.22.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E18D4 /* 178.62.24.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2440 /* 178.62.36.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2520 /* 178.62.37.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2B05 /* 178.62.43.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2E07 /* 178.62.46.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E3A2B /* 178.62.58.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E3C25 /* 178.62.60.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E4212 /* 178.62.66.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E48DC /* 178.62.72.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E4FE3 /* 178.62.79.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E5660 /* 178.62.86.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E56CE /* 178.62.86.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E586F /* 178.62.88.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E5D24 /* 178.62.93.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E5EF3 /* 178.62.94.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E64DC /* 178.62.100.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E6939 /* 178.62.105.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E6BC2 /* 178.62.107.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E6DA4 /* 178.62.109.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E7D7D /* 178.62.125.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EADCB /* 178.62.173.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EB893 /* 178.62.184.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EBA9B /* 178.62.186.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC131 /* 178.62.193.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC447 /* 178.62.196.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC513 /* 178.62.197.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC552 /* 178.62.197.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC636 /* 178.62.198.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC7E2 /* 178.62.199.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC90F /* 178.62.201.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ECA3B /* 178.62.202.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ECB7E /* 178.62.203.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ECCE0 /* 178.62.204.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ED28A /* 178.62.210.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ED9E9 /* 178.62.217.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EDED6 /* 178.62.222.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EF4A8 /* 178.62.244.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFBB8 /* 178.62.251.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFC52 /* 178.62.252.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFCEA /* 178.62.252.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFD06 /* 178.62.253.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F09A5 /* 178.63.9.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F1030 /* 178.63.16.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F1219 /* 178.63.18.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F190A /* 178.63.25.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F3D43 /* 178.63.61.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F41B3 /* 178.63.65.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F4E08 /* 178.63.78.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F550E /* 178.63.85.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F6122 /* 178.63.97.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F6E97 /* 178.63.110.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F749D /* 178.63.116.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F9A5D /* 178.63.154.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23FA2D4 /* 178.63.162.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23FC671 /* 178.63.198.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23FD133 /* 178.63.209.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB240253C /* 178.64.37.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2444089 /* 178.68.64.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB249D276 /* 178.73.210.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24A158D /* 178.74.21.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24B94CE /* 178.75.148.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24D7B29 /* 178.77.123.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24ED5D6 /* 178.78.213.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24EEAC3 /* 178.78.234.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F86C4 /* 178.79.134.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F88E6 /* 178.79.136.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F8B11 /* 178.79.139.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F90A3 /* 178.79.144.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F9EDD /* 178.79.158.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F9F93 /* 178.79.159.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F9FE0 /* 178.79.159.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA039 /* 178.79.160.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA198 /* 178.79.161.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA1B1 /* 178.79.161.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA3A9 /* 178.79.163.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA515 /* 178.79.165.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FAD93 /* 178.79.173.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FB194 /* 178.79.177.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FBCD4 /* 178.79.188.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB253BE6C /* 178.83.190.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB25C5A08 /* 178.92.90.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2844E94 /* 178.132.78.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB28C6812 /* 178.140.104.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB29BA723 /* 178.155.167.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB29CCAB2 /* 178.156.202.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A242D4 /* 178.162.66.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C252 /* 178.162.194.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C2D2 /* 178.162.194.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C30C /* 178.162.195.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C742 /* 178.162.199.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C870 /* 178.162.200.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C871 /* 178.162.200.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C872 /* 178.162.200.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2CE11 /* 178.162.206.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2CE12 /* 178.162.206.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A4DC30 /* 178.164.220.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A4E3FF /* 178.164.227.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AEB438 /* 178.174.180.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AF8032 /* 178.175.128.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AF8242 /* 178.175.130.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AF83C2 /* 178.175.131.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2BFED2B /* 178.191.237.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C1F126 /* 178.193.241.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C29763 /* 178.194.151.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C29935 /* 178.194.153.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C802E5 /* 178.200.2.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C89DAD /* 178.200.157.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C8D57E /* 178.200.213.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C9937D /* 178.201.147.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2CAFFA1 /* 178.202.255.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2CBDB0B /* 178.203.219.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2CE7740 /* 178.206.119.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D12EAD /* 178.209.46.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D13297 /* 178.209.50.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D13363 /* 178.209.51.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D1342F /* 178.209.52.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D13491 /* 178.209.52.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D134A2 /* 178.209.52.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D9B820 /* 178.217.184.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D9BB27 /* 178.217.187.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2DA72AF /* 178.218.114.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2DB593B /* 178.219.89.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEE084 /* 178.238.224.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEE40C /* 178.238.228.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEE86E /* 178.238.232.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEED2C /* 178.238.237.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2F86C76 /* 178.248.108.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FBE48E /* 178.251.228.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FC1CC8 /* 178.252.28.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE0D5C /* 178.254.13.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE0D7E /* 178.254.13.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1215 /* 178.254.18.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1486 /* 178.254.20.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1AF4 /* 178.254.26.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1E56 /* 178.254.30.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2224 /* 178.254.34.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2755 /* 178.254.39.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2914 /* 178.254.41.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2C87 /* 178.254.44.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE3765 /* 178.254.55.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FF94C3 /* 178.255.148.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CA /* 179.43.134.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CB /* 179.43.134.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CC /* 179.43.134.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CD /* 179.43.134.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B92E6 /* 179.43.146.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E2 /* 179.43.151.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E3 /* 179.43.151.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E4 /* 179.43.151.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E5 /* 179.43.151.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E6 /* 179.43.151.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA0C9 /* 179.43.160.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA882 /* 179.43.168.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA8A6 /* 179.43.168.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA90E /* 179.43.169.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BBCCE /* 179.43.188.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB330F811 /* 179.48.248.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB36EB595 /* 179.110.181.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB3B337F6 /* 179.179.55.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB3B3C9A2 /* 179.179.201.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB40F9869 /* 180.15.152.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB42E910F /* 180.46.145.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB43F539C /* 180.63.83.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB4B5900D /* 180.181.144.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB52812CA /* 181.40.18.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB55FC092 /* 181.95.192.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB58B9234 /* 181.139.146.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB58F629E /* 181.143.98.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB6FD812C /* 182.253.129.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB7B53AA6 /* 183.181.58.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB838AD10 /* 184.56.173.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB844B4EE /* 184.68.180.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB85A4952 /* 184.90.73.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8659839 /* 184.101.152.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB86990B4 /* 184.105.144.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB86990B5 /* 184.105.144.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB869DC18 /* 184.105.220.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB86A6DF4 /* 184.106.109.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB89CDDB7 /* 184.156.221.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8A07785 /* 184.160.119.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8A79277 /* 184.167.146.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8AEABD3 /* 184.174.171.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8B705CB /* 184.183.5.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9022B54 /* 185.2.43.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9022B57 /* 185.2.43.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9045C43 /* 185.4.92.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90509BC /* 185.5.9.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9061D37 /* 185.6.29.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB907FE43 /* 185.7.254.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9083F26 /* 185.8.63.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908EC83 /* 185.8.236.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908ED2D /* 185.8.237.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908EDD0 /* 185.8.237.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908EE8B /* 185.8.238.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9091353 /* 185.9.19.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB909517C /* 185.9.81.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90A445F /* 185.10.68.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90A4477 /* 185.10.68.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90A448E /* 185.10.68.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90BB443 /* 185.11.180.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90C1C74 /* 185.12.28.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90C2D4F /* 185.12.45.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90D26C5 /* 185.13.38.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90D27C5 /* 185.13.39.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90D27F9 /* 185.13.39.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90E1C6A /* 185.14.28.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90E1C9A /* 185.14.28.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90E1EEE /* 185.14.30.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90EB976 /* 185.14.185.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90EB9F0 /* 185.14.185.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F483E /* 185.15.72.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F4975 /* 185.15.73.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F5E0E /* 185.15.94.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F5E11 /* 185.15.94.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90FF47C /* 185.15.244.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9103C53 /* 185.16.60.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910AC9B /* 185.16.172.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910AD54 /* 185.16.173.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910AD56 /* 185.16.173.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910C8B0 /* 185.16.200.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9156432 /* 185.21.100.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91564A3 /* 185.21.100.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9156532 /* 185.21.101.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D89D /* 185.21.216.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D8B7 /* 185.21.216.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D8BD /* 185.21.216.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D90D /* 185.21.217.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D91D /* 185.21.217.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D921 /* 185.21.217.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AD4E /* 185.22.173.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AD72 /* 185.22.173.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AD82 /* 185.22.173.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916ADA2 /* 185.22.173.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AE29 /* 185.22.174.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB918E94A /* 185.24.233.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919304C /* 185.25.48.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919309D /* 185.25.48.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9193211 /* 185.25.50.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9193267 /* 185.25.50.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9193321 /* 185.25.51.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919332A /* 185.25.51.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919D8ED /* 185.25.216.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C1C /* 185.26.156.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C29 /* 185.26.156.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C2D /* 185.26.156.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C32 /* 185.26.156.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91BAF18 /* 185.27.175.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91D0884 /* 185.29.8.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91D08D3 /* 185.29.8.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91D9CE7 /* 185.29.156.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91EEE4D /* 185.30.238.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91FA166 /* 185.31.161.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91FACEA /* 185.31.172.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91FE645 /* 185.31.230.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB920A016 /* 185.32.160.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB920DDC9 /* 185.32.221.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB920DDE4 /* 185.32.221.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92200BC /* 185.34.0.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9222102 /* 185.34.33.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9223460 /* 185.34.52.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9238A5C /* 185.35.138.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB923CADD /* 185.35.202.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB925912C /* 185.37.145.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9260EAB /* 185.38.14.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9260ED6 /* 185.38.14.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9260ED7 /* 185.38.14.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9284C0A /* 185.40.76.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9299A82 /* 185.41.154.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92DC035 /* 185.45.192.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92F3E51 /* 185.47.62.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92F3F80 /* 185.47.63.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92FDE22 /* 185.47.222.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB932BFFA /* 185.50.191.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9358346 /* 185.53.131.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9385426 /* 185.56.84.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB938AF9A /* 185.56.175.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93A15C7 /* 185.58.21.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93C92F5 /* 185.60.146.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D8A0D /* 185.61.138.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D941D /* 185.61.148.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D9450 /* 185.61.148.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D9479 /* 185.61.148.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D948E /* 185.61.148.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94BD /* 185.61.148.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94C7 /* 185.61.148.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94DD /* 185.61.148.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94E4 /* 185.61.148.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D9574 /* 185.61.149.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D95C1 /* 185.61.149.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D95F7 /* 185.61.149.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93EBE17 /* 185.62.190.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93FBE1C /* 185.63.190.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93FFD82 /* 185.63.253.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB941C85D /* 185.65.200.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB941CD0A /* 185.65.205.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9426751 /* 185.66.103.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB942C80A /* 185.66.200.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB942FA8D /* 185.66.250.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94535BC /* 185.69.53.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948B248 /* 185.72.178.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948F418 /* 185.72.244.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948F425 /* 185.72.244.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948F791 /* 185.72.247.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94927BD /* 185.73.39.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9492C36 /* 185.73.44.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB949DC08 /* 185.73.220.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB949F0CD /* 185.73.240.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94C916D /* 185.76.145.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94D8123 /* 185.77.129.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94E4328 /* 185.78.67.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB950DE69 /* 185.80.222.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB950DE9E /* 185.80.222.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB950DEA4 /* 185.80.222.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9521569 /* 185.82.21.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952C8D0 /* 185.82.200.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952C936 /* 185.82.201.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952CB47 /* 185.82.203.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952CBD1 /* 185.82.203.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952D8E9 /* 185.82.216.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952D90E /* 185.82.217.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952D924 /* 185.82.217.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9564F5C /* 185.86.79.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569496 /* 185.86.148.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569518 /* 185.86.149.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569555 /* 185.86.149.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95695E6 /* 185.86.149.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB956962C /* 185.86.150.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569766 /* 185.86.151.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB957B92D /* 185.87.185.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB957B9DD /* 185.87.185.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB957BA1B /* 185.87.186.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95C4409 /* 185.92.68.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95CDE34 /* 185.92.222.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95CDED0 /* 185.92.222.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95DB496 /* 185.93.180.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB960581D /* 185.96.88.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB960B41D /* 185.96.180.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9612012 /* 185.97.32.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9612022 /* 185.97.32.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9612024 /* 185.97.32.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645452 /* 185.100.84.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964546C /* 185.100.84.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96454D4 /* 185.100.84.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96454FB /* 185.100.84.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964553D /* 185.100.85.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645565 /* 185.100.85.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645584 /* 185.100.85.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645593 /* 185.100.85.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455BE /* 185.100.85.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455C0 /* 185.100.85.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455CF /* 185.100.85.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455DC /* 185.100.85.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455F4 /* 185.100.85.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645645 /* 185.100.86.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645656 /* 185.100.86.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645664 /* 185.100.86.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645673 /* 185.100.86.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645680 /* 185.100.86.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964569A /* 185.100.86.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96456F4 /* 185.100.86.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964571A /* 185.100.87.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964572B /* 185.100.87.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645752 /* 185.100.87.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645759 /* 185.100.87.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964578F /* 185.100.87.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96457BA /* 185.100.87.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96457C0 /* 185.100.87.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96457F1 /* 185.100.87.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB965626C /* 185.101.98.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9656B21 /* 185.101.107.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB967633C /* 185.103.99.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9687802 /* 185.104.120.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9687803 /* 185.104.120.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9687804 /* 185.104.120.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9688CAC /* 185.104.140.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB968B833 /* 185.104.184.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96BE0D0 /* 185.107.224.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96D9007 /* 185.109.144.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96D923E /* 185.109.146.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96D9294 /* 185.109.146.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9709D7E /* 185.112.157.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9709D87 /* 185.112.157.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB970FEC3 /* 185.112.254.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB971804F /* 185.113.128.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9754B1B /* 185.117.75.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9755284 /* 185.117.82.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB975585C /* 185.117.88.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB975763B /* 185.117.118.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB975D709 /* 185.117.215.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB976FB14 /* 185.118.251.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97893AB /* 185.120.147.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB979A8FE /* 185.121.168.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97A3BED /* 185.122.59.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97D213A /* 185.125.33.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97DD942 /* 185.125.217.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97DDBCB /* 185.125.219.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98028EA /* 185.128.40.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9813C83 /* 185.129.60.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9813E3E /* 185.129.62.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9813E3F /* 185.129.62.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98194D2 /* 185.129.148.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98194D6 /* 185.129.148.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9879C5E /* 185.135.156.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98F65FD /* 185.143.101.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9918065 /* 185.145.128.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9918095 /* 185.145.128.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99181BA /* 185.145.129.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99181C5 /* 185.145.129.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992A813 /* 185.146.168.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992A9C1 /* 185.146.169.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992AA81 /* 185.146.170.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992ABE7 /* 185.146.171.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB996BDAF /* 185.150.189.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB998E823 /* 185.152.232.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C572 /* 185.153.197.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C57D /* 185.153.197.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C60B /* 185.153.198.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C6DE /* 185.153.198.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99C4084 /* 185.156.64.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99CAD94 /* 185.156.173.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99F522B /* 185.159.82.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A20A6E /* 185.162.10.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A20A79 /* 185.162.10.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32D18 /* 185.163.45.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32D96 /* 185.163.45.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DB0 /* 185.163.45.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DC1 /* 185.163.45.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DF3 /* 185.163.45.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DF9 /* 185.163.45.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A48873 /* 185.164.136.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A85E /* 185.165.168.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A861 /* 185.165.168.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A862 /* 185.165.168.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A87B /* 185.165.168.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8A8 /* 185.165.168.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8AA /* 185.165.168.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8AD /* 185.165.168.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8C4 /* 185.165.168.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5F38D /* 185.165.243.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A9E5A3 /* 185.169.229.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9AFD0B3 /* 185.175.208.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9AFD0B4 /* 185.175.208.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B150F8 /* 185.177.80.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B50815 /* 185.181.8.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B56551 /* 185.181.101.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B5E54D /* 185.181.229.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B63254 /* 185.182.50.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B63256 /* 185.182.50.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBA95F912 /* 186.149.249.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBACCF34A /* 186.204.243.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBACED69A /* 186.206.214.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBAE7787D /* 186.231.120.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBB3D899C /* 187.61.137.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBB3F6418 /* 187.63.100.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBBA354CD /* 187.163.84.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBBA738D4 /* 187.167.56.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC045A36 /* 188.4.90.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC16BC3B /* 188.22.188.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC17C56E /* 188.23.197.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC181FD5 /* 188.24.31.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC20E27B /* 188.32.226.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC20F2F4 /* 188.32.242.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC282973 /* 188.40.41.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC282AC3 /* 188.40.42.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC282C77 /* 188.40.44.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC283156 /* 188.40.49.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2833E8 /* 188.40.51.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC284C73 /* 188.40.76.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC285B57 /* 188.40.91.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC286345 /* 188.40.99.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC286BCD /* 188.40.107.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC286D92 /* 188.40.109.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2880F6 /* 188.40.128.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28A61D /* 188.40.166.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28CE05 /* 188.40.206.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28EBD7 /* 188.40.235.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28F839 /* 188.40.248.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2AD853 /* 188.42.216.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2AFD07 /* 188.42.253.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2AFE2F /* 188.42.254.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC402D69 /* 188.64.45.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC44202A /* 188.68.32.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC4424D1 /* 188.68.36.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC4439BC /* 188.68.57.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC4DD3A0 /* 188.77.211.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC52A824 /* 188.82.168.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC5DD54B /* 188.93.213.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC614BED /* 188.97.75.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC61A044 /* 188.97.160.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC620431 /* 188.98.4.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC63D545 /* 188.99.213.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC66949C /* 188.102.148.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC66F7E4 /* 188.102.247.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC671F6D /* 188.103.31.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC672E4A /* 188.103.46.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC6972F8 /* 188.105.114.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC6BEFDF /* 188.107.239.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC728CF5 /* 188.114.140.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC728E48 /* 188.114.142.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC76D9EC /* 188.118.217.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC77976C /* 188.119.151.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78EA1A /* 188.120.234.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78F125 /* 188.120.241.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78F178 /* 188.120.241.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78F320 /* 188.120.243.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78FB81 /* 188.120.251.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7AD504 /* 188.122.213.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7B6E0F /* 188.123.110.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7E519B /* 188.126.81.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7E5AD3 /* 188.126.90.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7E5E4D /* 188.126.94.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC86055C /* 188.134.5.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A3DA5 /* 188.138.61.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A4B65 /* 188.138.75.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A6662 /* 188.138.102.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A6995 /* 188.138.105.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A703C /* 188.138.112.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8D4955 /* 188.141.73.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8F6EB5 /* 188.143.110.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA49A12 /* 188.164.154.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA500AB /* 188.165.0.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5050E /* 188.165.5.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA50642 /* 188.165.6.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5133D /* 188.165.19.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA51C98 /* 188.165.28.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA532F4 /* 188.165.50.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA53B2B /* 188.165.59.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA56AF9 /* 188.165.106.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA58A06 /* 188.165.138.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5919D /* 188.165.145.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5C2C3 /* 188.165.194.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5D498 /* 188.165.212.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5D59C /* 188.165.213.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5E426 /* 188.165.228.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5F108 /* 188.165.241.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5F530 /* 188.165.245.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6036B /* 188.166.3.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6046D /* 188.166.4.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA604D1 /* 188.166.4.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA60898 /* 188.166.8.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61057 /* 188.166.16.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6105B /* 188.166.16.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61096 /* 188.166.16.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61143 /* 188.166.17.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61168 /* 188.166.17.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6177F /* 188.166.23.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA617F7 /* 188.166.23.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA620C8 /* 188.166.32.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA62296 /* 188.166.34.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA623AB /* 188.166.35.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA628C3 /* 188.166.40.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6292E /* 188.166.41.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA629D2 /* 188.166.41.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA62DEA /* 188.166.45.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA632DE /* 188.166.50.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA643E7 /* 188.166.67.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6523D /* 188.166.82.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA657A1 /* 188.166.87.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6699D /* 188.166.105.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA67A3A /* 188.166.122.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA68585 /* 188.166.133.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA69577 /* 188.166.149.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA69E64 /* 188.166.158.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6A7E6 /* 188.166.167.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6A849 /* 188.166.168.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6B1B8 /* 188.166.177.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6B238 /* 188.166.178.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6B921 /* 188.166.185.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6D1AC /* 188.166.209.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6DBCF /* 188.166.219.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6E9E6 /* 188.166.233.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F0B6 /* 188.166.240.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F14B /* 188.166.241.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F5D9 /* 188.166.245.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F66A /* 188.166.246.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6FFD1 /* 188.166.255.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA74043 /* 188.167.64.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA8225A /* 188.168.34.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAE5BDE /* 188.174.91.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAEA8C5 /* 188.174.168.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAEAAE5 /* 188.174.170.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAEB70A /* 188.174.183.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCB78653 /* 188.183.134.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCBBC04B /* 188.187.192.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC0359E /* 188.192.53.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC086DE /* 188.192.134.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC08E02 /* 188.192.142.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC099B8 /* 188.192.153.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC0A25A /* 188.192.162.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC0F519 /* 188.192.245.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC13139 /* 188.193.49.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC16C21 /* 188.193.108.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC16D84 /* 188.193.109.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC1A930 /* 188.193.169.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC233FB /* 188.194.51.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC23C1E /* 188.194.60.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC24F69 /* 188.194.79.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC279E1 /* 188.194.121.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC2F8F9 /* 188.194.248.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC30F2A /* 188.195.15.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC329A5 /* 188.195.41.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC3ACDF /* 188.195.172.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC3AD19 /* 188.195.173.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD13122 /* 188.209.49.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD51CDE /* 188.213.28.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD53137 /* 188.213.49.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD58F77 /* 188.213.143.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD5A565 /* 188.213.165.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD5A6ED /* 188.213.166.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD5AA68 /* 188.213.170.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD61E99 /* 188.214.30.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD68040 /* 188.214.128.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD68115 /* 188.214.129.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD68155 /* 188.214.129.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCDBE8A2 /* 188.219.232.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCDE6AEF /* 188.222.106.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE23EBA /* 188.226.62.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE24784 /* 188.226.71.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE28258 /* 188.226.130.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2957C /* 188.226.149.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2DDF3 /* 188.226.221.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2DE13 /* 188.226.222.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2ED9A /* 188.226.237.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2F756 /* 188.226.247.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2FDB5 /* 188.226.253.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE3C986 /* 188.227.201.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE43194 /* 188.228.49.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE813A5 /* 188.232.19.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF0D059 /* 188.240.208.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF2827A /* 188.242.130.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF42660 /* 188.244.38.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF42B19 /* 188.244.43.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF48F6B /* 188.244.143.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF6CC43 /* 188.246.204.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBD3E721D /* 189.62.114.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBD54152C /* 189.84.21.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE08F0EE /* 190.8.240.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0832 /* 190.10.8.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0844 /* 190.10.8.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0898 /* 190.10.8.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0AAD /* 190.10.10.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE61A58D /* 190.97.165.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE7B2F74 /* 190.123.47.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBED2625A /* 190.210.98.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBED2B6AD /* 190.210.182.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBED80288 /* 190.216.2.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBEF55206 /* 190.245.82.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF60F96E /* 191.96.249.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF651F54 /* 191.101.31.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF6532FC /* 191.101.50.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF705F5B /* 191.112.95.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC000E651 /* 192.0.230.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC003941B /* 192.3.148.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC003D90C /* 192.3.217.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC01E202C /* 192.30.32.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC01F17F3 /* 192.31.23.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC021D21E /* 192.33.210.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0223F89 /* 192.34.63.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02250B0 /* 192.34.80.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0241B04 /* 192.36.27.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0241B06 /* 192.36.27.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0241B07 /* 192.36.27.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0242621 /* 192.36.38.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7166 /* 192.42.113.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7365 /* 192.42.115.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7366 /* 192.42.115.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7410 /* 192.42.116.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A74A1 /* 192.42.116.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02C1E28 /* 192.44.30.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC034A746 /* 192.52.167.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC034A747 /* 192.52.167.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC047F524 /* 192.71.245.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC047F589 /* 192.71.245.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC047F5D7 /* 192.71.245.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC049EF53 /* 192.73.239.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0518331 /* 192.81.131.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051842E /* 192.81.132.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051D97E /* 192.81.217.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051DA89 /* 192.81.218.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051FA76 /* 192.81.250.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0571C1C /* 192.87.28.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0571C52 /* 192.87.28.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC05F1692 /* 192.95.22.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC05F19CA /* 192.95.25.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC05F1B8F /* 192.95.27.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630BC8 /* 192.99.11.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630C95 /* 192.99.12.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630D30 /* 192.99.13.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630FDC /* 192.99.15.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063259C /* 192.99.37.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0632DE5 /* 192.99.45.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063364F /* 192.99.54.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0633F2C /* 192.99.63.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0634473 /* 192.99.68.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0639AEA /* 192.99.154.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063D48B /* 192.99.212.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063F665 /* 192.99.246.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC06F9072 /* 192.111.144.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0794449 /* 192.121.68.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC07CFA53 /* 192.124.250.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC087A8FB /* 192.135.168.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC096BB89 /* 192.150.187.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0999AF4 /* 192.153.154.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09B5365 /* 192.155.83.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09B5D65 /* 192.155.93.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09B5FDE /* 192.155.95.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09DEFF3 /* 192.157.239.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09DFD7D /* 192.157.253.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A4 /* 192.160.102.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A5 /* 192.160.102.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A6 /* 192.160.102.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A7 /* 192.160.102.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A8 /* 192.160.102.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A9 /* 192.160.102.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066AA /* 192.160.102.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A1B431 /* 192.161.180.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A28D35 /* 192.162.141.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A3E033 /* 192.163.224.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A4FA32 /* 192.164.250.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A543FE /* 192.165.67.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A6DA3F /* 192.166.218.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A6DBC2 /* 192.166.219.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A9A69D /* 192.169.166.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A9A827 /* 192.169.168.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B7CE2A /* 192.183.206.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B851A0 /* 192.184.81.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B85280 /* 192.184.82.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B85E6F /* 192.184.94.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0BB7C62 /* 192.187.124.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0C3500A /* 192.195.80.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0C35386 /* 192.195.83.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0D2C0E5 /* 192.210.192.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0D2CB10 /* 192.210.203.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0D2D37B /* 192.210.211.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0DED68B /* 192.222.214.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0E3A054 /* 192.227.160.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0E3AFEF /* 192.227.175.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0E4A702 /* 192.228.167.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F07B02 /* 192.240.123.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1823C /* 192.241.130.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1863E /* 192.241.134.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1946C /* 192.241.148.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1B41B /* 192.241.180.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1B4A3 /* 192.241.180.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1B5E9 /* 192.241.181.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1C15D /* 192.241.193.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1C3B2 /* 192.241.195.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1C66A /* 192.241.198.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1CA6F /* 192.241.202.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1CEAB /* 192.241.206.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1D1C1 /* 192.241.209.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1D265 /* 192.241.210.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1D878 /* 192.241.216.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1E93A /* 192.241.233.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1E9CB /* 192.241.233.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F462A6 /* 192.244.98.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F70D29 /* 192.247.13.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F93CC2 /* 192.249.60.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0FCA537 /* 192.252.165.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC100D52A /* 193.0.213.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC107B1DF /* 193.7.177.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10A0599 /* 193.10.5.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B70A7 /* 193.11.112.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722B /* 193.11.114.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722D /* 193.11.114.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722E /* 193.11.114.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722F /* 193.11.114.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10BA4F3 /* 193.11.164.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10BA6C2 /* 193.11.166.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10F1004 /* 193.15.16.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC117F4F4 /* 193.23.244.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC118D146 /* 193.24.209.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC118D27E /* 193.24.210.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC11DBB4B /* 193.29.187.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC11DBB4E /* 193.29.187.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC11DBB6A /* 193.29.187.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1233435 /* 193.35.52.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC12598C7 /* 193.37.152.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC12A9C6A /* 193.42.156.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1462698 /* 193.70.38.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1462B4C /* 193.70.43.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1465AC7 /* 193.70.90.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC151D8E3 /* 193.81.216.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C56 /* 193.90.12.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C57 /* 193.90.12.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C58 /* 193.90.12.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C59 /* 193.90.12.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C5A /* 193.90.12.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC168A903 /* 193.104.169.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC168DC23 /* 193.104.220.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC168DC36 /* 193.104.220.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1694950 /* 193.105.73.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1698667 /* 193.105.134.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16AA51B /* 193.106.165.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16B5538 /* 193.107.85.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16B5539 /* 193.107.85.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16B553E /* 193.107.85.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16CF9D7 /* 193.108.249.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16E9D97 /* 193.110.157.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16F1A25 /* 193.111.26.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16F8820 /* 193.111.136.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16F8DA0 /* 193.111.141.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC17CB532 /* 193.124.181.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC17CB6BF /* 193.124.182.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC18A765E /* 193.138.118.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC18CE034 /* 193.140.224.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1960E3C /* 193.150.14.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC196791A /* 193.150.121.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC196794E /* 193.150.121.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A48535 /* 193.164.133.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A4D955 /* 193.164.217.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A589CA /* 193.165.137.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A98785 /* 193.169.135.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A9879A /* 193.169.135.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A9879D /* 193.169.135.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1ABCA92 /* 193.171.202.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1ABCA9A /* 193.171.202.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1AE0614 /* 193.174.6.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1B69035 /* 193.182.144.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1B7626D /* 193.183.98.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1B769CD /* 193.183.105.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1BEA835 /* 193.190.168.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1C66803 /* 193.198.104.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1C8F1C3 /* 193.200.241.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1C9E12D /* 193.201.225.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1D2E00D /* 193.210.224.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E0A32B /* 193.224.163.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E3C40A /* 193.227.196.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E48F11 /* 193.228.143.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E48FE1 /* 193.228.143.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC201EE73 /* 194.1.238.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC20F7323 /* 194.15.115.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC22A6C05 /* 194.42.108.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC23F8BE6 /* 194.63.139.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC23F8E0B /* 194.63.142.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC243D67B /* 194.67.214.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC24F1F12 /* 194.79.31.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2575FB1 /* 194.87.95.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2588F42 /* 194.88.143.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC26DCED4 /* 194.109.206.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC27EAF9D /* 194.126.175.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC291D134 /* 194.145.209.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BBCF2D /* 194.187.207.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BBF80F /* 194.187.248.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BBF974 /* 194.187.249.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BFFE97 /* 194.191.254.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2DA034F /* 194.218.3.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2ED9DB8 /* 194.237.157.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3012906 /* 195.1.41.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30C3044 /* 195.12.48.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30C304C /* 195.12.48.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30C304D /* 195.12.48.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30CBE26 /* 195.12.190.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3105805 /* 195.16.88.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC31E6BDC /* 195.30.107.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC328B523 /* 195.40.181.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC32A73A2 /* 195.42.115.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3391CCC /* 195.57.28.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6622 /* 195.59.102.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6623 /* 195.59.102.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6624 /* 195.59.102.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6625 /* 195.59.102.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6626 /* 195.59.102.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A2 /* 195.59.208.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A3 /* 195.59.208.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A4 /* 195.59.208.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A5 /* 195.59.208.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A6 /* 195.59.208.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33E353A /* 195.62.53.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC344D71E /* 195.68.215.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3474454 /* 195.71.68.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC35298D0 /* 195.82.152.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC35BF462 /* 195.91.244.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD1B8 /* 195.123.209.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD226 /* 195.123.210.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD25F /* 195.123.210.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD284 /* 195.123.210.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD422 /* 195.123.212.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3845544 /* 195.132.85.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC38A5E66 /* 195.138.94.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3947CC7 /* 195.148.124.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0A6A /* 195.154.10.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0C42 /* 195.154.12.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0C92 /* 195.154.12.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0D60 /* 195.154.13.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A411D /* 195.154.65.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4B1D /* 195.154.75.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4B54 /* 195.154.75.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4BA5 /* 195.154.75.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4D95 /* 195.154.77.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4FC7 /* 195.154.79.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A516C /* 195.154.81.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A516E /* 195.154.81.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A518F /* 195.154.81.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A51A9 /* 195.154.81.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A51E3 /* 195.154.81.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A51F5 /* 195.154.81.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5258 /* 195.154.82.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A52B4 /* 195.154.82.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A56F9 /* 195.154.86.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A57E7 /* 195.154.87.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5A83 /* 195.154.90.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5B3D /* 195.154.91.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5B8B /* 195.154.91.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5BC2 /* 195.154.91.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5C46 /* 195.154.92.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5C9B /* 195.154.92.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A600E /* 195.154.96.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A612B /* 195.154.97.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A61A0 /* 195.154.97.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A61A3 /* 195.154.97.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6935 /* 195.154.105.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6939 /* 195.154.105.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6B17 /* 195.154.107.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6B97 /* 195.154.107.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6C0C /* 195.154.108.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6C4E /* 195.154.108.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6D9D /* 195.154.109.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6F75 /* 195.154.111.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A714F /* 195.154.113.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A71C8 /* 195.154.113.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A74E8 /* 195.154.116.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A75A3 /* 195.154.117.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A75B6 /* 195.154.117.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A79C6 /* 195.154.121.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7A20 /* 195.154.122.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7A36 /* 195.154.122.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7A8A /* 195.154.122.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7BE3 /* 195.154.123.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7E2B /* 195.154.126.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7FF6 /* 195.154.127.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA123 /* 195.154.161.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA12F /* 195.154.161.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA2AC /* 195.154.162.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA377 /* 195.154.163.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA422 /* 195.154.164.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA4F3 /* 195.154.164.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA540 /* 195.154.165.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA570 /* 195.154.165.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AAB18 /* 195.154.171.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AAC16 /* 195.154.172.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AB79F /* 195.154.183.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AC881 /* 195.154.200.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AD15B /* 195.154.209.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AE9BA /* 195.154.233.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AED93 /* 195.154.237.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AF091 /* 195.154.240.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AF17D /* 195.154.241.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFAEF /* 195.154.250.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFC58 /* 195.154.252.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFDE2 /* 195.154.253.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFFAE /* 195.154.255.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39FCC5E /* 195.159.204.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3A97DE2 /* 195.169.125.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3B2A648 /* 195.178.166.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3B40BC4 /* 195.180.11.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3BFE9DD /* 195.191.233.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3C8ECC5 /* 195.200.236.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3D08B84 /* 195.208.139.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E1D31A /* 195.225.211.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E42DB0 /* 195.228.45.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E44B95 /* 195.228.75.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E6A853 /* 195.230.168.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3EA9856 /* 195.234.152.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3EEBE65 /* 195.238.190.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3FE874C /* 195.254.135.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC5E7DDD3 /* 197.231.221.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC60C5F30 /* 198.12.95.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6105C9D /* 198.16.92.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6178523 /* 198.23.133.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B40D7 /* 198.27.64.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B429F /* 198.27.66.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B42D1 /* 198.27.66.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B45C9 /* 198.27.69.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B56DD /* 198.27.86.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B61B8 /* 198.27.97.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B6D24 /* 198.27.109.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E8A12 /* 198.46.138.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E8A28 /* 198.46.138.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E9933 /* 198.46.153.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E9979 /* 198.46.153.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6314912 /* 198.49.73.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6328137 /* 198.50.129.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63285F5 /* 198.50.133.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63287D5 /* 198.50.135.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63291CF /* 198.50.145.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63292FC /* 198.50.146.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6329346 /* 198.50.147.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6329F9B /* 198.50.159.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632BF5F /* 198.50.191.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632C886 /* 198.50.200.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632C887 /* 198.50.200.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632F552 /* 198.50.245.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A64F0 /* 198.58.100.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A66EA /* 198.58.102.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A6B35 /* 198.58.107.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A6EDF /* 198.58.110.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A73D2 /* 198.58.115.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6475142 /* 198.71.81.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC648E523 /* 198.72.229.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6493247 /* 198.73.50.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A38BF /* 198.74.56.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3939 /* 198.74.57.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3C1A /* 198.74.60.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3C52 /* 198.74.60.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3D33 /* 198.74.61.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6609B03 /* 198.96.155.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC66232D4 /* 198.98.50.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC662337C /* 198.98.51.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6623505 /* 198.98.53.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC66493B8 /* 198.100.147.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6649470 /* 198.100.148.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6649492 /* 198.100.148.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6649F36 /* 198.100.159.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC68F88E4 /* 198.143.136.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC68F88ED /* 198.143.136.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6931652 /* 198.147.22.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC69451A7 /* 198.148.81.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC69A6A36 /* 198.154.106.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF21 /* 198.167.223.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF26 /* 198.167.223.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF2C /* 198.167.223.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF4B /* 198.167.223.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C740D9 /* 198.199.64.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C74896 /* 198.199.72.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C748B3 /* 198.199.72.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C75A33 /* 198.199.90.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C75ACD /* 198.199.90.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C767B2 /* 198.199.103.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C76840 /* 198.199.104.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C77079 /* 198.199.112.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C770F7 /* 198.199.112.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C775A4 /* 198.199.117.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C77686 /* 198.199.118.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D3671A /* 198.211.103.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D3788A /* 198.211.120.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D37ABF /* 198.211.122.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D37CD6 /* 198.211.124.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D37DF2 /* 198.211.125.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6E9CCA5 /* 198.233.204.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F468AE /* 198.244.104.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F532AF /* 198.245.50.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F53348 /* 198.245.51.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F53D95 /* 198.245.61.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FC794F /* 198.252.121.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FC9945 /* 198.252.153.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FC996B /* 198.252.153.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FF5E72 /* 198.255.94.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FFB101 /* 198.255.177.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC70FFAD2 /* 199.15.250.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC71355FC /* 199.19.85.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC713D5B0 /* 199.19.213.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47B /* 199.68.196.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47C /* 199.68.196.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47D /* 199.68.196.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47E /* 199.68.196.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC747EA42 /* 199.71.234.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC74ADEAB /* 199.74.222.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7579AFF /* 199.87.154.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC773CDF8 /* 199.115.205.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC77FE296 /* 199.127.226.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7BCC235 /* 199.188.194.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7BD3EFB /* 199.189.62.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7BD564F /* 199.189.86.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7C3F9D4 /* 199.195.249.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7C3F9DD /* 199.195.249.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7F11DDF /* 199.241.29.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7FEEE2C /* 199.254.238.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7FEEE35 /* 199.254.238.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7FFDF58 /* 199.255.223.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC87AB50F /* 200.122.181.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8810B03 /* 200.129.11.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8810B05 /* 200.129.11.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8810B07 /* 200.129.11.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8E5C1C2 /* 200.229.193.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC944D734 /* 201.68.215.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC9561F26 /* 201.86.31.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC9837EC9 /* 201.131.126.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCA81509A /* 202.129.80.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCA8F5548 /* 202.143.85.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCB6DEA48 /* 203.109.234.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCB8D9ACA /* 203.141.154.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBBA4562 /* 203.186.69.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBD9AD92 /* 203.217.173.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBDC5CE6 /* 203.220.92.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBDDCF6C /* 203.221.207.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC089C8E /* 204.8.156.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC093219 /* 204.9.50.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC0B3283 /* 204.11.50.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC0DA46E /* 204.13.164.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC11382A /* 204.17.56.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC1B3C93 /* 204.27.60.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC2C5903 /* 204.44.89.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC55BF1E /* 204.85.191.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC66E0ED /* 204.102.224.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC98DC44 /* 204.152.220.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC98DCF7 /* 204.152.220.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC98DCF8 /* 204.152.220.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCCC21D04 /* 204.194.29.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCDA85485 /* 205.168.84.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCDB9733C /* 205.185.115.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCDB97E76 /* 205.185.126.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE2876E5 /* 206.40.118.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE36A784 /* 206.54.167.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE374A00 /* 206.55.74.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE374A01 /* 206.55.74.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE3FE590 /* 206.63.229.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCEAE719C /* 206.174.113.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCEB71F06 /* 206.183.31.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCEF8B87F /* 206.248.184.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF265260 /* 207.38.82.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF26D9BA /* 207.38.217.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF26E8C8 /* 207.38.232.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF701236 /* 207.112.18.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCFAC3596 /* 207.172.53.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCFC046FA /* 207.192.70.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCFF44623 /* 207.244.70.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0240203 /* 208.36.2.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0240204 /* 208.36.2.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0240205 /* 208.36.2.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD026F36B /* 208.38.243.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD040AFD9 /* 208.64.175.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD04FD17C /* 208.79.209.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0509A27 /* 208.80.154.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD053DF22 /* 208.83.223.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD059D3D0 /* 208.89.211.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD05EF21A /* 208.94.242.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD05EF2DE /* 208.94.242.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD05F031C /* 208.95.3.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD071A605 /* 208.113.166.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD076EB30 /* 208.118.235.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1064FB4 /* 209.6.79.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1068F99 /* 209.6.143.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD10F4ECD /* 209.15.78.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD12C72B2 /* 209.44.114.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD13AA08A /* 209.58.160.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD13AB45A /* 209.58.180.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1427796 /* 209.66.119.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD15AE005 /* 209.90.224.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD17BEA17 /* 209.123.234.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD17E47E9 /* 209.126.71.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD17E67CE /* 209.126.103.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18542D6 /* 209.133.66.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D22F0 /* 209.141.34.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D242A /* 209.141.36.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D2816 /* 209.141.40.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D3126 /* 209.141.49.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D328A /* 209.141.50.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D340D /* 209.141.52.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D3A44 /* 209.141.58.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD19F899C /* 209.159.137.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1A6AC0A /* 209.166.172.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1ABA216 /* 209.171.162.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1B53DDB /* 209.181.61.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1D04F05 /* 209.208.79.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1D2D215 /* 209.210.210.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1DE4DDC /* 209.222.77.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1F06DEE /* 209.240.109.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1F99D45 /* 209.249.157.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1F9B4C6 /* 209.249.180.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1FA06BE /* 209.250.6.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD2036698 /* 210.3.102.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD203669A /* 210.3.102.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD20366A5 /* 210.3.102.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD2362318 /* 210.54.35.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD298F13C /* 210.152.241.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD31AF589 /* 211.26.245.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD34C375C /* 211.76.55.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD37858ED /* 211.120.88.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD40370E2 /* 212.3.112.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD407D934 /* 212.7.217.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4106821 /* 212.16.104.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD410AA9E /* 212.16.170.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD411664D /* 212.17.102.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD41311D5 /* 212.19.17.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4143EE2 /* 212.20.62.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4154206 /* 212.21.66.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4190B15 /* 212.25.11.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD41A8C51 /* 212.26.140.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD41AF522 /* 212.26.245.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FDFC6 /* 212.47.223.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE295 /* 212.47.226.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE347 /* 212.47.227.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE34B /* 212.47.227.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE372 /* 212.47.227.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE3C3 /* 212.47.227.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE3EC /* 212.47.227.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE473 /* 212.47.228.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE502 /* 212.47.229.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE58A /* 212.47.229.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE605 /* 212.47.230.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE631 /* 212.47.230.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE7F1 /* 212.47.231.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE8E3 /* 212.47.232.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE8EC /* 212.47.232.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE8ED /* 212.47.232.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE921 /* 212.47.233.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE956 /* 212.47.233.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE9EB /* 212.47.233.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEAC0 /* 212.47.234.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEAD4 /* 212.47.234.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEB51 /* 212.47.235.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEC9D /* 212.47.236.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FED5F /* 212.47.237.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEE41 /* 212.47.238.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEEC1 /* 212.47.238.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEF53 /* 212.47.239.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEF97 /* 212.47.239.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEFA3 /* 212.47.239.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEFBB /* 212.47.239.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF00A /* 212.47.240.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF0BD /* 212.47.240.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF115 /* 212.47.241.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF35B /* 212.47.243.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF38C /* 212.47.243.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF3A6 /* 212.47.243.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF426 /* 212.47.244.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF462 /* 212.47.244.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF54C /* 212.47.245.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF5E3 /* 212.47.245.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF612 /* 212.47.246.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF615 /* 212.47.246.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF6D3 /* 212.47.246.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF871 /* 212.47.248.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF93F /* 212.47.249.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FFBB3 /* 212.47.251.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FFDDF /* 212.47.253.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FFE82 /* 212.47.254.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD433867B /* 212.51.134.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4338AC4 /* 212.51.138.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4338F14 /* 212.51.143.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43393ED /* 212.51.147.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339619 /* 212.51.150.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43396B8 /* 212.51.150.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339755 /* 212.51.151.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43397FA /* 212.51.151.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339C4E /* 212.51.156.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339E47 /* 212.51.158.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD438582F /* 212.56.88.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD438D6B2 /* 212.56.214.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43C7E33 /* 212.60.126.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43C8248 /* 212.60.130.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD444E4D5 /* 212.68.228.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD445A67A /* 212.69.166.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD445A699 /* 212.69.166.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD447FC74 /* 212.71.252.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD447FDE2 /* 212.71.253.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD448B013 /* 212.72.176.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD44AFEF3 /* 212.74.254.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD451C79F /* 212.81.199.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45328EE /* 212.83.40.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45328EF /* 212.83.40.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4538F2E /* 212.83.143.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4539A21 /* 212.83.154.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4539E05 /* 212.83.158.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4539E14 /* 212.83.158.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD453AE1A /* 212.83.174.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD453B03A /* 212.83.176.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD459E1F2 /* 212.89.225.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45CD6F6 /* 212.92.214.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45CDB0F /* 212.92.219.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46B9CE2 /* 212.107.156.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46B9CEE /* 212.107.156.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46DD983 /* 212.109.217.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46F28B1 /* 212.111.40.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46F298F /* 212.111.41.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD472FE5B /* 212.114.254.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD475B421 /* 212.117.180.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD475B42D /* 212.117.180.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD475B46B /* 212.117.180.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4763E03 /* 212.118.62.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4810454 /* 212.129.4.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD48126FE /* 212.129.38.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4812A09 /* 212.129.42.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD481313B /* 212.129.49.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4813431 /* 212.129.52.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4813EE8 /* 212.129.62.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD496868C /* 212.150.134.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F4FE4 /* 212.159.79.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F5B15 /* 212.159.91.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F64E8 /* 212.159.100.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F70C4 /* 212.159.112.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49FB1C6 /* 212.159.177.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4B5CE7A /* 212.181.206.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4B7D5E4 /* 212.183.213.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BA4726 /* 212.186.71.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BA59A2 /* 212.186.89.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BB6183 /* 212.187.97.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BBC8AA /* 212.187.200.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4C94483 /* 212.201.68.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4C94498 /* 212.201.68.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E04C94 /* 212.224.76.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E04EEA /* 212.224.78.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E05FA1 /* 212.224.95.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E05FE7 /* 212.224.95.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E30936 /* 212.227.9.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E81D65 /* 212.232.29.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4EEA021 /* 212.238.160.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4EED030 /* 212.238.208.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4FBD3FE /* 212.251.211.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD50544CA /* 213.5.68.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5117CB2 /* 213.17.124.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5150A1E /* 213.21.10.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD520136C /* 213.32.19.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5201537 /* 213.32.21.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52037C3 /* 213.32.55.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52037F7 /* 213.32.55.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52042C0 /* 213.32.66.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5204465 /* 213.32.68.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5205A0F /* 213.32.90.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5205A9A /* 213.32.90.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52077DB /* 213.32.119.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52F3136 /* 213.47.49.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D4274 /* 213.61.66.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D4275 /* 213.61.66.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D4276 /* 213.61.66.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D957D /* 213.61.149.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D957E /* 213.61.149.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD540416A /* 213.64.65.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD54963B6 /* 213.73.99.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD55F1536 /* 213.95.21.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD55F56B4 /* 213.95.86.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD56C6947 /* 213.108.105.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD56C6CEB /* 213.108.108.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD56D38C8 /* 213.109.56.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5708465 /* 213.112.132.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5717475 /* 213.113.116.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD571778A /* 213.113.119.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5729166 /* 213.114.145.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57292BB /* 213.114.146.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57295A0 /* 213.114.149.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD572E11E /* 213.114.225.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD572E952 /* 213.114.233.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57CA99F /* 213.124.169.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57CB319 /* 213.124.179.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58306BA /* 213.131.6.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD585639C /* 213.133.99.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD587C66A /* 213.135.198.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58845A2 /* 213.136.69.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58845ED /* 213.136.69.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5884715 /* 213.136.71.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD588506D /* 213.136.80.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5885159 /* 213.136.81.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5885CBC /* 213.136.92.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5885E0A /* 213.136.94.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58A66D1 /* 213.138.102.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58A6D90 /* 213.138.109.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58A6F1F /* 213.138.111.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58C5CC7 /* 213.140.92.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58D82E7 /* 213.141.130.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58D8AAE /* 213.141.138.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58D9613 /* 213.141.150.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5909D4B /* 213.144.157.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5975904 /* 213.151.89.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD598A11E /* 213.152.161.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD598A128 /* 213.152.161.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD59954D7 /* 213.153.84.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD59D0FEB /* 213.157.15.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD59FD02B /* 213.159.208.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A1050C /* 213.161.5.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A296BF /* 213.162.150.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A346EA /* 213.163.70.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A354C4 /* 213.163.84.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A354CC /* 213.163.84.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A354CD /* 213.163.84.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A7F2B7 /* 213.167.242.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B5CD3D /* 213.181.205.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B5CD3E /* 213.181.205.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B5CD3F /* 213.181.205.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B7388C /* 213.183.56.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B87E02 /* 213.184.126.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B87EF2 /* 213.184.126.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5BC3465 /* 213.188.52.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5BCF58B /* 213.188.245.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5BF1B7B /* 213.191.27.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5C5167C /* 213.197.22.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5C52623 /* 213.197.38.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5CAE924 /* 213.202.233.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5E1A0DF /* 213.225.160.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5E2B4A6 /* 213.226.180.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5E9E27B /* 213.233.226.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFC519 /* 213.239.197.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFCA95 /* 213.239.202.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFCDEF /* 213.239.205.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD329 /* 213.239.211.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD414 /* 213.239.212.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD8DE /* 213.239.216.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD912 /* 213.239.217.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD944 /* 213.239.217.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFF947 /* 213.239.249.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F3AC2E /* 213.243.172.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F53ED4 /* 213.245.62.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F62D4C /* 213.246.45.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F6383E /* 213.246.56.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F6384F /* 213.246.56.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F6385F /* 213.246.56.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FBC7AE /* 213.251.199.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FCA60F /* 213.252.166.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FCF469 /* 213.252.244.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FE201A /* 213.254.32.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD80CC652 /* 216.12.198.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD80CC653 /* 216.12.198.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD80CC654 /* 216.12.198.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8116390 /* 216.17.99.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD811654F /* 216.17.101.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD818F222 /* 216.24.242.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD837B515 /* 216.55.181.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD87FBB1D /* 216.127.187.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD89EE2D8 /* 216.158.226.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8BAA827 /* 216.186.168.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8BD96B9 /* 216.189.150.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8C3851B /* 216.195.133.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8C3A84E /* 216.195.168.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8D37E59 /* 216.211.126.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DA860C /* 216.218.134.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DA9383 /* 216.218.147.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0A /* 216.218.222.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0B /* 216.218.222.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0C /* 216.218.222.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0D /* 216.218.222.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8E6944D /* 216.230.148.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8EF5A13 /* 216.239.90.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8F455D3 /* 216.244.85.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8FCA213 /* 216.252.162.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9083D43 /* 217.8.61.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90B39E2 /* 217.11.57.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC743 /* 217.12.199.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC76C /* 217.12.199.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC79E /* 217.12.199.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC7BE /* 217.12.199.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC7D0 /* 217.12.199.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC7D1 /* 217.12.199.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCA28 /* 217.12.202.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCA4C /* 217.12.202.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCA74 /* 217.12.202.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCB2E /* 217.12.203.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCCA1 /* 217.12.204.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD075 /* 217.12.208.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD230 /* 217.12.210.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD25F /* 217.12.210.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD2CF /* 217.12.210.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD2D6 /* 217.12.210.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90DC505 /* 217.13.197.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD910B514 /* 217.16.181.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD910B614 /* 217.16.182.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9148248 /* 217.20.130.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170767 /* 217.23.7.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170B59 /* 217.23.11.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170B8A /* 217.23.11.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170D81 /* 217.23.13.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170FC8 /* 217.23.15.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9178A69 /* 217.23.138.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD919AD97 /* 217.25.173.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD919E2A0 /* 217.25.226.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD91C60B4 /* 217.28.96.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD91CDAEF /* 217.28.218.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD91D3AB8 /* 217.29.58.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD92ADC0E /* 217.42.220.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD93214DF /* 217.50.20.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD93FFE63 /* 217.63.254.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD945905E /* 217.69.144.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD946BF0D /* 217.70.191.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB23C /* 217.79.178.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB27E /* 217.79.178.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB3B1 /* 217.79.179.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB65F /* 217.79.182.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FBE19 /* 217.79.190.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD95235B5 /* 217.82.53.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD95509BC /* 217.85.9.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD967A496 /* 217.103.164.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD96BC10A /* 217.107.193.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9708318 /* 217.112.131.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9708362 /* 217.112.131.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9719E34 /* 217.113.158.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD97293F5 /* 217.114.147.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9730A83 /* 217.115.10.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9730A84 /* 217.115.10.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD975E3E2 /* 217.117.227.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD97AAF13 /* 217.122.175.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD97AC053 /* 217.122.192.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9840EFD /* 217.132.14.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD993D66B /* 217.147.214.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD996E2B4 /* 217.150.226.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD99B0A12 /* 217.155.10.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD99B2876 /* 217.155.40.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A00DAD /* 217.160.13.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A00FF7 /* 217.160.15.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A08D34 /* 217.160.141.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A0B20A /* 217.160.178.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A0B3E9 /* 217.160.179.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9AAC96A /* 217.170.201.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9AACD71 /* 217.170.205.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9AC204C /* 217.172.32.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9ACF73C /* 217.172.247.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C553A2 /* 217.197.83.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C55415 /* 217.197.84.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C55418 /* 217.197.84.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C556AD /* 217.197.86.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C55B91 /* 217.197.91.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9D1B3CA /* 217.209.179.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9D35942 /* 217.211.89.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9E416D8 /* 217.228.22.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9E4D647 /* 217.228.214.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9E74909 /* 217.231.73.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9EBEDEF /* 217.235.237.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9EEEC9E /* 217.238.236.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9EF0D24 /* 217.239.13.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F176FD /* 217.241.118.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F4AB1D /* 217.244.171.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F6BE2B /* 217.246.190.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F942DF /* 217.249.66.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FAD604 /* 217.250.214.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FB0E75 /* 217.251.14.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FD2262 /* 217.253.34.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FD2640 /* 217.253.38.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FE5EEF /* 217.254.94.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDAB44A3C /* 218.180.74.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB4EB793 /* 219.78.183.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB58E8E6 /* 219.88.232.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB685CD8 /* 219.104.92.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB6F57A5 /* 219.111.87.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB75CE2E /* 219.117.206.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB75F165 /* 219.117.241.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDC870EE4 /* 220.135.14.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCDC4591 /* 220.220.69.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCE97BAC /* 220.233.123.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCE9A811 /* 220.233.168.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCF05090 /* 220.240.80.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCFD0FF1 /* 220.253.15.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDD274EC9 /* 221.39.78.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDD7999B8 /* 221.121.153.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDDA12637 /* 221.161.38.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDE036590 /* 222.3.101.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDE0A3840 /* 222.10.56.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDE9BA103 /* 222.155.161.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF10252D /* 223.16.37.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF1A30F8 /* 223.26.48.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF87439F /* 223.135.67.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF87D907 /* 223.135.217.7/32 */, 32, NDPI_PROTOCOL_TOR }, /* - Twitch ingestion servers : - https://api.twitch.tv/kraken/ingests - Edoardo Dominici edoaramis@gmail.com + Twitch Interactive Inc. + origin AS46489 */ - { 0xB92ACC5D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACC92, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACCA4, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACCCD, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACC30, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FE15, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FE19, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD305, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104616, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010461D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104650, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104651, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FEA3, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FE87, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD85, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACDA4, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010419A, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC01041AD, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104172, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD68, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD55, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104219, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010421A, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010421B, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD205, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACCB05, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010413C, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010413D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010413E, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD105, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD005, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACCA05, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD06, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD14, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACCF3, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9C7, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9C9, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9CB, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBA4, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBA6, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBAA, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBB1, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBE8, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBE9, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBEA, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBEB, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFB, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFC, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFD, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFE, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FF4B, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FF4C, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F974, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F976, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F978, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F97D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F985, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F986, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F987, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F98C, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9C5, 32, NDPI_PROTOCOL_TWITCH }, + + { 0x17A00000 /* 23.160.0.0/24 */, 24, NDPI_PROTOCOL_TWITCH }, + { 0x2D718000 /* 45.113.128.0/22 */, 22, NDPI_PROTOCOL_TWITCH }, + { 0x34DFC000 /* 52.223.192.0/20 */, 20, NDPI_PROTOCOL_TWITCH }, + { 0x34DFD000 /* 52.223.208.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, + { 0x34DFD800 /* 52.223.216.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, + { 0x34DFE000 /* 52.223.224.0/20 */, 20, NDPI_PROTOCOL_TWITCH }, + { 0x34DFF000 /* 52.223.240.0/20 */, 20, NDPI_PROTOCOL_TWITCH }, + { 0x67353000 /* 103.53.48.0/22 */, 22, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACC00 /* 185.42.204.0/22 */, 22, NDPI_PROTOCOL_TWITCH }, + { 0xC0104000 /* 192.16.64.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, + { 0xC06CEF00 /* 192.108.239.0/24 */, 24, NDPI_PROTOCOL_TWITCH }, + { 0xC709F800 /* 199.9.248.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, /* - AnchorFree (Hotspot Shield) - AnchorFree Inc. AFNETWORK-1 (NET-74-115-0-0-1) 74.115.0.0 - 74.115.7.255 + AnchorFree, Inc. (Hotspot Shield) + origin AS26642 */ - { 0x4A730000, 21, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + + { 0x2E102200 /* 46.16.34.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x2E102300 /* 46.16.35.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x32752D00 /* 50.117.45.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x3F8DC600 /* 63.141.198.0/23 */, 23, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x4A730100 /* 74.115.1.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x4A730500 /* 74.115.5.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x4A730600 /* 74.115.6.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x55EDC500 /* 85.237.197.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x55EDDE00 /* 85.237.222.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xC62F7300 /* 198.47.115.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xC6906800 /* 198.144.104.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xC7FFD700 /* 199.255.215.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4A00 /* 204.14.74.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4C00 /* 204.14.76.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4D00 /* 204.14.77.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4E00 /* 204.14.78.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCDA42000 /* 205.164.32.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xD1498400 /* 209.73.132.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xD1499700 /* 209.73.151.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xD8AC8E00 /* 216.172.142.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, /* - Github: https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ - 192.30.252.0/22 + GitHub, Inc. + origin AS36459 */ + { 0xC01EFC00 /* 192.30.252.0/22 */, 22, NDPI_PROTOCOL_GITHUB }, /* -- cgit v1.2.3 From 100acbbe7b898b3d32841d6f2cda8b885634199a Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 20 Feb 2017 16:42:54 +0100 Subject: added missing .out --- tests/result/smpp_piggypack.pcap.out | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tests/result/smpp_piggypack.pcap.out diff --git a/tests/result/smpp_piggypack.pcap.out b/tests/result/smpp_piggypack.pcap.out new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From 76e1bed466b4c58bacacfbd6374b7d39cdadd814 Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 20 Feb 2017 16:45:26 +0100 Subject: update test dir to fix wrong pcap --- tests/pcap/smpp_piggypack.pcap | Bin 144 -> 0 bytes tests/result/smpp_piggypack.pcap.out | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 tests/pcap/smpp_piggypack.pcap delete mode 100644 tests/result/smpp_piggypack.pcap.out diff --git a/tests/pcap/smpp_piggypack.pcap b/tests/pcap/smpp_piggypack.pcap deleted file mode 100644 index 636cd75e3..000000000 Binary files a/tests/pcap/smpp_piggypack.pcap and /dev/null differ diff --git a/tests/result/smpp_piggypack.pcap.out b/tests/result/smpp_piggypack.pcap.out deleted file mode 100644 index e69de29bb..000000000 -- cgit v1.2.3 From 846f457db4b2ab267d2dbeaad2d4175c9ba079df Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 20 Feb 2017 17:25:19 +0100 Subject: update detection and tests --- tests/result/1kxun.pcap.out | 5 +- tests/result/KakaoTalk_chat.pcap.out | 67 +++++++------ tests/result/KakaoTalk_talk.pcap.out | 47 +++++---- tests/result/Viber_session.pcap.out | 5 +- tests/result/ocs.pcap.out | 12 +-- tests/result/quickplay.pcap.out | 4 +- tests/result/starcraft_battle.pcap.out | 52 +++++----- tests/result/viber_mobile.pcap.out | 11 ++- tests/result/webex.pcap.out | 115 +++++++++++------------ tests/result/weibo.pcap.out | 5 +- tests/result/whatsapp_login_call.pcap.out | 8 +- tests/result/whatsapp_voice_and_message.pcap.out | 7 +- 12 files changed, 164 insertions(+), 174 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index f53dabdd0..832e11264 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,6 +1,6 @@ Unknown 9 2428 7 DNS 2 378 1 -HTTP 8 500 3 +HTTP 5 324 2 MDNS 1 82 1 NTP 1 90 1 NetBIOS 31 3589 8 @@ -10,6 +10,7 @@ QQ 28 5216 2 SSL 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 +Google 3 176 1 HTTP_Proxy 33 11721 1 LLMNR 89 6799 47 Lync 2 132 1 @@ -120,7 +121,7 @@ Lync 2 132 1 103 UDP 192.168.5.50:64674 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] 104 UDP 192.168.5.57:65150 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] 105 UDP 192.168.3.236:65496 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] - 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7/HTTP][3 pkts/176 bytes] + 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][3 pkts/176 bytes] 107 UDP 192.168.119.1:67 <-> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes] 108 UDP 192.168.5.9:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: joanna-pc] 109 UDP 192.168.5.41:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 64aa1385f..fa510f8ba 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,4 +1,3 @@ -Unknown 2 181 1 DNS 2 217 1 HTTP 1 56 1 ICMP 1 147 1 @@ -6,6 +5,7 @@ SSL 29 4579 3 Facebook 215 51809 12 Google 16 1031 3 HTTP_Proxy 26 3926 1 +Amazon 2 181 1 KakaoTalk 55 9990 15 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] @@ -15,37 +15,34 @@ KakaoTalk 55 9990 15 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] - 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] - 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] - 13 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] - 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 15 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] - 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] - 23 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 25 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 26 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 27 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 28 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] - 29 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] - 30 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] - 31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] - 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] - 37 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] - - -Undetected flows: - 1 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 0/Unknown][2 pkts/181 bytes] + 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] + 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] + 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] + 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] + 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] + 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] + 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] + 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] + 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] + 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] + 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] + 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] + 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] + 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] + 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] + 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] + 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] + 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] + 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] + 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] + 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] + 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] + 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 78caf7ba6..85ec9a008 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,35 +1,32 @@ -Unknown 4 396 1 HTTP 5 280 1 QQ 15 1727 1 SSL_No_Cert 29 4024 1 RTP 2991 398751 2 -SSL 8 1378 3 -Facebook 2 197 1 +SSL 5 1198 1 +Facebook 5 377 3 Google 4 359 4 HTTP_Proxy 61 11946 3 Tor 40 10538 1 +Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] - 2 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] - 3 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 4 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] - 5 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91/SSL][2 pkts/124 bytes] - 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] - 7 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 8 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 131/HTTP_Proxy][45 pkts/10108 bytes] - 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 10 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 11 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] - 12 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91/SSL][1 pkts/56 bytes] - 13 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] - 14 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] - 15 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] - 16 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] - 17 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] - 18 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 19 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] - - -Undetected flows: - 1 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 0/Unknown][4 pkts/396 bytes] + 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] + 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] + 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] + 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] + 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] + 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] + 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 131/HTTP_Proxy][45 pkts/10108 bytes] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] + 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] + 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] + 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] + 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] + 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] + 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] + 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] + 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 17451e021..7cdc76e4f 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -1,5 +1,5 @@ Unknown 163 9995 7 -HTTP 14 862 8 +HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 SSL 80 7703 8 @@ -8,6 +8,7 @@ Dropbox 1 97 1 GMail 21 1891 1 Google 50 4084 5 Viber 4163 392492 4 +Amazon 1 66 1 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 126/Google][10 pkts/757 bytes] 2 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][9 pkts/692 bytes] @@ -16,7 +17,7 @@ Viber 4163 392492 4 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][23 pkts/3345 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 8 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7/HTTP][1 pkts/66 bytes] + 8 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] 9 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] 10 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 43674631a..abb202085 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,8 +1,8 @@ -Unknown 8 480 2 +Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 -SSL 32 4323 2 -Google 27 3797 4 +SSL 20 2715 1 +Google 41 5525 6 OCS 863 57552 7 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] @@ -11,7 +11,7 @@ OCS 863 57552 7 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] - 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91/SSL][12 pkts/1608 bytes] + 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] 10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] @@ -22,9 +22,9 @@ OCS 863 57552 7 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] 16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][client: mtalk.google.com] - 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] + 18 TCP 192.168.180.2:47699 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes] + 19 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] Undetected flows: 1 TCP 192.168.180.2:46166 <-> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes] - 2 TCP 192.168.180.2:47699 <-> 64.233.184.188:5228 [proto: 0/Unknown][2 pkts/120 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 312f1ce25..277e25fc8 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,7 +1,7 @@ -HTTP 2 1469 1 QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 +Amazon 2 1469 1 QuickPlay 133 96179 11 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] @@ -16,7 +16,7 @@ QuickPlay 133 96179 11 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7/HTTP][2 pkts/1469 bytes][Host: api.account.xiaomi.com] + 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index f7d59e0c8..2056ea4f4 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -1,4 +1,3 @@ -Unknown 2 121 1 DNS 26 2848 7 HTTP 271 160676 18 SSDP 11 4984 1 @@ -6,7 +5,7 @@ HTTPDownload 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 38 2548 11 -Google 14 1588 3 +Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 Starcraft 236 51494 6 @@ -40,29 +39,26 @@ Starcraft 236 51494 6 27 TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] - 30 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] - 31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] - 32 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] - 33 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] - 34 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa] - 35 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com] - 36 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com] - 37 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][3 pkts/234 bytes] - 38 IGMP 224.0.0.22:0 <-> 192.168.1.107:0 [proto: 82/IGMP][2 pkts/120 bytes] - 39 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes] - 40 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes] - 41 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes] - 42 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net] - 43 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] - 44 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] - 45 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] - 46 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 47 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 48 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 49 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 50 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] - 51 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 213/Starcraft][2 pkts/104 bytes] - - -Undetected flows: - 1 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 0/Unknown][2 pkts/121 bytes] + 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] + 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] + 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] + 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] + 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] + 35 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa] + 36 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com] + 37 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com] + 38 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][3 pkts/234 bytes] + 39 IGMP 224.0.0.22:0 <-> 192.168.1.107:0 [proto: 82/IGMP][2 pkts/120 bytes] + 40 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes] + 41 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes] + 42 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes] + 43 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net] + 44 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] + 45 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] + 46 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] + 47 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 48 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 49 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] + 50 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] + 51 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] + 52 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 213/Starcraft][2 pkts/104 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 0c1afb020..6ae99d378 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -1,16 +1,17 @@ Unknown 163 9995 7 DNS 16 1943 7 -HTTP 51 5299 8 +HTTP 43 4771 7 BitTorrent 57 13074 27 SSL_No_Cert 36 5874 1 -ICMP 4 518 3 +ICMP 3 370 2 SSL 79 21658 7 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 75 17027 7 +Google 76 17175 8 WhatsApp 31 6224 2 Viber 10081 1413446 4 +Amazon 8 528 1 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 122.146.250.88:9415 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] @@ -33,7 +34,7 @@ Viber 10081 1413446 4 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 20 UDP 88.176.55.218:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7/HTTP][8 pkts/528 bytes] + 22 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] 23 UDP 8.8.8.8:53 <-> 192.168.200.222:47874 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] 24 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] 25 UDP 92.249.148.218:53810 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] @@ -45,7 +46,7 @@ Viber 10081 1413446 4 31 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] 32 UDP 8.8.8.8:53 <-> 192.168.200.222:60474 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] 33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/148 bytes] + 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 50109bef0..889f7d4f9 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -1,68 +1,65 @@ -Unknown 16 1171 1 HTTP 22 3182 2 SSL_No_Cert 90 10682 5 -SSL 169 18825 18 +SSL 46 10727 4 SIP 22 15356 1 Google 17 6375 1 -Webex 1244 809312 29 +Webex 1380 818407 43 +Amazon 3 174 1 - 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/697 bytes] + 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][513 pkts/344086 bytes][server: *.webex.com] - 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/SSL][5 pkts/353 bytes] + 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][5 pkts/353 bytes] 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][16 pkts/7099 bytes][server: *.webex.com] - 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/SSL][8 pkts/639 bytes] - 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/SSL][8 pkts/639 bytes] + 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][8 pkts/639 bytes] + 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][8 pkts/639 bytes] 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][50 pkts/10360 bytes][server: *.webex.com] - 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/SSL][3 pkts/182 bytes] - 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/SSL][11 pkts/697 bytes] - 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/SSL][11 pkts/697 bytes] + 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][3 pkts/182 bytes] + 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] + 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][server: *.webex.com] - 12 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] - 13 TCP 107.20.242.44:443 <-> 10.133.206.47:59447 [proto: 91/SSL][3 pkts/174 bytes] - 14 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] - 15 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][server: *.webex.com] - 19 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/SSL][11 pkts/697 bytes] - 20 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][8 pkts/668 bytes] - 21 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][21 pkts/2530 bytes] - 22 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][20 pkts/2475 bytes] - 23 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][13 pkts/1733 bytes] - 24 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][client: radcom.webex.com] - 25 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][server: *.webex.com] - 26 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/697 bytes] - 28 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][server: *.webex.com] - 29 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/717 bytes] - 30 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][server: *.webex.com] - 31 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] - 32 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/SSL][8 pkts/515 bytes] - 33 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] - 34 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] - 35 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][server: *.webex.com] - 36 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][12 pkts/1791 bytes][Host: cp.pushwoosh.com] - 37 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][server: *.webex.com] - 38 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/SSL][11 pkts/697 bytes] - 39 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] - 40 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] - 41 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] - 42 TCP 185.63.147.10:443 <-> 10.133.206.47:54651 [proto: 91/SSL][3 pkts/174 bytes] - 43 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] - 44 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] - 45 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] - 46 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] - 47 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][server: www.webex.com] - 48 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][client: radcom.webex.com] - 49 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][client: radcom.webex.com] - 50 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][client: radcom.webex.com] - 51 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][server: *.webex.com] - 52 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] - 53 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] - 54 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/SSL][11 pkts/697 bytes] - 55 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com] - 56 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] - - -Undetected flows: - 1 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 0/Unknown][16 pkts/1171 bytes] + 12 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][16 pkts/1171 bytes] + 13 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] + 14 TCP 107.20.242.44:443 <-> 10.133.206.47:59447 [proto: 91.178/SSL.Amazon][3 pkts/174 bytes] + 15 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 19 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][server: *.webex.com] + 20 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] + 21 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][8 pkts/668 bytes] + 22 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][21 pkts/2530 bytes] + 23 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][20 pkts/2475 bytes] + 24 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][13 pkts/1733 bytes] + 25 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][client: radcom.webex.com] + 26 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][server: *.webex.com] + 28 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] + 29 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][server: *.webex.com] + 30 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][11 pkts/717 bytes] + 31 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][server: *.webex.com] + 32 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] + 33 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][8 pkts/515 bytes] + 34 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] + 35 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] + 36 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][server: *.webex.com] + 37 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][12 pkts/1791 bytes][Host: cp.pushwoosh.com] + 38 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][server: *.webex.com] + 39 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] + 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] + 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] + 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] + 43 TCP 185.63.147.10:443 <-> 10.133.206.47:54651 [proto: 91/SSL][3 pkts/174 bytes] + 44 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] + 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] + 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] + 47 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] + 48 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][server: www.webex.com] + 49 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][client: radcom.webex.com] + 50 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][client: radcom.webex.com] + 51 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][client: radcom.webex.com] + 52 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][server: *.webex.com] + 53 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] + 54 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] + 55 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] + 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com] + 57 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 801983bcb..c1d4bc2b7 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -1,7 +1,8 @@ DNS 11 1129 6 HTTP 19 2275 5 -SSL 17 1366 11 +SSL 15 1234 10 Google 10 660 5 +Amazon 2 132 1 QUIC 23 4118 2 Sina(Weibo) 418 258007 15 @@ -42,7 +43,7 @@ Sina(Weibo) 418 258007 15 35 UDP 192.168.1.1:53 <-> 192.168.1.105:54988 [proto: 5/DNS][2 pkts/154 bytes][Host: weibo.com] 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][14 pkts/2174 bytes] 37 TCP 216.58.214.78:443 <-> 192.168.1.105:58480 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91/SSL][2 pkts/132 bytes] + 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][2 pkts/132 bytes] 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][3 pkts/214 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 1a5f00e1e..50231ba14 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,10 +1,10 @@ HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 -STUN 37 3674 4 +STUN 27 2322 2 ICMP 10 700 1 SSL 8 589 2 -Facebook 60 8112 12 +Facebook 70 9464 14 Dropbox 4 2176 1 Apple 127 28102 20 WhatsApp 182 25154 2 @@ -16,9 +16,9 @@ WhatsAppVoice 706 91156 4 2 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes] 3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes] - 5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes] + 5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] - 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes] + 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index b11413687..d9f0484aa 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,4 @@ -STUN 10 1352 2 -Facebook 34 4564 6 +Facebook 44 5916 8 WhatsApp 217 22139 5 1 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] @@ -13,5 +12,5 @@ WhatsApp 217 22139 5 9 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][30 pkts/4709 bytes] 10 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][27 pkts/2220 bytes] 11 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][52 pkts/4611 bytes] - 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78/STUN][5 pkts/676 bytes] - 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes] + 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] -- cgit v1.2.3 From c2c92b2e9bd8ac9d82b2056ed7887827679c990a Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 21 Feb 2017 13:04:17 +0100 Subject: added double tagging 802.1Q in dissection of vlan pkt --- example/ndpi_util.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 09b8c58b6..7741faf36 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -1,7 +1,7 @@ /* * ndpi_util.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -717,6 +717,12 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; ip_offset += 4; vlan_packet = 1; + // double tagging for 802.1Q + if(type == 0x8100) { + vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; + type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + ip_offset += 4; + } break; case MPLS_UNI: case MPLS_MULTI: -- cgit v1.2.3 From a787287bfa02b8fe69d9b8655e9e27073d3a9a43 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 22 Feb 2017 17:14:52 +0100 Subject: fix and improved netflix detection by user-agent --- example/ndpiReader.c | 2 +- src/lib/protocols/http.c | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 72b495912..e7761e7f7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1,7 +1,7 @@ /* * ndpiReader.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 41e04467c..e8b22a145 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1,8 +1,7 @@ /* * http.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -326,8 +325,12 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } } + else if(memcmp(ua, "netflix-ios-app", 15) == 0) { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NETFLIX); + return; + } } - + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -419,8 +422,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ (char*)packet->content_line.ptr, packet->content_line.len, NDPI_PROTOCOL_HTTP); } - - /* check user agent here too */ } static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 889cdbff3c553789969b5f4d59a513dd0bf8bf4f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 25 Feb 2017 06:31:07 +0100 Subject: Fixed bug that can lkead to a crash in iqiyi dissector --- src/lib/protocols/http.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e8b22a145..5ca47476a 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -841,9 +841,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct // additional field in http payload x = 1; while(packet->line[x].len != 0) { - if((memcmp(packet->line[x].ptr, "qyid", 4)) == 0 && - (memcmp(packet->line[x+1].ptr, "qypid", 5)) == 0 && - (memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) { + if(packet->line[x].ptr && ((memcmp(packet->line[x].ptr, "qyid", 4)) == 0) + && packet->line[x+1].ptr && ((memcmp(packet->line[x+1].ptr, "qypid", 5)) == 0) + && packet->line[x+2].ptr && ((memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) + ) { flow->l4.tcp.ppstream_stage++; iqiyi_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); -- cgit v1.2.3 From fd93036b792bc33a81cb46164b7a3184d8723fd6 Mon Sep 17 00:00:00 2001 From: Campus Date: Sun, 5 Mar 2017 12:38:15 +0100 Subject: better improvement of netflix traffic detection - added netflix pcap and output - change little bit http detection behaviour --- src/lib/protocols/http.c | 43 +++++++++++++++++++-------- tests/pcap/netflix.pcap | Bin 0 -> 6267049 bytes tests/result/netflix.pcap.out | 67 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 12 deletions(-) create mode 100644 tests/pcap/netflix.pcap create mode 100644 tests/result/netflix.pcap.out diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 5ca47476a..82167e204 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -341,7 +341,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - + + /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, @@ -356,25 +357,43 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); flow->nat_ip[len] = '\0'; - + if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) - && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) - ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)flow->host_server_name, - strlen((const char *)flow->host_server_name), - NDPI_PROTOCOL_HTTP); + /** + check result of host subprotocol detection + + if "detected" in flow == 0 then "detected" = "guess" + else "guess" = "detected" + **/ + if(flow->detected_protocol_stack[1] == 0) { + flow->detected_protocol_stack[1] = flow->guessed_protocol_id; + if(flow->detected_protocol_stack[0] == 0) + flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; + } + else { + if(flow->detected_protocol_stack[1] != flow->guessed_protocol_id) + flow->guessed_protocol_id = flow->detected_protocol_stack[1]; + if(flow->detected_protocol_stack[0] != flow->guessed_host_protocol_id) + flow->guessed_host_protocol_id = flow->detected_protocol_stack[0]; + } + + /* if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ + /* && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) */ + /* ndpi_match_host_subprotocol(ndpi_struct, flow, */ + /* (char *)flow->host_server_name, */ + /* strlen((const char *)flow->host_server_name), */ + /* NDPI_PROTOCOL_HTTP); */ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) && (packet->http_origin.len > 0)) ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)packet->http_origin.ptr, - packet->http_origin.len, - NDPI_PROTOCOL_HTTP); - + (char *)packet->http_origin.ptr, + packet->http_origin.len, + NDPI_PROTOCOL_HTTP); + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); diff --git a/tests/pcap/netflix.pcap b/tests/pcap/netflix.pcap new file mode 100644 index 000000000..5139cf5cc Binary files /dev/null and b/tests/pcap/netflix.pcap differ diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out new file mode 100644 index 000000000..ec6e125c6 --- /dev/null +++ b/tests/result/netflix.pcap.out @@ -0,0 +1,67 @@ +DNS 4 386 2 +SSDP 16 2648 1 +IGMP 1 60 1 +NetFlix 6976 6151821 56 +Amazon 2 126 1 + + 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][126 pkts/128603 bytes][Host: art-2.nflximg.net] + 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][637 pkts/745904 bytes][Host: tp.akam.nflximg.com] + 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/34971 bytes][Host: art-1.nflximg.net] + 4 UDP 192.168.1.1:53 <-> 192.168.1.7:51543 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 5 UDP 192.168.1.1:53 <-> 192.168.1.7:51949 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 6 UDP 192.168.1.1:53 <-> 192.168.1.7:52095 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 7 UDP 192.168.1.1:53 <-> 192.168.1.7:52347 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] + 8 UDP 192.168.1.1:53 <-> 192.168.1.7:57093 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] + 9 UDP 192.168.1.1:53 <-> 192.168.1.7:57719 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] + 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][53 pkts/45005 bytes] + 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][55 pkts/47007 bytes] + 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][49 pkts/32105 bytes] + 13 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][53 pkts/30613 bytes] + 14 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/29233 bytes] + 15 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][60 pkts/40140 bytes] + 16 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25252 bytes] + 17 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][1307 pkts/1242780 bytes][Host: 23.246.3.140] + 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][1872 pkts/1858337 bytes][Host: 23.246.11.141] + 19 IGMP 192.168.1.7:0 <-> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] + 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][27 pkts/16505 bytes][Host: api-global.netflix.com] + 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][148 pkts/73954 bytes][client: api-global.netflix.com] + 22 TCP 52.41.30.5:443 <-> 192.168.1.7:53239 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] + 23 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] + 24 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] + 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][31 pkts/10934 bytes][client: ios.nccp.netflix.com] + 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][22 pkts/10239 bytes][client: ios.nccp.netflix.com] + 27 TCP 52.41.30.5:443 <-> 192.168.1.7:53249 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] + 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][37 pkts/9285 bytes][client: ichnaea.netflix.com] + 29 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] + 30 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] + 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][63 pkts/47005 bytes][Host: art-2.nflximg.net] + 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][21 pkts/13259 bytes][Host: art-2.nflximg.net] + 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/42239 bytes][Host: art-1.nflximg.net] + 34 UDP 192.168.1.1:53 <-> 192.168.1.7:51622 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 35 UDP 192.168.1.1:53 <-> 192.168.1.7:51728 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] + 36 UDP 192.168.1.1:53 <-> 192.168.1.7:52116 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] + 37 UDP 192.168.1.1:53 <-> 192.168.1.7:58102 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] + 38 UDP 192.168.1.1:53 <-> 192.168.1.7:59180 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] + 39 UDP 192.168.1.1:53 <-> 192.168.1.7:60962 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] + 40 UDP 192.168.1.7:53776 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] + 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][58 pkts/47176 bytes] + 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][50 pkts/25032 bytes] + 43 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25348 bytes] + 44 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][57 pkts/28485 bytes] + 45 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][52 pkts/28063 bytes] + 46 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/28320 bytes] + 47 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] + 48 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] + 49 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] + 50 TCP 52.24.87.6:443 <-> 192.168.1.7:52929 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] + 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][28 pkts/6662 bytes][client: api-global.netflix.com] + 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][20 pkts/3017 bytes][client: api-global.netflix.com] + 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][40 pkts/13487 bytes][client: api-global.netflix.com] + 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][25 pkts/8201 bytes][client: api-global.netflix.com] + 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][41 pkts/33170 bytes][Host: appboot.netflix.com] + 56 TCP 52.41.30.5:443 <-> 192.168.1.7:53250 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] + 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][25 pkts/8228 bytes][client: ios.nccp.netflix.com] + 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][34 pkts/12728 bytes][client: ichnaea.netflix.com] + 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][31 pkts/14720 bytes][client: ios.nccp.netflix.com] + 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][38 pkts/18536 bytes][client: ios.nccp.netflix.com] + 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][230 pkts/209948 bytes][client: art-s.nflximg.net] -- cgit v1.2.3 From f831f30556a0178682061432cd1ab537f4cdc625 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 7 Mar 2017 10:19:29 +0100 Subject: Fixed invalid SNMP detection --- src/lib/protocols/snmp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c index b4af37442..71de7589b 100644 --- a/src/lib/protocols/snmp.c +++ b/src/lib/protocols/snmp.c @@ -41,6 +41,8 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) { int offset; + u_int16_t u16; + switch (packet->payload[1]) { case 0x81: offset = 3; @@ -56,8 +58,10 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n offset = 2; } - if (get_u_int16_t(packet->payload, offset) != htons(0x0201)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, 0x0201 pattern not found\n"); + u16 = ntohs(get_u_int16_t(packet->payload, offset)); + + if((u16 != 0x0201) && (u16 != 0x0204)) { + NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); goto excl; } -- cgit v1.2.3 From 940c185c5d6ae3c523e2b46c608792475e8e206e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 7 Mar 2017 10:40:42 +0100 Subject: Improved BJNP protocol --- src/lib/protocols/bjnp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 260bbb9ea..28ddede05 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -17,8 +17,12 @@ static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, st u_int32_t payload_len = packet->payload_packet_len; if(packet->udp != NULL) { - if(payload_len > 2) { - if(strncmp((const char *)packet->payload, "BJNP", 4) == 0) { + if(payload_len > 4) { + if((memcmp((const char *)packet->payload, "BJNP", 4) == 0) + || (memcmp((const char *)packet->payload, "BNJB", 4) == 0) + || (memcmp((const char *)packet->payload, "BJNB", 4) == 0) + || (memcmp((const char *)packet->payload, "MFNP", 4) == 0) + ) { NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "Found bjnp.\n"); ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0); return; -- cgit v1.2.3 From 6a27b6262d3967301b4abc7008d4441e17b305da Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 7 Mar 2017 19:25:34 +0100 Subject: Added disclaimer --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 02e44350d..5d7c7e95c 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,9 @@ The entire procedure of adding new protocols in detail: You can use nDPI to selectively block selected Internet traffic by embedding it onto an application (remember that nDPI us just a library). Both [ntopng](https://github.com/ntop/ntopng) and [nProbe cento](http://www.ntop.org/products/netflow/nprobe-cento/) can do this. +### DISCLAIMER +While we do our best to detect network protocols, we cannot guarantee that our software is error free and 100% accurate in protocol detection. Please make sure that you respect the privacy of users and you have proper authorization to listen, capture and inspect network traffic. + ### Creating A Source File Tar Ball If you want to distribute a source tar file of nDPI do: -- cgit v1.2.3 From 616b6ce4d5230f103e6b68744b8b15f2b7040226 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Thu, 9 Mar 2017 04:54:42 +0000 Subject: spelling: address --- src/lib/protocols/msn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 2f5b6c468..2ef60e8ff 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -203,7 +203,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if(memcmp(&packet->payload[5], "http://", 7) == 0) { /* * We are searching for a pattern "POST http://gateway.messenger.hotmail.com/gateway/gateway.dll" or - * "POST http:///gateway/gateway.dll" + * "POST http:///gateway/gateway.dll" * POST http:// is 12 byte so we are searching for 13 to 70 byte for this paten. */ for(c = 13; c < 50; c++) { -- cgit v1.2.3 From b0e0b2920131620faed24cbf8ce2060158430464 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Thu, 9 Mar 2017 04:56:31 +0000 Subject: spelling: associated --- src/lib/third_party/src/ndpi_patricia.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index c9c052314..ccf76473d 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -874,7 +874,7 @@ ndpi_patricia_remove (patricia_tree_t *patricia, patricia_node_t *node) #endif /* PATRICIA_DEBUG */ /* this might be a placeholder node -- have to check and make sure - * there is a prefix aossciated with it ! */ + * there is a prefix associated with it ! */ if(node->prefix != NULL) ndpi_Deref_Prefix (node->prefix); node->prefix = NULL; -- cgit v1.2.3 From 5a2f556ff744971cc88b38845bff0b1dc847e182 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:20:18 +0000 Subject: spelling: compatibility --- packages/ubuntu/debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ubuntu/debian/rules b/packages/ubuntu/debian/rules index 0000bdaf5..a5fbcda09 100755 --- a/packages/ubuntu/debian/rules +++ b/packages/ubuntu/debian/rules @@ -5,7 +5,7 @@ # # debian/compat -# We should use at least comparibily version 5 +# We should use at least compatibility version 5 # but this requires the whole building process # to be remade and this is something we leave # to when we will have more time -- cgit v1.2.3 From 6a7ad10ae0d9f7dcfc24cc2c0482dbd430cf2bc1 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:22:34 +0000 Subject: spelling: conservative --- src/lib/protocols/ftp_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index 47b45ec4c..f5622ffb5 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -62,7 +62,7 @@ static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; - /* A FTP packet is pretty long so 256 is a bit consrvative but it should be OK */ + /* A FTP packet is pretty long so 256 is a bit conservative but it should be OK */ if(packet->payload_packet_len < 256) return 0; -- cgit v1.2.3 From e115e0b89e6286721c9d7eb5f7cc0195220b34be Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:26:33 +0000 Subject: spelling: creating --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e7761e7f7..6a6a7a135 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -867,7 +867,7 @@ static void printResults(u_int64_t tot_usec) { if(json_flag) { #ifdef HAVE_JSON_C if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { - printf("Error createing .json file %s\n", _jsonFilePath); + printf("Error creating .json file %s\n", _jsonFilePath); json_flag = 0; } else { jObj_main = json_object_new_object(); -- cgit v1.2.3 From 064562558525e5377ad71545919b130b2eab9da9 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:31:28 +0000 Subject: spelling: datastructure --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2bf1a103e..51c9bef7a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -528,7 +528,7 @@ static void addDefaultPort(ndpi_port_range *range, NOTE This function must be called with a semaphore set, this in order to avoid - changing the datastrutures while using them + changing the datastructures while using them */ static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -605,7 +605,7 @@ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struc NOTE This function must be called with a semaphore set, this in order to avoid - changing the datastrutures while using them + changing the datastructures while using them */ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id) { -- cgit v1.2.3 From e89ce717ba2e6ddf06b5c4bf365157dc70c6cc8d Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:31:56 +0000 Subject: spelling: delivered --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 82167e204..a807f669b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -847,7 +847,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } /* check PPStream protocol or iQiyi service - (iqiyi is deliverd by ppstream) */ + (iqiyi is delivered by ppstream) */ // substring in url if(strstr((const char*) &packet->payload[filename_start], "iqiyi.com") != NULL) { if(kxun_counter == 0) { -- cgit v1.2.3 From 47f9f54b896d20fed175c44ad971575294064f8e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:32:19 +0000 Subject: spelling: discarded --- src/lib/protocols/zattoo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 41d369cf7..3b6adcec8 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -230,7 +230,7 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct } NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, - "ZATTOO: discarted the flow (TCP): packet_size: %u; Flowstage: %u\n", + "ZATTOO: discarded the flow (TCP): packet_size: %u; Flowstage: %u\n", packet->payload_packet_len, flow->zattoo_stage); } -- cgit v1.2.3 From 3dbb97413c6a936ec73a0679cd461167f58e26c4 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:32:57 +0000 Subject: spelling: encryption --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 68e332c23..506f79ddd 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -170,7 +170,7 @@ struct ndpi_wifi_header u_char trsm[6]; u_char dest[6]; u_int16_t seq_ctrl; - /* u_int64_t ccmp - for data encription only - check fc.flag */ + /* u_int64_t ccmp - for data encryption only - check fc.flag */ } PACK_OFF; /* +++++++++++++++++++++++ MPLS header +++++++++++++++++++++++ */ -- cgit v1.2.3 From f8fed9be7e443c8261c5eba764135f0dd21d7ae5 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:33:32 +0000 Subject: spelling: exclude --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index a807f669b..79d61fc94 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1181,7 +1181,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, ndpi_struct->callback_buffer[a].detection_bitmask); - /*Delete protocol from exluded protocol bitmask*/ + /*Delete protocol from excluded protocol bitmask*/ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_UNKNOWN); NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); -- cgit v1.2.3 From 66e93da6f530ea83b16f14c1ec3e89f00517f8f0 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:33:20 +0000 Subject: spelling: excluding --- src/lib/protocols/gnutella.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index e45096391..1ead0570b 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -203,7 +203,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[packet->payload_packet_len - 2] == 0x0a) { if (packet->payload_packet_len > 3 && memcmp(packet->payload, "GIV", 3) == 0) { NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "MORPHEUS GIV DETECTED\n"); - /* Not Excludeing the flow now.. We shall Check the next Packet too for Gnutella Patterns */ + /* Not Excluding the flow now.. We shall Check the next Packet too for Gnutella Patterns */ return; } } -- cgit v1.2.3 From d5b15c498b7ea0ae1efd2b77ba4aa5c5e75472dc Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:34:28 +0000 Subject: spelling: five --- src/lib/protocols/ayiya.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 59f319f9c..6e5401093 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -51,11 +51,11 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct /* FINISH */ struct ayiya *a = (struct ayiya*)packet->payload; u_int32_t epoch = ntohl(a->epoch), now; - u_int32_t fireyears = 86400 * 365 * 5; + u_int32_t fiveyears = 86400 * 365 * 5; now = flow->packet.tick_timestamp; - if((epoch >= (now - fireyears)) && (epoch <= (now+86400 /* 1 day */))) + if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN); return; -- cgit v1.2.3 From d332370298609be321d40c708c8fdbb12c119b14 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:37:41 +0000 Subject: spelling: googlesyndication --- example/protos.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/protos.txt b/example/protos.txt index 4c995f543..b3f24ddb5 100644 --- a/example/protos.txt +++ b/example/protos.txt @@ -10,7 +10,7 @@ tcp:3000@ntop # Format: # host:"",host:"",.....@ -host:"googlesyndacation.com"@Google +host:"googlesyndication.com"@Google host:"venere.com"@Venere host:"kataweb.it",host:"repubblica.it"@Repubblica host:"ntop"@ntop -- cgit v1.2.3 From 4a5407feb7689e5a537534670f3db8f6ae105ead Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:43:45 +0000 Subject: spelling: incomplete --- src/lib/third_party/src/ndpi_patricia.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index ccf76473d..13ed71371 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -84,7 +84,7 @@ int ndpi_comp_with_mask (void *addr, void *dest, u_int mask) { return (0); } -/* this allows imcomplete prefix */ +/* this allows incomplete prefix */ int ndpi_my_inet_pton (int af, const char *src, void *dst) { -- cgit v1.2.3 From 120e3473f8bea2725b098a7f05acc0b327617643 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:43:57 +0000 Subject: spelling: initialize --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 51c9bef7a..b1903908b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3067,7 +3067,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, } if((flow->next_tcp_seq_nr[0] == 0 && flow->next_tcp_seq_nr[1] == 0) || (proxy_enabled && (flow->next_tcp_seq_nr[0] == 0 || flow->next_tcp_seq_nr[1] == 0))) { - /* initalize tcp sequence counters */ + /* initialize tcp sequence counters */ /* the ack flag needs to be set to get valid sequence numbers from the other * direction. Usually it will catch the second packet syn+ack but it works * also for asymmetric traffic where it will use the first data packet -- cgit v1.2.3 From c51f88e62a0e4b519b41099e0003860839b99452 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:44:26 +0000 Subject: spelling: interface --- example/ndpiReader.c | 2 +- src/lib/third_party/include/ndpi_patricia.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6a6a7a135..29f6bc054 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -52,7 +52,7 @@ #include "ndpi_util.h" /** Client parameters **/ -static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interafaces */ +static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interfaces */ static FILE *playlist_fp[MAX_NUM_READER_THREADS] = { NULL }; /**< Ingress playlist */ static FILE *results_file = NULL; static char *results_path = NULL; diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h index 3053cf9e1..bb1806877 100644 --- a/src/lib/third_party/include/ndpi_patricia.h +++ b/src/lib/third_party/include/ndpi_patricia.h @@ -236,7 +236,7 @@ MRT Credits originally written by him. Alexey Kuznetsov made enhancements to 1.4.3a and fixed the Linux - kernel intarface. Linux's netlink interface was written, referring to + kernel interface. Linux's netlink interface was written, referring to his code "iproute2". We would also like to thank our other colleagues in Japan, Portugal, -- cgit v1.2.3 From 7bb615a262ddc6605f4fb4763c7612f45f8c0c28 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:45:36 +0000 Subject: spelling: length --- src/lib/protocols/smpp.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index d6d898893..3185cbf44 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -31,9 +31,9 @@ static void ndpi_int_smpp_add_connection(struct ndpi_detection_module_struct* nd ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMPP, NDPI_PROTOCOL_UNKNOWN); } -static u_int8_t ndpi_check_overflow(u_int32_t current_legth, u_int32_t total_lenth) +static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_lenth) { - return (current_legth > 0 && current_legth > INT_MAX - total_lenth); + return (current_length > 0 && current_length > INT_MAX - total_lenth); } void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, @@ -122,7 +122,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, switch(pdu_type){ // GENERIC_NACK case 0x80000000: - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; @@ -134,7 +134,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, case 0x00000009: // status field must be NULL if(get_u_int32_t(packet->payload, 8) != 0) extra_passed = 0; - // min body lengh = 10 bytes (+16 in header) + // min body length = 10 bytes (+16 in header) if(pdu_l < 26) extra_passed = 0; break; @@ -160,13 +160,13 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, case 0x00000006: // status field must be NULL if(get_u_int32_t(packet->payload, 8) != 0) extra_passed = 0; - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; // UNBIND_RESP case 0x80000006: - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; @@ -277,13 +277,13 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, case 0x00000015: // status field must be NULL if(get_u_int32_t(packet->payload, 8) != 0) extra_passed = 0; - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; // ENQUIRE_LINK_RESP case 0x80000015: - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; -- cgit v1.2.3 From fa34be1a00acc856c46c3d80048563dae7da27f1 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:52:59 +0000 Subject: spelling: modified --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 29f6bc054..a631b68be 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1183,7 +1183,7 @@ static void pcap_packet_callback_checked(u_char *args, /* check for buffer changes */ if(memcmp(packet, packet_checked, header->caplen) != 0) - printf("INTERNAL ERROR: ingress packet was nodified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", + printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count); free(packet_checked); } -- cgit v1.2.3 From 35fe91116ab18182fbf558d16a5740635dfa7c86 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:48:05 +0000 Subject: spelling: ninety --- src/lib/protocols/irc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index e63e7a7b2..b2b73ac5f 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -141,14 +141,14 @@ static u_int8_t ndpi_check_for_IRC_traces(const u_int8_t * ptr, u_int16_t len) } -u_int8_t ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast\n"); + "called ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast\n"); /* case 1: len 1460, len 1460, len 1176 several times in one direction, than len = 4, 4096, 8192 in the other direction */ if (packet->payload_packet_len == 1460 @@ -475,7 +475,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && - ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast(ndpi_struct, flow) != 0) { + ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(ndpi_struct, flow) != 0) { return; } -- cgit v1.2.3 From 1aa10f5211c9e8ac147cd6375fa1e2e78156a961 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:58:56 +0000 Subject: spelling: optimization --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b1903908b..4d2f04aa5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3012,7 +3012,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - /* const for gcc code optimisation and cleaner code */ + /* const for gcc code optimization and cleaner code */ struct ndpi_packet_struct *packet = &flow->packet; const struct ndpi_iphdr *iph = packet->iph; #ifdef NDPI_DETECTION_SUPPORT_IPV6 -- cgit v1.2.3 From 04014d73d94664acc725c87f53b0fa2efbf43e56 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:00:07 +0000 Subject: spelling: pedantic --- src/lib/protocols/tor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index c9ab55542..f6987ef19 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -69,7 +69,7 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } else { -#ifdef PENDANTIC_TOR_CHECK +#ifdef PEDANTIC_TOR_CHECK if(gethostbyname(certificate) == NULL) { ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); -- cgit v1.2.3 From fbe1fb285d2392d1a01dc13761350b4c727b9215 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:00:21 +0000 Subject: spelling: platform --- example/ndpi_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 7741faf36..105459054 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -353,7 +353,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } else { inet_ntop(AF_INET6, &iph6->ip6_src, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET6, &iph6->ip6_dst, newflow->upper_name, sizeof(newflow->upper_name)); - /* For consistency across platfoms replace :0: with :: */ + /* For consistency across platforms replace :0: with :: */ patchIPv6Address(newflow->lower_name), patchIPv6Address(newflow->upper_name); } -- cgit v1.2.3 From 18916e682f9c935870008d9a95b0ff8f3359b81d Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:01:58 +0000 Subject: spelling: prerequisites --- README.nDPI | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.nDPI b/README.nDPI index e189db765..0fe5eb1d0 100644 --- a/README.nDPI +++ b/README.nDPI @@ -1,4 +1,4 @@ -rerequisites for Compilation +Prerequisites for Compilation ----------------------------- Prerequisites -- cgit v1.2.3 From 7bac815938bfaed9b8d5be789db093fba1199786 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:00:38 +0000 Subject: spelling: protocol --- src/lib/protocols/rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index e5ae25476..b206ff5aa 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -27,7 +27,7 @@ #ifdef NDPI_PROTOCOL_RX -/* See http://web.mit.edu/kolya/afs/rx/rx-spec for procotol description. */ +/* See http://web.mit.edu/kolya/afs/rx/rx-spec for protocol description. */ /* The should be no need for explicit packing, but just in case... */ PACK_ON -- cgit v1.2.3 From fba88e225f0f7c803f47582205e875b826c193bf Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:06:05 +0000 Subject: spelling: remove --- src/lib/protocols/sopcast.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 64a50542a..63590fec7 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -144,7 +144,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } - /* this case has been seen once. Please revome this comment, if you see it another time */ + /* this case has been seen once. Please remove this comment, if you see it another time */ if (packet->payload_packet_len == 60 && packet->payload[0] == 0x00 && packet->payload[2] == 0x01 && packet->payload[8] == 0x03 && packet->payload[9] == 0xff @@ -174,7 +174,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } - /* this case has been seen once. Please revome this comment, if you see it another time */ + /* this case has been seen once. Please remove this comment, if you see it another time */ if (packet->payload_packet_len == 286 && packet->payload[0] == 0x00 && packet->payload[1] == 0x02 && packet->payload[2] == 0x01 && packet->payload[3] == 0x07 && packet->payload[4] == 0x03 -- cgit v1.2.3 From d178bec60e105ec9e4349e48f6da1da52d3f39e7 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:02:56 +0000 Subject: spelling: reset --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 506f79ddd..b19b53fa0 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -348,7 +348,7 @@ struct ndpi_id_struct { /** detected_protocol_bitmask: access this bitmask to find out whether an id has used skype or not - if a flag is set here, it will not be resetted + if a flag is set here, it will not be reset to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; -- cgit v1.2.3 From ce0a3e858ab553d2144aaa4e9bdec0a6a1d9771d Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:06:44 +0000 Subject: spelling: scrupulous --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 79d61fc94..33b15c689 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -903,7 +903,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->host_line.ptr != NULL) { /** - nDPI is pretty scrupoulous about HTTP so it waits until the + nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. -- cgit v1.2.3 From 710d528215ee1a57cc0d5b3e5c4c728b86ad42c5 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:07:00 +0000 Subject: spelling: second --- src/lib/protocols/msn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 2ef60e8ff..dd652ef1f 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -373,7 +373,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } } } - /* finished examining the secone packet only */ + /* finished examining the second packet only */ /* direct user connection (file transfer,...) */ if((src != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0) -- cgit v1.2.3 From 7a2dcf0f9fbc100cf261b0b8f97726429e1cfe69 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:10:05 +0000 Subject: spelling: soulseek --- src/lib/protocols/soulseek.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 2e13edd3a..c7acc3bdc 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -82,7 +82,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, - "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseeek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", + "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", dst->soulseek_listen_port, packet->tick_timestamp, dst->soulseek_last_safe_access_time, ndpi_struct->soulseek_connection_ip_tick_timeout); dst->soulseek_last_safe_access_time = packet->tick_timestamp; @@ -100,7 +100,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload_packet_len >= 12 && packet->payload_packet_len < 300 && get_l32(packet->payload, 4) == 1) { while (!get_u_int16_t(packet->payload, index + 2) && (index + get_l32(packet->payload, index)) < packet->payload_packet_len - 4) { - if(get_l32(packet->payload, index) < 8) /*Minimum soulsek login msg is 8B */ + if(get_l32(packet->payload, index) < 8) /*Minimum soulseek login msg is 8B */ break; if(index + get_l32(packet->payload, index) + 4 <= index) { -- cgit v1.2.3 From 249b5d67837ca57e115e1ffb34404dfa1286fffe Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:10:38 +0000 Subject: spelling: structure --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 4d2f04aa5..c90615e77 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2211,7 +2211,7 @@ void ndpi_set_bitmask_protocol_detection( char * label, } /* - Set function and index protocol within proto_default strcuture for port protocol detection + Set function and index protocol within proto_default structure for port protocol detection and callback_buffer function for DPI protocol detection */ ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx = idx; -- cgit v1.2.3 From 11fc826e52b41363f57edd303b5403dd52c72b71 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:10:54 +0000 Subject: spelling: switch --- src/lib/protocols/msn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index dd652ef1f..2938d39b8 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -509,7 +509,7 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* we deal with tcp now */ if(packet->tcp != NULL) { /* msn can use http or ssl for connection. That's why every http, ssl and ukn packet must enter in the msn detection */ - /* the detection can swich out the http or the ssl detection. In this case we need not check those protocols */ + /* the detection can switch out the http or the ssl detection. In this case we need not check those protocols */ // need to do the ceck when protocol == http too (POST /gateway ...) if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN #ifdef NDPI_PROTOCOL_HTTP -- cgit v1.2.3 From 9a5402518c0069d056ab921028cfa32502bae550 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:13:00 +0000 Subject: spelling: unencrypted --- src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_typedefs.h | 6 ++-- src/lib/ndpi_main.c | 4 +-- src/lib/protocols/jabber.c | 68 ++++++++++++++++++++--------------------- src/lib/protocols/ssl.c | 14 ++++----- 5 files changed, 47 insertions(+), 47 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index b74f384e6..2e453689b 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -103,7 +103,7 @@ #define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype Ultrasurf?) - ntop.org */ #define NDPI_PROTOCOL_IRC 65 #define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67 +#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 #define NDPI_PROTOCOL_MSN 68 #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index b19b53fa0..cd10d3dd1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -385,7 +385,7 @@ struct ndpi_id_struct { #ifdef NDPI_PROTOCOL_ZATTOO u_int32_t zattoo_ts; #endif -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER u_int32_t jabber_stun_or_ft_ts; #endif #ifdef NDPI_PROTOCOL_DIRECTCONNECT @@ -404,7 +404,7 @@ struct ndpi_id_struct { u_int16_t bt_port_t[NDPI_BT_PORTS]; u_int16_t bt_port_u[NDPI_BT_PORTS]; #endif -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER #define JABBER_MAX_STUN_PORTS 6 u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS]; u_int16_t jabber_file_transfer_port[2]; @@ -425,7 +425,7 @@ struct ndpi_id_struct { #ifdef NDPI_PROTOCOL_OSCAR u_int8_t oscar_ssl_session_id[33]; #endif -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER u_int8_t jabber_voice_stun_used_ports; #endif #ifdef NDPI_PROTOCOL_SIP diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c90615e77..87d479fd7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1037,9 +1037,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPED_JABBER, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, no_master, - no_master, "Unencryped_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, + no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 8457df7dd..d8be54adf 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -25,7 +25,7 @@ #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER struct jabber_string { char *string; u_int ndpi_protocol; @@ -70,19 +70,19 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st u_int16_t x; - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER detection....\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER detection....\n"); /* search for jabber file transfer */ /* this part is working asymmetrically */ if (packet->tcp != NULL && packet->tcp->syn != 0 && packet->payload_packet_len == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "check jabber syn\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "check jabber syn\n"); if (src != NULL && src->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src jabber ft port set, ports are: %u, %u\n", ntohs(src->jabber_file_transfer_port[0]), ntohs(src->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - src->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER src stun timeout %u %u\n", src->jabber_stun_or_ft_ts, packet->tick_timestamp); src->jabber_file_transfer_port[0] = 0; @@ -91,20 +91,20 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || src->jabber_file_transfer_port[0] == packet->tcp->source || src->jabber_file_transfer_port[1] == packet->tcp->dest || src->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "found jabber file transfer.\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, - NDPI_PROTOCOL_UNENCRYPED_JABBER); + NDPI_PROTOCOL_UNENCRYPTED_JABBER); } } if (dst != NULL && dst->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst jabber ft port set, ports are: %u, %u\n", ntohs(dst->jabber_file_transfer_port[0]), ntohs(dst->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - dst->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER dst stun timeout %u %u\n", dst->jabber_stun_or_ft_ts, packet->tick_timestamp); dst->jabber_file_transfer_port[0] = 0; @@ -113,11 +113,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || dst->jabber_file_transfer_port[0] == packet->tcp->source || dst->jabber_file_transfer_port[1] == packet->tcp->dest || dst->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "found jabber file transfer.\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, - NDPI_PROTOCOL_UNENCRYPED_JABBER); + NDPI_PROTOCOL_UNENCRYPTED_JABBER); } } return; @@ -129,23 +129,23 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st /* this part parses a packet and searches for port=. it works asymmetrically. */ - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNENCRYPED_JABBER) { + if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNENCRYPTED_JABBER) { u_int16_t lastlen; u_int16_t j_port = 0; /* check for google jabber voip connections ... */ /* need big packet */ if (packet->payload_packet_len < 100) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet too small, return.\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet too small, return.\n"); return; } /* need message to or type for file-transfer */ if (memcmp(packet->payload, "payload, "payload_packet_len - 11; for (x = 10; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -155,16 +155,16 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL) { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; @@ -172,12 +172,12 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } if (dst != NULL) { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; @@ -191,7 +191,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else if (memcmp(packet->payload, "payload, "payload, "payload_packet_len - 21; for (x = 8; x < lastlen; x++) { /* invalid character */ @@ -199,7 +199,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st return; } if (packet->payload[x] == '@') { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER @\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER @\n"); break; } } @@ -211,7 +211,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st for (; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -222,7 +222,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL && src->jabber_voice_stun_used_ports < JABBER_MAX_STUN_PORTS - 1) { @@ -232,11 +232,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; @@ -251,11 +251,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; @@ -282,7 +282,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || ndpi_strnstr((const char *)&packet->payload[13], "xmlns:stream=\"http://etherx.jabber.org/streams\"", start)) { /* Protocol family */ - ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPED_JABBER); + ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); /* search for subprotocols */ check_content_type_and_change_protocol(ndpi_struct, flow, 13); @@ -291,13 +291,13 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter: %u\n", flow->packet_counter); return; } - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER Excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UNENCRYPED_JABBER); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER Excluded.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER); #ifdef NDPI_PROTOCOL_TRUPHONE NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TRUPHONE); @@ -307,8 +307,8 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - ndpi_set_bitmask_protocol_detection("Unencryped_Jabber", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_UNENCRYPED_JABBER, + ndpi_set_bitmask_protocol_detection("Unencrypted_Jabber", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_search_jabber_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index bc64a6695..ca42adbbe 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -363,14 +363,14 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) +#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; // struct ndpi_id_struct *src=flow->src; // struct ndpi_id_struct *dst=flow->dst; u_int32_t a; u_int32_t end; -#if defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPED_JABBER) != 0) +#if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) goto check_for_ssl_payload; #endif #if defined(NDPI_PROTOCOL_OSCAR) @@ -382,13 +382,13 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct check_for_ssl_payload: end = packet->payload_packet_len - 20; for (a = 5; a < end; a++) { -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER if(packet->payload[a] == 't') { if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "ssl jabber packet match\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "ssl jabber packet match\n"); if(NDPI_COMPARE_PROTOCOL_TO_BITMASK - (ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPED_JABBER) != 0) { - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPED_JABBER); + (ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) { + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); return; } } -- cgit v1.2.3 From 65cde78f6dca8a3d4c9aa35a4ad96dbac923f1b9 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:11:52 +0000 Subject: spelling: unknown --- src/lib/protocols/btlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index beea43d0d..5685eb7e9 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -401,7 +401,7 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { p->e_len = cbd->v.s.l; return; } - // DEBUG_TRACE(print_safe_str("UKNOWN",cbd)); + // DEBUG_TRACE(print_safe_str("UNKNOWN",cbd)); } -- cgit v1.2.3 From e17f62d26149b176d59deb9b7b643b3c57d223bb Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:21:51 +0000 Subject: spelling: values --- src/lib/protocols/btlib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index b68adbad1..a9ca53786 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -150,9 +150,9 @@ struct bt_parse_protocol { struct bt_nodes6_data *nodes6; u_int16_t name_len; u_int16_t nn; // nodes num - u_int16_t nv; // valuse num + u_int16_t nv; // values num u_int16_t nn6; // nodes6 num - u_int16_t nv6; // valuse6 num + u_int16_t nv6; // values6 num u_int16_t port; u_int16_t t_len; } r; -- cgit v1.2.3 From 40aaa05456115d9e04ec68eebccc12dfbf46aa47 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Mar 2017 01:16:58 +0100 Subject: Minor changes for tracking Youtube content Added test pcap for working on quic/youtube dissector --- src/lib/ndpi_content_match.c.inc | 2 ++ tests/pcap/youtube_quic.pcap | Bin 0 -> 196287 bytes 2 files changed, 2 insertions(+) create mode 100644 tests/pcap/youtube_quic.pcap diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 86927edb2..5670eeb33 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8012,6 +8012,8 @@ ndpi_protocol_match host_match[] = { { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/tests/pcap/youtube_quic.pcap b/tests/pcap/youtube_quic.pcap new file mode 100644 index 000000000..78a28bb86 Binary files /dev/null and b/tests/pcap/youtube_quic.pcap differ -- cgit v1.2.3 From 6bc35b92d392afb45d67246e65960a66ed7f3c8c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Mar 2017 01:19:35 +0100 Subject: Result file for youtube_quic.pcap --- tests/result/youtube_quic.pcap.out | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 tests/result/youtube_quic.pcap.out diff --git a/tests/result/youtube_quic.pcap.out b/tests/result/youtube_quic.pcap.out new file mode 100644 index 000000000..b5e31b109 --- /dev/null +++ b/tests/result/youtube_quic.pcap.out @@ -0,0 +1,5 @@ +QUIC 289 191639 3 + + 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188/QUIC][18 pkts/8665 bytes] + 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188/QUIC][13 pkts/4479 bytes] + 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188/QUIC][258 pkts/178495 bytes] -- cgit v1.2.3 From 9962eb1f085c07b03c38375e2a688850cf82a8ce Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Mar 2017 14:33:03 +0100 Subject: Fixed invalid QUIC header parsing --- src/lib/protocols/quic.c | 66 ++++++++++++++++++++------------------ tests/result/youtube_quic.pcap.out | 9 +++--- 2 files changed, 40 insertions(+), 35 deletions(-) diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 35b8d0911..5a7fc70ab 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -81,40 +81,44 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found QUIC.\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN); - if(udp_len > quic_hlen + 17 + 4 && - !strncmp((char*)&packet->payload[quic_hlen+17], "CHLO" /* Client Hello */, 4)) { - /* Check if SNI (Server Name Identification) is present */ - for(i=quic_hlen+12; ipayload[i] == 'S') - && (packet->payload[i+1] == 'N') - && (packet->payload[i+2] == 'I') - && (packet->payload[i+3] == 0)) { - u_int32_t offset = *((u_int32_t*)&packet->payload[i+4]); - u_int32_t prev_offset = *((u_int32_t*)&packet->payload[i-4]); - int len = offset-prev_offset; - int sni_offset = i+prev_offset+1; - - while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-')) - sni_offset++; - - if((sni_offset+len) < udp_len) { - int max_len = sizeof(flow->host_server_name)-1, j = 0; - - if(len > max_len) len = max_len; - - while((len > 0) && (sni_offset < udp_len)) { - flow->host_server_name[j++] = packet->payload[sni_offset]; - sni_offset++, len--; + if(packet->payload[quic_hlen+12] != 0xA0) + quic_hlen++; + + if(udp_len > quic_hlen + 16 + 4) { + if(!strncmp((char*)&packet->payload[quic_hlen+16], "CHLO" /* Client Hello */, 4)) { + /* Check if SNI (Server Name Identification) is present */ + for(i=quic_hlen+12; ipayload[i] == 'S') + && (packet->payload[i+1] == 'N') + && (packet->payload[i+2] == 'I') + && (packet->payload[i+3] == 0)) { + u_int32_t offset = *((u_int32_t*)&packet->payload[i+4]); + u_int32_t prev_offset = *((u_int32_t*)&packet->payload[i-4]); + int len = offset-prev_offset; + int sni_offset = i+prev_offset+1; + + while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-')) + sni_offset++; + + if((sni_offset+len) < udp_len) { + int max_len = sizeof(flow->host_server_name)-1, j = 0; + + if(len > max_len) len = max_len; + + while((len > 0) && (sni_offset < udp_len)) { + flow->host_server_name[j++] = packet->payload[sni_offset]; + sni_offset++, len--; + } + + ndpi_match_host_subprotocol(ndpi_struct, flow, + (char *)flow->host_server_name, + strlen((const char*)flow->host_server_name), + NDPI_PROTOCOL_QUIC); + } - ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)flow->host_server_name, - strlen((const char*)flow->host_server_name), - NDPI_PROTOCOL_QUIC); - + break; } - - break; } } } diff --git a/tests/result/youtube_quic.pcap.out b/tests/result/youtube_quic.pcap.out index b5e31b109..0ca9427bb 100644 --- a/tests/result/youtube_quic.pcap.out +++ b/tests/result/youtube_quic.pcap.out @@ -1,5 +1,6 @@ -QUIC 289 191639 3 +YouTube 258 178495 1 +Google 31 13144 2 - 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188/QUIC][18 pkts/8665 bytes] - 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188/QUIC][13 pkts/4479 bytes] - 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188/QUIC][258 pkts/178495 bytes] + 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][18 pkts/8665 bytes][Host: googleads.g.doubleclick.net] + 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][13 pkts/4479 bytes][Host: pagead2.googlesyndication.com] + 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][258 pkts/178495 bytes][Host: yt3.ggpht.com] -- cgit v1.2.3 From 5de6a96af5754c13846883b556f58fc79831c61d Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 15 Mar 2017 17:28:31 +0100 Subject: change behaviour for https://github.com/ntop/nDPI/issues/344 - fix skype detection deleting parts that detect host name and ip addr (duplicate behaviour) - improved any detection after fix - added skype host name --- example/ndpiReader.c | 38 +- example/ndpi_util.c | 40 +- src/include/ndpi_api.h | 46 - src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 5 +- src/lib/ndpi_main.c | 2536 +++++++++++++++----------------- src/lib/protocols/skype.c | 32 - src/lib/protocols/ssl.c | 5 - tests/result/1kxun.pcap.out | 5 +- tests/result/KakaoTalk_talk.pcap.out | 6 +- tests/result/Oscar.pcap.out | 4 +- tests/result/openvpn.pcap.out | 5 +- tests/result/skype.pcap.out | 322 ++-- tests/result/skype_no_unknown.pcap.out | 10 +- 14 files changed, 1433 insertions(+), 1623 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a631b68be..aa5db8821 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -370,18 +370,18 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { ntohs(flow->upper_port)); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); - + if(flow->detected_protocol.master_protocol) { char buf[64]; fprintf(out, "[proto: %u.%u/%s]", - flow->detected_protocol.master_protocol, flow->detected_protocol.protocol, + flow->detected_protocol.master_protocol, flow->detected_protocol.app_protocol, ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol, buf, sizeof(buf))); } else fprintf(out, "[proto: %u/%s]", - flow->detected_protocol.protocol, - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.protocol)); + flow->detected_protocol.app_protocol, + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); fprintf(out, "[%u pkts/%llu bytes]", flow->packets, (long long unsigned int) flow->bytes); @@ -405,23 +405,23 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->upper_port))); if(flow->detected_protocol.master_protocol) - json_object_object_add(jObj,"detected.masterprotocol",json_object_new_int(flow->detected_protocol.master_protocol)); + json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol)); - json_object_object_add(jObj,"detected.protocol",json_object_new_int(flow->detected_protocol.protocol)); + json_object_object_add(jObj,"detected.app_protocol",json_object_new_int(flow->detected_protocol.app_protocol)); if(flow->detected_protocol.master_protocol) { char tmp[256]; snprintf(tmp, sizeof(tmp), "%s.%s", ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.master_protocol), - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.protocol)); + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(tmp)); } else json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.protocol))); + flow->detected_protocol.app_protocol))); json_object_object_add(jObj,"packets",json_object_new_int(flow->packets)); json_object_object_add(jObj,"bytes",json_object_new_int(flow->bytes)); @@ -458,7 +458,7 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); - if(flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) return; + if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) return; if((which == ndpi_preorder) || (which == ndpi_leaf)) /* Avoid walking the same node multiple times */ printFlow(thread_id, flow); @@ -472,7 +472,7 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) return; + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) return; if((which == ndpi_preorder) || (which == ndpi_leaf)) /* Avoid walking the same node multiple times */ printFlow(thread_id, flow); @@ -491,10 +491,10 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi ntohl(flow->upper_ip), ntohs(flow->upper_port)); // printf("Guess state: %u\n", flow->detected_protocol); - if(flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) + if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++; - return(flow->detected_protocol.protocol); + return(flow->detected_protocol.app_protocol); } @@ -511,15 +511,15 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow); if(enable_protocol_guess) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { node_guess_undetected_protocol(thread_id, flow); // printFlow(thread_id, flow); } } - ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.protocol] += flow->packets; - ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.protocol] += flow->bytes; - ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.protocol]++; + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->packets; + ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->bytes; + ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; } } @@ -541,7 +541,7 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, /* update stats */ node_proto_guess_walker(node, which, depth, user_data); - if((flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) && !undetected_flows_deleted) + if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) && !undetected_flows_deleted) undetected_flows_deleted = 1; ndpi_free_flow_info_half(flow); @@ -565,8 +565,8 @@ static void on_protocol_discovered(struct ndpi_workflow * workflow, if(verbose > 1){ if(enable_protocol_guess) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { - flow->detected_protocol.protocol = node_guess_undetected_protocol(thread_id, flow), + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; } } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 105459054..8fe104b3e 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -322,9 +322,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow flow.lower_ip = lower_ip, flow.upper_ip = upper_ip; flow.lower_port = lower_port, flow.upper_port = upper_port; - if(0) - NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_DEBUG, "[NDPI] [%u][%u:%u <-> %u:%u]\n", - iph->protocol, lower_ip, ntohs(lower_port), upper_ip, ntohs(upper_port)); + NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_DEBUG, "[NDPI] [%u][%u:%u <-> %u:%u]\n", + iph->protocol, lower_ip, ntohs(lower_port), upper_ip, ntohs(upper_port)); idx = (vlan_id + lower_ip + upper_ip + iph->protocol + lower_port + upper_port) % workflow->prefs.num_roots; ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); @@ -491,7 +490,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, iph ? (uint8_t *)iph : (uint8_t *)iph6, ipsize, time, src, dst); - if((flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) + if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { /* New protocol detected or give up */ @@ -499,7 +498,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if(flow->detection_completed) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); } @@ -507,29 +506,36 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) { + /* BITTORRENT */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { int i, j, n = 0; - + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + j += 2, n += flow->ndpi_flow->bittorent_hash[i]; } - + if(n == 0) flow->bittorent_hash[0] = '\0'; - } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_MDNS) { + } + /* MDNS */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_MDNS) { snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); - } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UBNTAC2) { + } + /* UBNTAC2 */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UBNTAC2) { snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); } - - if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) { + if((proto == IPPROTO_TCP) && (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_DNS)) { + /* SSH */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSH) { snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", flow->ndpi_flow->protos.ssh.client_signature); snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", flow->ndpi_flow->protos.ssh.server_signature); - } else if((flow->detected_protocol.protocol == NDPI_PROTOCOL_SSL) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + } + /* SSL */ + else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", flow->ndpi_flow->protos.ssl.client_certificate); snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", @@ -538,7 +544,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if(flow->detection_completed) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { if (workflow->__flow_giveup_callback != NULL) workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); } else { diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index b380c8b03..79de7017e 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -224,52 +224,6 @@ extern "C" { struct ndpi_id_struct *src, struct ndpi_id_struct *dst); - - /** - * Processes one packet of L4 and returns the ID of the detected protocol. - * L3 and L4 packet headers are passed in the arguments while payload - * points to the L4 body. - * This function mimics ndpi_detection_process_packet behaviour. - * - * @par ndpi_struct = the detection module - * @par flow = pointer to the connection state machine - * @par iph = IP packet header for IPv4 or NULL - * @par iph6 = IP packet header for IPv6 or NULL - * @par tcp = TCP packet header for TCP or NULL - * @par udp = UDP packet header for UDP or NULL - * @par src_to_dst_direction = order of src/dst state machines in a flow. - * @par l4_proto = L4 protocol of the packet. - * @par src = pointer to the source subscriber state machine - * @par dst = pointer to the destination subscriber state machine - * @par sport = source port of L4 packet, used for protocol guessing. - * @par dport = destination port of L4 packet, used for protocol guessing. - * @par current_tick_l = the current timestamp for the packet - * @par payload = unsigned char pointer to the Layer 4 (TCP/UDP body) - * @par payload_len = the length of the payload - * @return the detected ID of the protocol - * - * NOTE: in a current implementation flow->src and flow->dst are swapped with - * the src_to_dst_direction flag while ndpi_detection_process_packet does not swap - * these values. - * - */ - -ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - struct ndpi_tcphdr *tcp, - struct ndpi_udphdr *udp, - u_int8_t src_to_dst_direction, - u_int8_t l4_proto, - struct ndpi_id_struct *src, - u_int16_t sport, - struct ndpi_id_struct *dst, - u_int16_t dport, - const u_int64_t current_tick_l, - u_int8_t *payload, u_int16_t payload_len); - - /** * Get the main protocol of the passed flows for the detected module diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index cd10d3dd1..96cea5353 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -781,7 +781,7 @@ typedef struct _ndpi_automa { } ndpi_automa; typedef struct ndpi_proto { - u_int16_t master_protocol /* e.g. HTTP */, protocol /* e.g. FaceBook */; + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; } ndpi_protocol; #define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN } diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5670eeb33..1ad13fbd2 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7989,9 +7989,12 @@ ndpi_protocol_match host_match[] = { { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", /* no final . */ "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 87d479fd7..f7346594e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1,7 +1,7 @@ /* * ndpi_main.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -21,7 +21,6 @@ * */ - #include #include #include "ahocorasick.h" @@ -58,9 +57,8 @@ int check_punycode_string(char * buffer , int len) /* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */ /* find or insert datum into search tree */ -void * -ndpi_tsearch(const void *vkey, void **vrootp, - int (*compar)(const void *, const void *)) +void * ndpi_tsearch(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) { ndpi_node *q; char *key = (char *)vkey; @@ -87,9 +85,8 @@ ndpi_tsearch(const void *vkey, void **vrootp, } /* delete node with given key */ -void * -ndpi_tdelete(const void *vkey, void **vrootp, - int (*compar)(const void *, const void *)) +void * ndpi_tdelete(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) { ndpi_node **rootp = (ndpi_node **)vrootp; char *key = (char *)vkey; @@ -129,8 +126,7 @@ ndpi_tdelete(const void *vkey, void **vrootp, } /* Walk the nodes of a tree */ -static void -ndpi_trecurse(ndpi_node *root, void (*action)(const void *, ndpi_VISIT, int, void*), int level, void *user_data) +static void ndpi_trecurse(ndpi_node *root, void (*action)(const void *, ndpi_VISIT, int, void*), int level, void *user_data) { if(root->left == (ndpi_node *)0 && root->right == (ndpi_node *)0) (*action)(root, ndpi_leaf, level, user_data); @@ -146,8 +142,7 @@ ndpi_trecurse(ndpi_node *root, void (*action)(const void *, ndpi_VISIT, int, voi } /* Walk the nodes of a tree */ -void -ndpi_twalk(const void *vroot, void (*action)(const void *, ndpi_VISIT, int, void *), void *user_data) +void ndpi_twalk(const void *vroot, void (*action)(const void *, ndpi_VISIT, int, void *), void *user_data) { ndpi_node *root = (ndpi_node *)vroot; @@ -156,8 +151,8 @@ ndpi_twalk(const void *vroot, void (*action)(const void *, ndpi_VISIT, int, void } /* find a node, or return 0 */ -void* ndpi_tfind(const void *vkey, void *vrootp, - int (*compar)(const void *, const void *)) +void * ndpi_tfind(const void *vkey, void *vrootp, + int (*compar)(const void *, const void *)) { char *key = (char *)vkey; ndpi_node **rootp = (ndpi_node **)vrootp; @@ -178,7 +173,8 @@ void* ndpi_tfind(const void *vkey, void *vrootp, /* ****************************************** */ /* Walk the nodes of a tree */ -static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) { +static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) +{ if(root->left != NULL) ndpi_tdestroy_recurse(root->left, free_action); if(root->right != NULL) @@ -188,9 +184,10 @@ static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) ndpi_free(root); } -void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { +void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) +{ ndpi_node *root = (ndpi_node *) vrootp; - + if(root != NULL) ndpi_tdestroy_recurse(root, freefct); } @@ -199,7 +196,8 @@ void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { u_int8_t ndpi_net_match(u_int32_t ip_to_check, u_int32_t net, - u_int32_t num_bits) { + u_int32_t num_bits) +{ u_int32_t mask = 0; mask = ~(~mask >> num_bits); @@ -208,7 +206,8 @@ u_int8_t ndpi_net_match(u_int32_t ip_to_check, } u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, - u_int32_t net, u_int32_t num_bits) { + u_int32_t net, u_int32_t num_bits) +{ return(ndpi_net_match(src, net, num_bits) || ndpi_net_match(dst, net, num_bits)); } @@ -262,9 +261,8 @@ static const u_char charmap[] = { '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', }; -int -strcasecmp(s1, s2) - const char *s1, *s2; +int strcasecmp(s1, s2) + const char *s1, *s2; { register const u_char *cm = charmap, *us1 = (const u_char *)s1, @@ -276,10 +274,9 @@ strcasecmp(s1, s2) return (cm[*us1] - cm[*--us2]); } -int -strncasecmp(s1, s2, n) - const char *s1, *s2; -register size_t n; +int strncasecmp(s1, s2, n) + const char *s1, *s2; + register size_t n; { if(n != 0) { register const u_char *cm = charmap, @@ -312,11 +309,12 @@ static int removeDefaultPort(ndpi_port_range *range, /* ****************************************** */ -void* ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } +void * ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } /* ****************************************** */ -void* ndpi_calloc(unsigned long count, size_t size) { +void * ndpi_calloc(unsigned long count, size_t size) +{ size_t len = count*size; void *p = ndpi_malloc(len); @@ -328,13 +326,14 @@ void* ndpi_calloc(unsigned long count, size_t size) { /* ****************************************** */ -void ndpi_free(void *ptr) { if(_ndpi_free) _ndpi_free(ptr); else free(ptr); } +void ndpi_free(void *ptr) { if(_ndpi_free) _ndpi_free(ptr); else free(ptr); } /* ****************************************** */ -void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { +void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size) +{ void *ret = ndpi_malloc(new_size); - + if(!ret) return(ret); else { @@ -345,7 +344,8 @@ void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { } /* ****************************************** */ -char *ndpi_strdup(const char *s) { +char * ndpi_strdup(const char *s) +{ int len = strlen(s); char *m = ndpi_malloc(len+1); @@ -357,29 +357,25 @@ char *ndpi_strdup(const char *s) { return(m); } -/* ****************************************** */ +/* *********************************************************************************** */ -u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) -{ - return sizeof(struct ndpi_flow_struct); -} +u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) { return sizeof(struct ndpi_flow_struct); } -/* ****************************************** */ +/* *********************************************************************************** */ -u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) -{ - return sizeof(struct ndpi_id_struct); -} +u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct ndpi_id_struct); } -/* ******************************************************************** */ +/* *********************************************************************************** */ -char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) { +char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) +{ return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); } -/* ****************************************************** */ +/* *********************************************************************************** */ -u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) +{ u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); for(i = 0; i < num; i++) @@ -389,14 +385,15 @@ u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, return(NDPI_PROTOCOL_UNKNOWN); } -/* ******************************************************************** */ +/* ************************************************************************************* */ -ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports, - u_int16_t portA_low, u_int16_t portA_high, - u_int16_t portB_low, u_int16_t portB_high, - u_int16_t portC_low, u_int16_t portC_high, - u_int16_t portD_low, u_int16_t portD_high, - u_int16_t portE_low, u_int16_t portE_high) { +ndpi_port_range * ndpi_build_default_ports_range(ndpi_port_range *ports, + u_int16_t portA_low, u_int16_t portA_high, + u_int16_t portB_low, u_int16_t portB_high, + u_int16_t portC_low, u_int16_t portC_high, + u_int16_t portD_low, u_int16_t portD_high, + u_int16_t portE_low, u_int16_t portE_high) +{ int i = 0; ports[i].port_low = portA_low, ports[i].port_high = portA_high; i++; @@ -408,14 +405,15 @@ ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports, return(ports); } -/* ******************************************************************** */ +/* *********************************************************************************** */ -ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, - u_int16_t portA, - u_int16_t portB, - u_int16_t portC, - u_int16_t portD, - u_int16_t portE) { +ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, + u_int16_t portA, + u_int16_t portB, + u_int16_t portC, + u_int16_t portD, + u_int16_t portE) +{ int i = 0; ports[i].port_low = portA, ports[i].port_high = portA; i++; @@ -427,13 +425,14 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, return(ports); } -/* ******************************************************************** */ +/* ********************************************************************************** */ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) { + ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) +{ char *name; int j; @@ -469,20 +468,22 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, /* ******************************************************************** */ -static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { +static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) +{ ndpi_default_ports_tree_node_t *fa = (ndpi_default_ports_tree_node_t*)a; ndpi_default_ports_tree_node_t *fb = (ndpi_default_ports_tree_node_t*)b; - + //printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port); - + return((fa->default_port == fb->default_port) ? 0 : ((fa->default_port < fb->default_port) ? -1 : 1)); } /* ******************************************************************** */ -void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { +void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) +{ ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - + printf("<%d>Walk on node %s (%u)\n", depth, @@ -498,7 +499,8 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh static void addDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, - ndpi_default_ports_tree_node_t **root) { + ndpi_default_ports_tree_node_t **root) +{ ndpi_default_ports_tree_node_t *ret; u_int16_t port; @@ -532,7 +534,8 @@ static void addDefaultPort(ndpi_port_range *range, */ static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, - ndpi_default_ports_tree_node_t **root) { + ndpi_default_ports_tree_node_t **root) +{ ndpi_default_ports_tree_node_t node; ndpi_default_ports_tree_node_t *ret; u_int16_t port; @@ -546,1070 +549,1076 @@ static int removeDefaultPort(ndpi_port_range *range, ndpi_free((ndpi_default_ports_tree_node_t*)ret); return(0); } - } - - return(-1); -} - -/* ****************************************************** */ - -static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, - ndpi_automa *automa, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) { - AC_PATTERN_t ac_pattern; - - if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - printf("[NDPI] %s(protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protocol_id); - return(-1); - } - - if(automa->ac_automa == NULL) return(-2); - ac_pattern.astring = value; - ac_pattern.rep.number = protocol_id; - if(value == NULL) - ac_pattern.length = 0; - else - ac_pattern.length = strlen(ac_pattern.astring); - - ac_automata_add(((AC_AUTOMATA_t*)automa->ac_automa), &ac_pattern); - - return(0); -} - -/* ****************************************************** */ - -static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) { -#ifdef DEBUG - printf("[NDPI] Adding [%s][%d]\n", value, protocol_id); -#endif - - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, - value, protocol_id, breed)); -} - -/* ****************************************************** */ - -int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) { - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, - value, protocol_id, breed)); -} - -/* ****************************************************** */ - -/* - NOTE - - This function must be called with a semaphore set, this in order to avoid - changing the datastructures while using them -*/ -static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - char *value, int protocol_id) { - - printf("[NDPI] Missing implementation of %s()\n", __FUNCTION__); - return(-1); -} - -/* ******************************************************************** */ - -void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_match *match) { - u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; - ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - - ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match, - match->protocol_id, match->protocol_breed); - - if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { - ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); - ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->proto_category; - ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; - ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; - } - - ndpi_set_proto_defaults(ndpi_mod, - ndpi_mod->proto_defaults[match->protocol_id].protoBreed, - ndpi_mod->proto_defaults[match->protocol_id].protoId, - no_master, no_master, - ndpi_mod->proto_defaults[match->protocol_id].protoName, - ndpi_mod->proto_defaults[match->protocol_id].protoCategory, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); -} - -/* ******************************************************************** */ - -static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { - int i; - - for(i=0; host_match[i].string_to_match != NULL; i++) - ndpi_init_protocol_match(ndpi_mod, &host_match[i]); - -#ifdef DEBUG - ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); -#endif - - for(i=0; content_match[i].string_to_match != NULL; i++) - ndpi_add_content_subprotocol(ndpi_mod, content_match[i].string_to_match, - content_match[i].protocol_id, - content_match[i].protocol_breed); - - for(i=0; ndpi_en_bigrams[i] != NULL; i++) - ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, - (char*)ndpi_en_bigrams[i], - 1, NDPI_PROTOCOL_UNRATED); - - for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) - ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, - (char*)ndpi_en_impossible_bigrams[i], - 1, NDPI_PROTOCOL_UNRATED); -} - -/* ******************************************************************** */ - -static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_port_range *ports_a, - ndpi_port_range *ports_b, - u_int16_t *no_master, - u_int16_t proto_id) { - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, - no_master, - no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ -} - -/* ******************************************************************** */ - -/* This function is used to map protocol name and default ports and it MUST - be updated whenever a new protocol is added to NDPI. - - Do NOT add web services (NDPI_SERVICE_xxx) here. -*/ -static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { - - int i; - ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, - custom_master[2]; - - /* Reset all settings */ - memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults)); - - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, - no_master, - no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, - no_master, - no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_DATA, - no_master, - no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, - no_master, - no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, - no_master, - no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_SMTP, - no_master, - no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, - ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, - no_master, - no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, - ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, - no_master, - no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, - no_master, - no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, - no_master, - no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, - no_master, - no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, - no_master, - no_master, "HEP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, - no_master, - no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, - no_master, - no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, - no_master, - no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, - no_master, - no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, - no_master, - no_master, "NFS", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, - no_master, - no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, - no_master, - no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, - no_master, - no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, - no_master, - no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, - no_master, - no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, - no_master, - no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, - no_master, - no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, - no_master, - no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, - no_master, - no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, - no_master, - no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, - no_master, - no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, - no_master, - no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, - no_master, - no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, - no_master, - no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, - no_master, - no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, - no_master, - no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, - no_master, - no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, - no_master, - no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, - no_master, - no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_EDONKEY, - no_master, - no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, - no_master, - no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, - no_master, - no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EPP, - no_master, - no_master, "EPP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_AVI, - no_master, - no_master, "AVI", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_FLASH, - no_master, - no_master, "Flash", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_OGG, - no_master, - no_master, "OggVorbis", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_MPEG, - no_master, - no_master, "MPEG", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_QUICKTIME, - no_master, - no_master, "QuickTime", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_REALMEDIA, - no_master, - no_master, "RealMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_WINDOWSMEDIA, - no_master, - no_master, "WindowsMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_MMS, - no_master, - no_master, "MMS", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, - no_master, - no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, - no_master, - no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MOVE, - no_master, - no_master, "Move", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, - no_master, - no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, - no_master, - no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, - no_master, - no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, - no_master, - no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, - no_master, - no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, - no_master, - no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, - no_master, - no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, - no_master, - no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, - no_master, - no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, - no_master, - no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, - no_master, - no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, - no_master, - no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, - no_master, - no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - custom_master[0] = NDPI_PROTOCOL_SSL, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSL_NO_CERT, - custom_master, - no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IRC, - no_master, - no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, - no_master, - no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, - no_master, - no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, - no_master, - no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, - no_master, - no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE, - no_master, - no_master, "Quake", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, - no_master, - no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, - no_master, - no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, - no_master, - no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, - no_master, - no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, - no_master, - no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, - no_master, - no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, - no_master, - custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, - no_master, - no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, - no_master, - no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, - no_master, - no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, - no_master, - no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, - no_master, - no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, - no_master, - no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, - no_master, - no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, - no_master, - no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, - no_master, - no_master, "RTP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, - no_master, - no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, - no_master, - no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, - no_master, - no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE, - no_master, - no_master, "WhatsAppVoice", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL, - no_master, - custom_master, "SSL", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 443, 3001 /* ntop */, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, - no_master, - no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, - no_master, - no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, - no_master, - no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, - no_master, - no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, - no_master, - no_master, "AFP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, - no_master, - no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, - no_master, - no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, - no_master, - no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, - no_master, - no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, - no_master, - no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, - no_master, - no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, - no_master, - no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, - no_master, - no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS, - no_master, - no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA, - no_master, - no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, - no_master, - no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, - no_master, - no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, - no_master, - no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, - no_master, - no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, - no_master, - no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, - no_master, - no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, - no_master, - no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, - no_master, - no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, - no_master, - no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, - no_master, - no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, - no_master, - no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, - no_master, - no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, - no_master, - no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, - no_master, - no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, - no_master, - no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, - no_master, - no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, - no_master, - no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, - no_master, - no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, - no_master, - no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, - no_master, - no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, - no_master, - no_master, "Webex", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, - no_master, - no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, - no_master, - no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, - no_master, - no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, - ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, - no_master, - no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, - no_master, - no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, - no_master, - no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, - no_master, - no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, - no_master, - no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, - no_master, - no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, - no_master, - no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, - no_master, - no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, - no_master, - no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, - no_master, - no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, - no_master, - no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, - no_master, - no_master, "WebM", NDPI_PROTOCOL_CATEGORY_MEDIA, /* Courtesy of Shreeram Ramamoorthy Swaminathan */ - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, - no_master, - no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN, - no_master, - no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, - no_master, - no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN, - no_master, - no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, - no_master, - no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, - no_master, - no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, - no_master, - no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, - no_master, - no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, - no_master, - no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, - no_master, - no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, - no_master, - no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, - no_master, - no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, - no_master, - no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, - no_master, - no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, - no_master, - no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, - no_master, - no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, - no_master, - no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, - no_master, - no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, - no_master, - no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, - no_master, - no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, - no_master, - no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, - no_master, - no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, - no_master, - no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC, - no_master, - no_master, "Lync", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, - no_master, - no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 7985, 7987, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, - no_master, - no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, - no_master, - no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, - no_master, - no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GIT, - no_master, - no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, - ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, - no_master, - no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, - no_master, - no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, + } + + return(-1); +} + +/* ****************************************************** */ + +static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, + ndpi_automa *automa, + char *value, int protocol_id, + ndpi_protocol_breed_t breed) +{ + AC_PATTERN_t ac_pattern; + + if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { + printf("[NDPI] %s(protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protocol_id); + return(-1); + } + + if(automa->ac_automa == NULL) return(-2); + ac_pattern.astring = value; + ac_pattern.rep.number = protocol_id; + if(value == NULL) + ac_pattern.length = 0; + else + ac_pattern.length = strlen(ac_pattern.astring); + + ac_automata_add(((AC_AUTOMATA_t*)automa->ac_automa), &ac_pattern); + + return(0); +} + +/* ****************************************************** */ + +static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *value, int protocol_id, + ndpi_protocol_breed_t breed) +{ +#ifdef DEBUG + printf("[NDPI] Adding [%s][%d]\n", value, protocol_id); +#endif + + return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, + value, protocol_id, breed)); +} + +/* ****************************************************** */ + +int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *value, int protocol_id, + ndpi_protocol_breed_t breed) +{ + return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, + value, protocol_id, breed)); +} + +/* ****************************************************** */ + +/* + NOTE + + This function must be called with a semaphore set, this in order to avoid + changing the datastructures while using them +*/ +static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *value, int protocol_id) +{ + printf("[NDPI] Missing implementation of %s()\n", __FUNCTION__); + return(-1); +} + +/* ******************************************************************** */ + +void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_match *match) +{ + u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; + ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; + + ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match, + match->protocol_id, match->protocol_breed); + + if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { + ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); + ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->proto_category; + ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; + ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; + } + + ndpi_set_proto_defaults(ndpi_mod, + ndpi_mod->proto_defaults[match->protocol_id].protoBreed, + ndpi_mod->proto_defaults[match->protocol_id].protoId, + no_master, no_master, + ndpi_mod->proto_defaults[match->protocol_id].protoName, + ndpi_mod->proto_defaults[match->protocol_id].protoCategory, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, - no_master, - no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, - no_master, - no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, +} + +/* ******************************************************************** */ + +static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) +{ + int i; + + for(i=0; host_match[i].string_to_match != NULL; i++) + ndpi_init_protocol_match(ndpi_mod, &host_match[i]); + +#ifdef DEBUG + ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); +#endif + + for(i=0; content_match[i].string_to_match != NULL; i++) + ndpi_add_content_subprotocol(ndpi_mod, content_match[i].string_to_match, + content_match[i].protocol_id, + content_match[i].protocol_breed); + + for(i=0; ndpi_en_bigrams[i] != NULL; i++) + ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, + (char*)ndpi_en_bigrams[i], + 1, NDPI_PROTOCOL_UNRATED); + + for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) + ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, + (char*)ndpi_en_impossible_bigrams[i], + 1, NDPI_PROTOCOL_UNRATED); +} + +/* ******************************************************************** */ + +static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *ports_a, + ndpi_port_range *ports_b, + u_int16_t *no_master, + u_int16_t proto_id) +{ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, no_master, - no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ +} + +/* ******************************************************************** */ + +/* This function is used to map protocol name and default ports and it MUST + be updated whenever a new protocol is added to NDPI. + + Do NOT add web services (NDPI_SERVICE_xxx) here. +*/ +static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { + + int i; + ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; + u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, + custom_master[2]; - /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); - - /* calling function for host and content matched protocols */ - init_string_based_protocols(ndpi_mod); - - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(ndpi_mod->proto_defaults[i].protoName == NULL) { - printf("[NDPI] %s(missing protoId=%d) INTERNAL ERROR: not all protocols have been initialized\n", __FUNCTION__, i); + /* Reset all settings */ + memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults)); + + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, + no_master, + no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, + no_master, + no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_DATA, + no_master, + no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, + no_master, + no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, + no_master, + no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_SMTP, + no_master, + no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, + no_master, + no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, + no_master, + no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, + no_master, + no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, + no_master, + no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, + no_master, + no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, + no_master, + no_master, "HEP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, + no_master, + no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, + no_master, + no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, + no_master, + no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, + no_master, + no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, + no_master, + no_master, "NFS", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, + no_master, + no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, + no_master, + no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, + no_master, + no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, + no_master, + no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, + no_master, + no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, + no_master, + no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, + no_master, + no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, + no_master, + no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, + no_master, + no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, + no_master, + no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, + no_master, + no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, + no_master, + no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, + no_master, + no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, + no_master, + no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, + no_master, + no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, + no_master, + no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, + no_master, + no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, + no_master, + no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, + no_master, + no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_EDONKEY, + no_master, + no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, + no_master, + no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, + no_master, + no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EPP, + no_master, + no_master, "EPP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_AVI, + no_master, + no_master, "AVI", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_FLASH, + no_master, + no_master, "Flash", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_OGG, + no_master, + no_master, "OggVorbis", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_MPEG, + no_master, + no_master, "MPEG", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_QUICKTIME, + no_master, + no_master, "QuickTime", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_REALMEDIA, + no_master, + no_master, "RealMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_WINDOWSMEDIA, + no_master, + no_master, "WindowsMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_MMS, + no_master, + no_master, "MMS", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, + no_master, + no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, + no_master, + no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MOVE, + no_master, + no_master, "Move", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, + no_master, + no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, + no_master, + no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, + no_master, + no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, + no_master, + no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, + no_master, + no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, + no_master, + no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, + no_master, + no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, + no_master, + no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, + no_master, + no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, + no_master, + no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, + no_master, + no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, + no_master, + no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, + no_master, + no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + custom_master[0] = NDPI_PROTOCOL_SSL, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSL_NO_CERT, + custom_master, + no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IRC, + no_master, + no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, + no_master, + no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, + no_master, + no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, + no_master, + no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, + no_master, + no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE, + no_master, + no_master, "Quake", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, + no_master, + no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, + no_master, + no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, + no_master, + no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, + no_master, + no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, + no_master, + no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, + no_master, + no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, + no_master, + custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, + no_master, + no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, + no_master, + no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, + no_master, + no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, + no_master, + no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, + no_master, + no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, + no_master, + no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, + no_master, + no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, + no_master, + no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, + no_master, + no_master, "RTP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, + no_master, + no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, + no_master, + no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, + no_master, + no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE, + no_master, + no_master, "WhatsAppVoice", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL, + no_master, + custom_master, "SSL", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 443, 3001 /* ntop */, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, + no_master, + no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, + no_master, + no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, + no_master, + no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, + no_master, + no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, + no_master, + no_master, "AFP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, + no_master, + no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, + no_master, + no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, + no_master, + no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, + no_master, + no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, + no_master, + no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, + no_master, + no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, + no_master, + no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, + no_master, + no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS, + no_master, + no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA, + no_master, + no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, + no_master, + no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, + no_master, + no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, + no_master, + no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, + no_master, + no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, + no_master, + no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, + no_master, + no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, + no_master, + no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, + no_master, + no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, + no_master, + no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, + no_master, + no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, + no_master, + no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, + no_master, + no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, + no_master, + no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, + no_master, + no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, + no_master, + no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, + no_master, + no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, + no_master, + no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, + no_master, + no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, + no_master, + no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, + no_master, + no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, + no_master, + no_master, "Webex", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, + no_master, + no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, + no_master, + no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, + no_master, + no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, + no_master, + no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, + no_master, + no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, + no_master, + no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, + no_master, + no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, + no_master, + no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, + no_master, + no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, + no_master, + no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, + no_master, + no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, + no_master, + no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, + no_master, + no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, + no_master, + no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, + no_master, + no_master, "WebM", NDPI_PROTOCOL_CATEGORY_MEDIA, /* Courtesy of Shreeram Ramamoorthy Swaminathan */ + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, + no_master, + no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN, + no_master, + no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, + no_master, + no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN, + no_master, + no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, + no_master, + no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, + no_master, + no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, + no_master, + no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, + no_master, + no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, + no_master, + no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, + no_master, + no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, + no_master, + no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, + no_master, + no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, + no_master, + no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, + no_master, + no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, + no_master, + no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, + no_master, + no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, + no_master, + no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, + no_master, + no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, + no_master, + no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, + no_master, + no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, + no_master, + no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, + no_master, + no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, + no_master, + no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC, + no_master, + no_master, "Lync", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, + no_master, + no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 7985, 7987, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, + no_master, + no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, + no_master, + no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, + no_master, + no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GIT, + no_master, + no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, + no_master, + no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, + no_master, + no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, + no_master, + no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, + no_master, + no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, + no_master, + no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + + /* To be removed as soon as we define new protocols */ + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); + + /* calling function for host and content matched protocols */ + init_string_based_protocols(ndpi_mod); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { + if(ndpi_mod->proto_defaults[i].protoName == NULL) { + printf("[NDPI] %s(missing protoId=%d) INTERNAL ERROR: not all protocols have been initialized\n", __FUNCTION__, i); + } } - } } /* ****************************************************** */ @@ -2123,20 +2132,20 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(is_tcp || is_udp) { if(sscanf(value, "%u-%u", (u_int32_t *)&range.port_low, (u_int32_t *)&range.port_high) != 2) - range.port_low = range.port_high = atoi(&elem[4]); + range.port_low = range.port_high = atoi(&elem[4]); if(do_add) - addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); else - removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { #ifdef NDPI_PROTOCOL_TOR ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); #endif } else { if(do_add) - ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE); + ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE); else - ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); + ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); } } @@ -3245,18 +3254,17 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; } - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) - && (flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)) { + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_payload; a++) { - if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) + if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) && (ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, ndpi_struct->callback_buffer_tcp_payload[a].excluded_protocol_bitmask) == 0 && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_payload[a].func(ndpi_struct, flow); - - + + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } @@ -3309,128 +3317,6 @@ void check_ndpi_flow_func(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - struct ndpi_tcphdr *tcp, - struct ndpi_udphdr *udp, - u_int8_t src_to_dst_direction, - u_int8_t l4_proto, - struct ndpi_id_struct *src, - u_int16_t sport, - struct ndpi_id_struct *dst, - u_int16_t dport, - const u_int64_t current_tick_l, - u_int8_t *payload, u_int16_t payload_len) { - NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet; - u_int32_t a; - ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; - - if(flow == NULL) - return(ret); - - if(payload_len == 0) return(ret); - - flow->packet.tcp = tcp, flow->packet.udp = udp; - flow->packet.payload = payload, flow->packet.payload_packet_len = payload_len; - - flow->packet.tick_timestamp_l = current_tick_l; - flow->packet.tick_timestamp = (u_int32_t)current_tick_l/1000; - - if(flow) { - ndpi_apply_flow_protocol_to_packet(flow, &flow->packet); - } else { - ndpi_int_reset_packet_protocol(&flow->packet); - } - - if(flow->server_id == NULL) flow->server_id = dst; /* Default */ - if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) - goto ret_protocols; - - if(src_to_dst_direction) - flow->src = src, flow->dst = dst; - else - flow->src = dst, flow->dst = src; - - ndpi_selection_packet = NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC; - if((flow->packet.iph = iph) != NULL) - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; -#ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if((flow->packet.iphv6 = iph6) != NULL) - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; -#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ - - ndpi_connection_tracking(ndpi_struct, flow); - - if(flow->packet.tcp != NULL) - ndpi_selection_packet |= - (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - - if(flow->packet.udp != NULL) - ndpi_selection_packet |= - (NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - - if(flow->packet.payload_packet_len != 0) { - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD; - } - - if(flow->packet.tcp_retransmission == 0) - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION; - - flow->packet.l4_protocol = l4_proto, flow->packet.packet_direction = src_to_dst_direction; - - if((!flow->protocol_id_already_guessed) - && ( -#ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6 || -#endif - flow->packet.iph)) { - u_int8_t user_defined_proto; - - flow->protocol_id_already_guessed = 1, - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport, &user_defined_proto); - - if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id; - return(ret); - } - - if(flow->packet.iph) { - if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) - flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); - } - } - - check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); - - a = flow->packet.detected_protocol_stack[0]; - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, a) == 0) - a = NDPI_PROTOCOL_UNKNOWN; - - if(a != NDPI_PROTOCOL_UNKNOWN) { - int i; - - for(i=0; (ihost_server_name)) && (flow->host_server_name[i] != '\0'); i++) - flow->host_server_name[i] = tolower(flow->host_server_name[i]); - - flow->host_server_name[i] ='\0'; - } - - ret_protocols: - if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { - ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; - - if(ret.protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - } else - ret.protocol = flow->detected_protocol_stack[0]; - - return(ret); -} - -/* ********************************************************************************* */ - ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; @@ -3477,7 +3363,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); - ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; + ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; return(ret); } @@ -3575,28 +3461,32 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else if(flow->packet.tcp) sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest); else sport = dport = 0; - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - - if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id; - return(ret); + /* guess protocol */ + flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); + + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + + if(flow->packet.iph) { + /* guess host protocol */ + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ + ret = ndpi_detection_giveup(ndpi_struct, flow); + + return(ret); + } } else { - /* - TODO - The statement below at some point should be modified as we should not - guess the protocol id unless users requested us to do that. Probably - we need to modify the nDPI API as since we introduced ndpi_detection_giveup() - we need to make some changes to have a consistent behaviour - */ - // flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; - } - - if(flow->packet.iph) { - if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) - flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + /* guess host protocol */ + if(flow->packet.iph) { + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + } } } - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -3614,12 +3504,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret_protocols: if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { - ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; + ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; - if(ret.protocol == ret.master_protocol) + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; } else - ret.protocol = flow->detected_protocol_stack[0]; + ret.app_protocol = flow->detected_protocol_stack[0]; return(ret); } @@ -4161,28 +4051,6 @@ void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_s packet->detected_protocol_stack[0] = upper_detected_protocol, packet->detected_protocol_stack[1] = lower_detected_protocol; } -/* /\* */ -/* * this function checks whether a protocol can be found in the */ -/* * history. Actually it accesses the packet stack since this is what */ -/* * leaves the library but it could also use the flow stack. */ -/* *\/ */ -/* u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct * ndpi_struct, */ -/* struct ndpi_flow_struct *flow, */ -/* u_int16_t protocol_id) { */ -/* u_int8_t a; */ -/* struct ndpi_packet_struct *packet = &flow->packet; */ - -/* if(!packet) */ -/* return 0; */ - -/* for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) { */ -/* if(packet->detected_protocol_stack[a] == protocol_id) */ -/* return 1; */ -/* } */ - -/* return 0; */ -/* } */ - /* generic function for changing the protocol * * what it does is: @@ -4206,6 +4074,24 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, upper_detected_protocol, lower_detected_protocol); } +/* change protocol only if guessing is active */ +/* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ +/* struct ndpi_flow_struct *flow) */ +/* { */ +/* if(flow->guessed_host_protocol_id != 0 && */ +/* flow->guessed_protocol_id != 0) { */ +/* /\* app proto for flow *\/ */ +/* flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ +/* /\* master proto for flow *\/ */ +/* flow->detected_protocol_stack[1] = flow->guessed_protocol_id; */ + +/* /\* app proto for packet *\/ */ +/* flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ +/* /\* master proto for packet *\/ */ +/* flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */ + +/* } */ +/* } */ /* turns a packet back to unknown */ void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { @@ -4395,29 +4281,29 @@ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct /* u_int8_t proto, */ u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport) { - ndpi_protocol p = NDPI_PROTOCOL_NULL; + ndpi_protocol proto = NDPI_PROTOCOL_NULL; /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4708) || (dport == 4708)) p.protocol = NDPI_PROTOCOL_SKYFILE_PREPAID; - else if((sport == 4709) || (dport == 4709)) p.protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; - else if((sport == 4710) || (dport == 4710)) p.protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; + if((sport == 4708) || (dport == 4708)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_PREPAID; + else if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; + else if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; } - return(p); + return(proto); } /* ****************************************************** */ -u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto) { - return(((p.protocol == proto) || (p.master_protocol == proto)) ? 1 : 0); +u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p) { + return(((proto.app_protocol == p) || (proto.master_protocol == p)) ? 1 : 0); } /* ****************************************************** */ -u_int16_t ndpi_get_lower_proto(ndpi_protocol p) { - return((p.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? p.master_protocol : p.protocol); +u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { + return((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.master_protocol : proto.app_protocol); } /* ****************************************************** */ @@ -4436,10 +4322,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.protocol = rc, + ret.app_protocol = rc, ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); - - if(ret.protocol == ret.master_protocol) + + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; return(ret); @@ -4447,7 +4333,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.protocol = rc; + ret.app_protocol = rc; if(rc == NDPI_PROTOCOL_SSL) goto check_guessed_skype; @@ -4456,20 +4342,20 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct } ret = ndpi_find_port_based_protocol(ndpi_struct/* , proto */, shost, sport, dhost, dport); - if(ret.protocol != NDPI_PROTOCOL_UNKNOWN) + if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) return(ret); check_guessed_skype: addr.s_addr = htonl(shost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) { - ret.protocol = NDPI_PROTOCOL_SKYPE; + ret.app_protocol = NDPI_PROTOCOL_SKYPE; } else { addr.s_addr = htonl(dhost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) - ret.protocol = NDPI_PROTOCOL_SKYPE; + ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); return(ret); } @@ -4479,13 +4365,13 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) - && (proto.master_protocol != proto.protocol)) { + && (proto.master_protocol != proto.app_protocol)) { snprintf(buf, buf_len, "%s.%s", ndpi_get_proto_name(ndpi_mod, proto.master_protocol), - ndpi_get_proto_name(ndpi_mod, proto.protocol)); + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); } else snprintf(buf, buf_len, "%s", - ndpi_get_proto_name(ndpi_mod, proto.protocol)); + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); return(buf); } @@ -4568,8 +4454,8 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st ndpi_protocol proto) { /* simple rule: sub protocol first, master after */ if ((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || - (ndpi_mod->proto_defaults[proto.protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) - return ndpi_mod->proto_defaults[proto.protocol].protoCategory; + (ndpi_mod->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) + return ndpi_mod->proto_defaults[proto.app_protocol].protoCategory; else return ndpi_mod->proto_defaults[proto.master_protocol].protoCategory; } diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 7236da777..1a4c260c0 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -21,32 +21,6 @@ #ifdef NDPI_PROTOCOL_SKYPE -static u_int8_t is_skype_host(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host) { - struct in_addr pin; - - pin.s_addr = host; - - return((ndpi_network_ptree_match(ndpi_struct, &pin) == NDPI_PROTOCOL_SKYPE) ? 1 : 0); -} - -u_int8_t is_skype_flow(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - - if(packet->iph) { - /* - Skype connections are identified by some SSL-like communications - without SSL certificate being exchanged - */ - if(is_skype_host(ndpi_struct, packet->iph->saddr) - || is_skype_host(ndpi_struct, packet->iph->daddr)) { - return(1); - } - } - - return(0); -} - static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -57,12 +31,6 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s if(flow->host_server_name[0] != '\0') return; - - if(is_skype_flow(ndpi_struct, flow)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); - return; - } - // UDP check if(packet->udp != NULL) { flow->l4.udp.skype_packet_id++; diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index ca42adbbe..8915b0e99 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -70,11 +70,6 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st } break; } - - if((protocol == NDPI_PROTOCOL_SSL_NO_CERT) - && is_skype_flow(ndpi_struct, flow)) { - protocol = NDPI_PROTOCOL_SKYPE; - } } return protocol; diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 832e11264..4eea2595d 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -11,10 +11,9 @@ SSL 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 Google 3 176 1 -HTTP_Proxy 33 11721 1 LLMNR 89 6799 47 Lync 2 132 1 -1kxun 934 523997 27 +1kxun 967 535718 28 1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] @@ -60,7 +59,7 @@ Lync 2 132 1 42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] 43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] - 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 131/HTTP_Proxy][33 pkts/11721 bytes] + 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080] 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] 47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 85ec9a008..97b69377c 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,11 +1,11 @@ HTTP 5 280 1 QQ 15 1727 1 -SSL_No_Cert 29 4024 1 +SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 Facebook 5 377 3 Google 4 359 4 -HTTP_Proxy 61 11946 3 +HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 @@ -18,7 +18,7 @@ KakaoTalk_Voice 44 6196 2 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 131/HTTP_Proxy][45 pkts/10108 bytes] + 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index f1c89cf0c..1f9e194a9 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -1,3 +1,3 @@ -SSL 71 9386 1 +Oscar 71 9386 1 - 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/SSL][71 pkts/9386 bytes] + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][71 pkts/9386 bytes] diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 561f3b468..81d959dc1 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -1,6 +1,5 @@ -SSL 95 15380 1 -OpenVPN 203 41731 2 +OpenVPN 298 57111 3 1 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][83 pkts/13559 bytes] 2 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][120 pkts/28172 bytes] - 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 91/SSL][95 pkts/15380 bytes] + 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][95 pkts/15380 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 29ee2021f..59752f6a8 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,13 +1,13 @@ -Unknown 404 52712 16 -DNS 8 807 4 +Unknown 349 43621 14 +DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1904 292070 241 +Skype 1973 302309 247 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -80,7 +80,7 @@ MS_OneDrive 387 198090 1 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] - 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] @@ -94,10 +94,10 @@ MS_OneDrive 387 198090 1 79 UDP 192.168.1.34:13021 <-> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] 80 UDP 192.168.1.1:53 <-> 192.168.1.34:58681 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] - 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5/DNS][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] + 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] @@ -144,152 +144,154 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] + 155 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 159 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] + 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 170 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 175 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 195 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 197 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] + 198 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 199 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 211 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] + 212 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] + 213 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] + 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 238 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 239 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 241 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] + 242 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 243 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 247 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 248 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 249 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] + 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 251 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] + 252 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] + 253 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] + 254 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] + 255 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 256 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 260 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 264 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 265 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 266 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 267 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] + 268 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 269 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 279 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -301,11 +303,9 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 12 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 13 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] + 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index d8b67aab0..6864f2b0c 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,5 +1,5 @@ Unknown 236 70600 14 -DNS 6 627 3 +DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 SSDP 40 14100 3 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1237 180967 219 +Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -85,7 +85,7 @@ MS_OneDrive 348 181687 1 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes] @@ -152,7 +152,7 @@ MS_OneDrive 348 181687 1 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] + 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] @@ -210,7 +210,7 @@ MS_OneDrive 348 181687 1 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 201 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] 202 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] -- cgit v1.2.3 From 3add72c6865e3099de9a78fed1823966a67675d8 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 15 Mar 2017 18:42:44 +0100 Subject: deleted useless function - change macro name --- src/include/ndpi_api.h | 16 +---- src/include/ndpi_protocol_ids.h | 126 ++++++++++++++++++++-------------------- src/include/ndpi_typedefs.h | 6 +- src/lib/ndpi_main.c | 4 +- 4 files changed, 69 insertions(+), 83 deletions(-) diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 79de7017e..ca295b4e1 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1,7 +1,7 @@ /* * ndpi_api.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -255,20 +255,6 @@ extern "C" { u_int8_t *l4_protocol_return, u_int32_t flags); -#if 0 - /** - * returns true if the protocol history of the flow of the last packet given to the detection - * contains the given protocol. - * - * @param ndpi_struct the detection module - * @return 1 if protocol has been found, 0 otherwise - * - */ - u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int16_t protocol_id); -#endif - /** * Search and return the protocol based on matched ports * diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2e453689b..7eada61e2 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -30,17 +30,17 @@ #define __NDPI_PROTOCOLS_DEFAULT_H__ #define NDPI_DETECTION_SUPPORT_IPV6 -#define NDPI_PROTOCOL_HISTORY_SIZE 2 +#define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN +#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 +#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MAIL_POP 2 +#define NDPI_PROTOCOL_MAIL_SMTP 3 +#define NDPI_PROTOCOL_MAIL_IMAP 4 #define NDPI_PROTOCOL_DNS 5 #define NDPI_PROTOCOL_IPP 6 #define NDPI_PROTOCOL_HTTP 7 @@ -58,61 +58,61 @@ #define NDPI_PROTOCOL_POSTGRES 19 #define NDPI_PROTOCOL_MYSQL 20 #define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_SOCRATES 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FILETOPIA 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_EPP 38 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_MOVE 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 +#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 +#define NDPI_PROTOCOL_MAIL_POPS 23 +#define NDPI_PROTOCOL_APPLEJUICE 24 +#define NDPI_PROTOCOL_DIRECTCONNECT 25 +#define NDPI_PROTOCOL_SOCRATES 26 +#define NDPI_PROTOCOL_COAP 27 +#define NDPI_PROTOCOL_VMWARE 28 +#define NDPI_PROTOCOL_MAIL_SMTPS 29 +#define NDPI_PROTOCOL_FILETOPIA 30 +#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ +#define NDPI_PROTOCOL_KONTIKI 32 +#define NDPI_PROTOCOL_OPENFT 33 +#define NDPI_PROTOCOL_FASTTRACK 34 +#define NDPI_PROTOCOL_GNUTELLA 35 +#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_BITTORRENT 37 +#define NDPI_PROTOCOL_EPP 38 +#define NDPI_CONTENT_AVI 39 +#define NDPI_CONTENT_FLASH 40 +#define NDPI_CONTENT_OGG 41 +#define NDPI_CONTENT_MPEG 42 +#define NDPI_CONTENT_QUICKTIME 43 +#define NDPI_CONTENT_REALMEDIA 44 +#define NDPI_CONTENT_WINDOWSMEDIA 45 +#define NDPI_CONTENT_MMS 46 +#define NDPI_PROTOCOL_XBOX 47 +#define NDPI_PROTOCOL_QQ 48 +#define NDPI_PROTOCOL_MOVE 49 +#define NDPI_PROTOCOL_RTSP 50 +#define NDPI_PROTOCOL_MAIL_IMAPS 51 #define NDPI_PROTOCOL_ICECAST 52 #define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_PPSTREAM 54 #define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 +#define NDPI_PROTOCOL_SHOUTCAST 56 #define NDPI_PROTOCOL_SOPCAST 57 #define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 +#define NDPI_PROTOCOL_TVUPLAYER 59 +#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 #define NDPI_PROTOCOL_QQLIVE 61 #define NDPI_PROTOCOL_THUNDER 62 #define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype Ultrasurf?) - ntop.org */ -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 +#define NDPI_PROTOCOL_SSL_NO_CERT 64 +#define NDPI_PROTOCOL_IRC 65 +#define NDPI_PROTOCOL_AYIYA 66 +#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 #define NDPI_PROTOCOL_MSN 68 #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 +#define NDPI_PROTOCOL_BATTLEFIELD 71 #define NDPI_PROTOCOL_QUAKE 72 #define NDPI_PROTOCOL_IP_VRRP 73 #define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 +#define NDPI_PROTOCOL_HALFLIFE2 75 +#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 #define NDPI_PROTOCOL_TELNET 77 #define NDPI_PROTOCOL_STUN 78 #define NDPI_PROTOCOL_IP_IPSEC 79 @@ -122,11 +122,11 @@ #define NDPI_PROTOCOL_IP_EGP 83 #define NDPI_PROTOCOL_IP_SCTP 84 #define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 +#define NDPI_PROTOCOL_IP_IP_IN_IP 86 #define NDPI_PROTOCOL_RTP 87 #define NDPI_PROTOCOL_RDP 88 #define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 +#define NDPI_PROTOCOL_PCANYWHERE 90 #define NDPI_PROTOCOL_SSL 91 #define NDPI_PROTOCOL_SSH 92 #define NDPI_PROTOCOL_USENET 93 @@ -134,40 +134,40 @@ #define NDPI_PROTOCOL_IAX 95 #define NDPI_PROTOCOL_TFTP 96 #define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 +#define NDPI_PROTOCOL_STEALTHNET 98 #define NDPI_PROTOCOL_AIMINI 99 #define NDPI_PROTOCOL_SIP 100 #define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_IP_ICMPV6 102 #define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 +#define NDPI_PROTOCOL_ARMAGETRON 104 +#define NDPI_PROTOCOL_CROSSFIRE 105 #define NDPI_PROTOCOL_DOFUS 106 #define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 +#define NDPI_PROTOCOL_FLORENSIA 108 +#define NDPI_PROTOCOL_GUILDWARS 109 #define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 #define NDPI_PROTOCOL_KERBEROS 111 #define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 +#define NDPI_PROTOCOL_MAPLESTORY 113 +#define NDPI_PROTOCOL_MSSQL_TDS 114 #define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 +#define NDPI_PROTOCOL_WARCRAFT3 116 +#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 #define NDPI_PROTOCOL_SLACK 118 #define NDPI_PROTOCOL_FACEBOOK 119 #define NDPI_PROTOCOL_TWITTER 120 #define NDPI_PROTOCOL_DROPBOX 121 #define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 #define NDPI_PROTOCOL_YOUTUBE 124 #define NDPI_PROTOCOL_SKYPE 125 #define NDPI_PROTOCOL_GOOGLE 126 #define NDPI_PROTOCOL_DCERPC 127 #define NDPI_PROTOCOL_NETFLOW 128 #define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 #define NDPI_PROTOCOL_CITRIX 132 #define NDPI_PROTOCOL_NETFLIX 133 #define NDPI_PROTOCOL_LASTFM 134 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 96cea5353..490098086 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -654,8 +654,8 @@ struct ndpi_packet_struct { u_int32_t tick_timestamp; u_int64_t tick_timestamp_l; - u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE]; - u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_HISTORY_SIZE]; + u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; + u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 @@ -888,7 +888,7 @@ struct ndpi_detection_module_struct { }; struct ndpi_flow_struct { - u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE]; + u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 __attribute__ ((__packed__)) #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f7346594e..31d2ab435 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4097,7 +4097,7 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { int a; - for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) + for(a = 0; a < NDPI_PROTOCOL_SIZE; a++) packet->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN; } @@ -4105,7 +4105,7 @@ void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow) { if(flow) { int a; - for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) { + for(a = 0; a < NDPI_PROTOCOL_SIZE; a++) { flow->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN; } } -- cgit v1.2.3 From eeb6f9334a89eb6a5755684edb423ba94b66550b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 15 Mar 2017 20:21:18 +0100 Subject: Warning fix --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 31d2ab435..5c8589c3f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3254,7 +3254,7 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; } - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_payload; a++) { if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) && (ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask -- cgit v1.2.3 From dc1f005823b4a2fc820656640fa68825dd58fc74 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 15 Mar 2017 20:25:08 +0100 Subject: Tests update --- tests/result/skype.pcap.out | 314 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 2 +- 2 files changed, 158 insertions(+), 158 deletions(-) diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 59752f6a8..3cc919310 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,13 +1,13 @@ -Unknown 349 43621 14 +Unknown 404 52712 16 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 +SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1973 302309 247 +Skype 1910 292610 244 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,154 +144,152 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] - 155 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 159 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 170 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 174 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 175 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 195 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 196 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 197 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 198 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 199 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 211 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 212 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 213 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 238 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 239 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 241 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 242 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 243 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 247 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 248 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 249 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 251 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 252 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 253 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 254 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 255 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 256 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 259 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 260 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 264 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 265 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 266 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 267 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 268 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 269 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 279 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 134 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 135 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 136 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 140 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 173 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] + 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 197 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 201 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 207 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 209 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] + 210 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] + 211 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] + 212 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 221 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 223 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 225 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 226 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 239 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] + 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 247 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] + 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 249 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] + 250 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] + 251 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] + 252 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] + 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 259 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 261 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 262 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 264 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 265 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] + 266 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 272 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -303,9 +301,11 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 12 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 13 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 12 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] + 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 15 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] + 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 6864f2b0c..a1e14bdea 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -261,7 +261,7 @@ MS_OneDrive 348 181687 1 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] + 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] -- cgit v1.2.3 From 149818671d0cfcf09e37588aee963adc056f4250 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 16 Mar 2017 10:31:36 +0100 Subject: minor fix for http --- src/lib/protocols/http.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 33b15c689..1bef7f8f5 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -203,7 +203,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); } else if(iqiyi_counter > 0) { - NDPI_LOG(NDPI_SERVICE_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); + NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); } #endif @@ -378,13 +378,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(flow->detected_protocol_stack[0] != flow->guessed_host_protocol_id) flow->guessed_host_protocol_id = flow->detected_protocol_stack[0]; } - - /* if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ - /* && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) */ - /* ndpi_match_host_subprotocol(ndpi_struct, flow, */ - /* (char *)flow->host_server_name, */ - /* strlen((const char *)flow->host_server_name), */ - /* NDPI_PROTOCOL_HTTP); */ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) @@ -545,9 +538,6 @@ void _org_ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t filename_start; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "search http\n"); @@ -902,13 +892,14 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { + /** nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. */ - + if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); @@ -933,7 +924,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /** At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, - otherwise check the second packet for the http request . */ + otherwise check the second packet for the http request + */ if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { if(flow->http_detected) -- cgit v1.2.3 From 4300208642e0ccd4d945a25e738b65d019b2cc30 Mon Sep 17 00:00:00 2001 From: Vito Piserchia Date: Thu, 16 Mar 2017 17:32:38 +0100 Subject: Added ndpi_flow_ free/malloc and set_ functions: Ideally these two new functions will provide more flexibility in regards of application that want to use specific allocation approaches, for example storage queues for this structures from where the application can pop and release the data it needs. Semantically they can be set up as the other ndpi_malloc and ndpi_free functions, that is via the set_ndpi_flow_malloc and set_ndpi_flow_free. In case a NULL parameter is passed to the above functions the old approach will be used, that means that the ndpi_malloc will be used as the ndpi_flow_malloc function and ndpi_free_flow as the ndpi_flow_free one. Application that use the old functions will be not affected by this change, and the ndpi_free_flow can be deprecated in the future and made private. --- example/ndpi_util.c | 8 +++----- src/include/ndpi_api.h | 8 +++++++- src/lib/ndpi_main.c | 13 +++++++++++-- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe104b3e..1bb094a1e 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -62,16 +62,13 @@ #define GTP_U_V1_PORT 2152 #define TZSP_PORT 37008 -#define SIZEOF_ID_STRUCT (sizeof(struct ndpi_id_struct)) -#define SIZEOF_FLOW_STRUCT (sizeof(struct ndpi_flow_struct)) - #include "ndpi_main.h" #include "ndpi_util.h" /* ***************************************************** */ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { - if(flow->ndpi_flow) { ndpi_free_flow(flow->ndpi_flow); flow->ndpi_flow = NULL; } + if(flow->ndpi_flow) { ndpi_flow_free(flow->ndpi_flow); flow->ndpi_flow = NULL; } if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } } @@ -106,6 +103,7 @@ static void free_wrapper(void *freeable) { struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle) { set_ndpi_malloc(malloc_wrapper), set_ndpi_free(free_wrapper); + set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); /* TODO: just needed here to init ndpi malloc wrapper */ struct ndpi_detection_module_struct * module = ndpi_init_detection_module(); @@ -356,7 +354,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow patchIPv6Address(newflow->lower_name), patchIPv6Address(newflow->upper_name); } - if((newflow->ndpi_flow = ndpi_malloc(SIZEOF_FLOW_STRUCT)) == NULL) { + if((newflow->ndpi_flow = ndpi_flow_malloc(SIZEOF_FLOW_STRUCT)) == NULL) { NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, "[NDPI] %s(2): not enough memory\n", __FUNCTION__); free(newflow); return(NULL); diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ca295b4e1..bcc5fe51f 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -31,6 +31,9 @@ extern "C" { #endif +#define SIZEOF_ID_STRUCT (sizeof(struct ndpi_id_struct)) +#define SIZEOF_FLOW_STRUCT (sizeof(struct ndpi_flow_struct)) + #define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 ) #define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 ) @@ -79,8 +82,9 @@ extern "C" { void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size); char * ndpi_strdup(const char *s); void ndpi_free(void *ptr); + void * ndpi_flow_malloc(size_t size); + void ndpi_flow_free(void *ptr); - /** * Search the first occurrence of substring -find- in -s- * The search is limited to the first -slen- characters of the string @@ -591,6 +595,8 @@ extern "C" { /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); void set_ndpi_free(void (*__ndpi_free)(void *ptr)); + void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)); + void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)); void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf); #ifdef __cplusplus diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5c8589c3f..5e65dbe5f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -213,6 +213,9 @@ u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, /* ****************************************** */ +static void *(*_ndpi_flow_malloc)(size_t size); +static void (*_ndpi_flow_free)(void *ptr); + static void *(*_ndpi_malloc)(size_t size); static void (*_ndpi_free)(void *ptr); @@ -310,6 +313,7 @@ static int removeDefaultPort(ndpi_port_range *range, /* ****************************************** */ void * ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } +void * ndpi_flow_malloc(size_t size) { return(_ndpi_flow_malloc ? _ndpi_flow_malloc(size) : ndpi_malloc(size)); } /* ****************************************** */ @@ -327,6 +331,7 @@ void * ndpi_calloc(unsigned long count, size_t size) /* ****************************************** */ void ndpi_free(void *ptr) { if(_ndpi_free) _ndpi_free(ptr); else free(ptr); } +void ndpi_flow_free(void *ptr) { if(_ndpi_flow_free) _ndpi_flow_free(ptr); else ndpi_free_flow((struct ndpi_flow_struct *) ptr); } /* ****************************************** */ @@ -1757,8 +1762,10 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp #endif void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)) { _ndpi_malloc = __ndpi_malloc; } +void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow_malloc = __ndpi_flow_malloc; } void set_ndpi_free(void (*__ndpi_free)(void *ptr)) { _ndpi_free = __ndpi_free; } +void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)) { _ndpi_flow_free = __ndpi_flow_free; } void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level, const char * format, ...) { @@ -4680,8 +4687,10 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_free_flow(struct ndpi_flow_struct *flow) { if(flow) { - if(flow->http.url) ndpi_free(flow->http.url); - if(flow->http.content_type) ndpi_free(flow->http.content_type); + if(flow->http.url) + ndpi_free(flow->http.url); + if(flow->http.content_type) + ndpi_free(flow->http.content_type); ndpi_free(flow); } } -- cgit v1.2.3 From 689d3e760295f4352c0c850ff86870ebe27a71a0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Mar 2017 22:38:13 +0100 Subject: Improved netbios dissection --- src/lib/protocols/netbios.c | 152 ++++++++++++++++++++++++-------------------- 1 file changed, 84 insertions(+), 68 deletions(-) diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index ca649782b..55ba8f5e4 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -2,7 +2,7 @@ * netbios.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -27,6 +27,10 @@ #ifdef NDPI_PROTOCOL_NETBIOS +struct netbios_header { + u_int16_t transaction_id, flags, questions, answer_rrs, authority_rrs, additional_rrs; +}; + /* The function below has been inherited by tcpdump */ static int netbios_name_interpret(char *in, char *out, u_int out_len) { int ret = 0, len; @@ -63,6 +67,7 @@ static int netbios_name_interpret(char *in, char *out, u_int out_len) { static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETBIOS, NDPI_PROTOCOL_UNKNOWN); } @@ -70,28 +75,30 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - u_int16_t dport; - - if (packet->udp != NULL) { + char name[64]; + + if(packet->udp != NULL) { dport = ntohs(packet->udp->dest); NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios udp start\n"); /*check standard NETBIOS over udp to port 137 */ - if ((dport == 137 || 0) && packet->payload_packet_len >= 50) { - + if((dport == 137 || 0) && packet->payload_packet_len >= 50) { + struct netbios_header h; + + memcpy(&h, packet->payload, sizeof(struct netbios_header)); + h.transaction_id = ntohs(h.transaction_id), h.flags = ntohs(h.flags), + h.questions = ntohs(h.questions), h.answer_rrs = ntohs(h.answer_rrs), + h.authority_rrs = ntohs(h.authority_rrs), h.additional_rrs = ntohs(h.additional_rrs); + NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios port 137 and payload_packet_len 50\n"); - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); @@ -99,10 +106,24 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (packet->payload[2] == 0x80 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 1) { + if(((h.flags & 0x8710) == 0x10) && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0) { + + NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, + NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); + + if(netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) + snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); + + ndpi_int_netbios_add_connection(ndpi_struct, flow); + return; + } + if(packet->payload[2] == 0x80 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 1) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers, authority, additional = 0 \n"); @@ -110,10 +131,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x4000 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 1) { + if(h.flags == 0x4000 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 1) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); @@ -121,10 +142,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x8400 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) == 1 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0x8400 && + h.questions == 0 && + h.answer_rrs == 1 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -133,10 +154,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x8500 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) == 1 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0x8500 && + h.questions == 0 && + h.answer_rrs == 1 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -145,10 +166,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x2910 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 1) { + if(h.flags == 0x2910 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 1) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -157,10 +178,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0xAD86 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) == 1 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0xAD86 && + h.questions == 0 && + h.answer_rrs == 1 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -169,10 +190,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x0110 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0x0110 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -182,11 +203,11 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc return; } - if ((ntohs(get_u_int16_t(packet->payload, 2)) & 0xf800) == 0) { + if((h.flags & 0xf800) == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request\n"); - if (get_u_int16_t(packet->payload, 4) == htons(1) && + if(get_u_int16_t(packet->payload, 4) == htons(1) && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == 0 && get_u_int16_t(packet->payload, 10) == 0) { @@ -196,13 +217,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request, one question\n"); - if (packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -213,12 +234,11 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } } } - } else if ((ntohs(get_u_int16_t(packet->payload, 2)) & 0xf800) == 0x8000) { - + } else if((h.flags & 0xf800) == 0x8000) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response\n"); - if (get_u_int16_t(packet->payload, 4) == 0 && + if(get_u_int16_t(packet->payload, 4) == 0 && get_u_int16_t(packet->payload, 6) == htons(1) && get_u_int16_t(packet->payload, 8) == 0 && get_u_int16_t(packet->payload, 10) == 0) { @@ -228,13 +248,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios positive name query response, one answer\n"); - if (packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -244,7 +264,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc return; } } - } else if (get_u_int16_t(packet->payload, 4) == 0 && + } else if(get_u_int16_t(packet->payload, 4) == 0 && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == 0 && get_u_int16_t(packet->payload, 10) == 0) { @@ -254,13 +274,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios negative name query response, one answer\n"); - if (packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x000A) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -270,7 +290,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc return; } } - } else if (get_u_int16_t(packet->payload, 4) == 0 && + } else if(get_u_int16_t(packet->payload, 4) == 0 && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == htons(1) && get_u_int16_t(packet->payload, 10) == htons(1)) { @@ -280,13 +300,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios redirect name query response, one answer\n"); - if (packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0002) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -305,21 +325,19 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /*netbios header token from http://www.protocolbase.net/protocols/protocol_NBDGM.php */ - if ((dport == 138) && + if((dport == 138) && packet->payload_packet_len >= 14 && ntohs(get_u_int16_t(packet->payload, 10)) == packet->payload_packet_len - 14) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios port 138 and payload length >= 112 \n"); - if (packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { + if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); - if (ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { - char name[64]; - + if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n"); @@ -333,22 +351,22 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } } - if (packet->tcp != NULL) { + if(packet->tcp != NULL) { dport = ntohs(packet->tcp->dest); NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios tcp start\n"); /* destination port must be 139 */ - if (dport == 139) { + if(dport == 139) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with destination port 139\n"); /* payload_packet_len must be 72 */ - if (packet->payload_packet_len == 72) { + if(packet->payload_packet_len == 72) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with payload_packen_len = 72. \n"); - if (packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) { + if(packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with session request = 81, flags=0 and length od following bytes = 68. \n"); @@ -363,10 +381,8 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "exclude netbios\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETBIOS); - } - void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("NETBIOS", ndpi_struct, detection_bitmask, *id, -- cgit v1.2.3 From 6a5b380bc7495d91aaee189c52b6f9c300665027 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Mar 2017 22:51:13 +0100 Subject: Exported ndpi_netbios_name_interpret() to all nDPI apps --- libndpi.sym | 1 + src/include/ndpi_main.h | 5 ++++- src/lib/protocols/netbios.c | 6 +++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/libndpi.sym b/libndpi.sym index d7dc633fc..3fb3d9c33 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -49,3 +49,4 @@ set_ndpi_free set_ndpi_debug_function ndpi_category_str ndpi_get_proto_category +ndpi_netbios_name_interpret \ No newline at end of file diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index cd96af5d8..24bdcb171 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -106,7 +106,10 @@ extern "C" { extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); - +#ifdef NDPI_PROTOCOL_NETBIOS + int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len); +#endif + #ifdef NDPI_ENABLE_DEBUG_MESSAGES void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, const char **file, const char **func, u_int32_t * line); diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 55ba8f5e4..752da6c10 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -32,7 +32,7 @@ struct netbios_header { }; /* The function below has been inherited by tcpdump */ -static int netbios_name_interpret(char *in, char *out, u_int out_len) { +int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) { int ret = 0, len; char *b; @@ -114,7 +114,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); - if(netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) + if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -341,7 +341,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n"); - if(netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) + if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_int_netbios_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From 760d468aca5e75123b594319701a43e808961a5d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Mar 2017 23:42:36 +0100 Subject: Improved netbios name decoding --- src/lib/protocols/netbios.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 752da6c10..c899086eb 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -50,8 +50,11 @@ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) { } *out = ((in[0]-'A')<<4) + (in[1]-'A'); + in += 2; - out++, ret++; + + if(isprint(*out)) + out++, ret++; } *out = 0; -- cgit v1.2.3 From 92b1b46fa67e9de42a028ef9ec0d618cd8e701c5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 21 Mar 2017 00:48:16 +0100 Subject: SSL server certificate is now detected --- example/ndpiReader.c | 1 + example/ndpi_util.c | 112 ++++++------ example/ndpi_util.h | 1 + src/lib/ndpi_main.c | 52 +++--- src/lib/protocols/ssl.c | 6 +- tests/result/6in4tunnel.pcap.out | 2 +- tests/result/KakaoTalk_chat.pcap.out | 47 ----- tests/result/KakaoTalk_talk.pcap.out | 31 ---- tests/result/quickplay.pcap.out | 26 --- tests/result/skype.pcap.out | 312 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 290 +++++++++++++++--------------- tests/result/viber_mobile.pcap.out | 4 +- tests/result/webex.pcap.out | 2 +- 13 files changed, 398 insertions(+), 488 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index aa5db8821..dda137df9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -517,6 +517,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } } + process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe104b3e..b1ea6a3de 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -435,6 +435,64 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo /* ****************************************************** */ +void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { + if(!flow->ndpi_flow) return; + + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", + flow->ndpi_flow->host_server_name); + + /* BITTORRENT */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { + int i, j, n = 0; + + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { + sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); + j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + } + + if(n == 0) flow->bittorent_hash[0] = '\0'; + } + /* MDNS */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_MDNS) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); + } + /* UBNTAC2 */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UBNTAC2) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); + } + if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_DNS) { + /* SSH */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSH) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssh.client_signature); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssh.server_signature); + } + /* SSL */ + else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssl.client_certificate); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssl.server_certificate); + } + } + + if(flow->detection_completed) { + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + if (workflow->__flow_giveup_callback != NULL) + workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); + } else { + if (workflow->__flow_detected_callback != NULL) + workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); + } + + ndpi_free_flow_info_half(flow); + } +} + +/* ****************************************************** */ + /** Function to process the packet: determine the flow of a packet and try to decode it @@ -494,6 +552,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { /* New protocol detected or give up */ + flow->detection_completed = 1; } @@ -503,58 +562,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, flow->ndpi_flow); } - snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", - flow->ndpi_flow->host_server_name); - - /* BITTORRENT */ - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { - int i, j, n = 0; - - for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { - sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; - } - - if(n == 0) flow->bittorent_hash[0] = '\0'; - } - /* MDNS */ - else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_MDNS) { - snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); - } - /* UBNTAC2 */ - else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UBNTAC2) { - snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); - } - if((proto == IPPROTO_TCP) && (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_DNS)) { - /* SSH */ - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSH) { - snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", - flow->ndpi_flow->protos.ssh.client_signature); - snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", - flow->ndpi_flow->protos.ssh.server_signature); - } - /* SSL */ - else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { - snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", - flow->ndpi_flow->protos.ssl.client_certificate); - snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", - flow->ndpi_flow->protos.ssl.server_certificate); - } - } - - if(flow->detection_completed) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - if (workflow->__flow_giveup_callback != NULL) - workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); - } else { - if (workflow->__flow_detected_callback != NULL) - workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); - } - - ndpi_free_flow_info_half(flow); - } - + process_ndpi_collected_info(workflow, flow); return 0; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 6ff17bac2..1c092cbfa 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -159,5 +159,6 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * /* compare two nodes in workflow */ int ndpi_workflow_node_cmp(const void *a, const void *b); +void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5c8589c3f..a2abca7b8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3327,30 +3327,34 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int16_t guessed_protocol_id, guessed_host_protocol_id; - if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_TCP) - && (flow->l4.tcp.ssl_stage > 1)) - flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; - - guessed_protocol_id = flow->guessed_protocol_id, - guessed_host_protocol_id = flow->guessed_host_protocol_id; - - if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) - guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; - - - /* Ignore guessed protocol if they have been discarded */ - if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) - guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; - - if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ndpi_int_change_protocol(ndpi_struct, flow, - guessed_host_protocol_id, - guessed_protocol_id); + if(flow->protos.ssl.client_certificate[0] != '\0') { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); + } else { + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (flow->packet.l4_protocol == IPPROTO_TCP) + && (flow->l4.tcp.ssl_stage > 1)) + flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; + + guessed_protocol_id = flow->guessed_protocol_id, + guessed_host_protocol_id = flow->guessed_host_protocol_id; + + if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + + /* Ignore guessed protocol if they have been discarded */ + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) + guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ndpi_int_change_protocol(ndpi_struct, flow, + guessed_host_protocol_id, + guessed_protocol_id); + } } } else { flow->detected_protocol_stack[1] = flow->guessed_protocol_id, diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 8915b0e99..69f06e714 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -24,10 +24,9 @@ #include "ndpi_api.h" -/* #define CERTIFICATE_DEBUG 1 */ - #ifdef NDPI_PROTOCOL_SSL +/* #define CERTIFICATE_DEBUG 1 */ #define NDPI_MAX_SSL_REQUEST_SIZE 10000 /* Skype.c */ @@ -184,6 +183,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, /* Check after handshake protocol header (5 bytes) and message header (4 bytes) */ for(i = 9; i < packet->payload_packet_len-3; i++) { if(((packet->payload[i] == 0x04) && (packet->payload[i+1] == 0x03) && (packet->payload[i+2] == 0x0c)) + || ((packet->payload[i] == 0x04) && (packet->payload[i+1] == 0x03) && (packet->payload[i+2] == 0x13)) || ((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x04) && (packet->payload[i+2] == 0x03))) { u_int8_t server_len = packet->payload[i+3]; @@ -345,7 +345,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s && flow->l4.tcp.seen_syn_ack && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */) || (flow->protos.ssl.server_certificate[0] != '\0') - || (flow->protos.ssl.client_certificate[0] != '\0') + /* || (flow->protos.ssl.client_certificate[0] != '\0') */ ) ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 520173ab5..bc6b7973b 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -6,7 +6,7 @@ Facebook 37 14726 3 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net] + 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index fa510f8ba..8b1378917 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,48 +1 @@ -DNS 2 217 1 -HTTP 1 56 1 -ICMP 1 147 1 -SSL 29 4579 3 -Facebook 215 51809 12 -Google 16 1031 3 -HTTP_Proxy 26 3926 1 -Amazon 2 181 1 -KakaoTalk 55 9990 15 - 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] - 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] - 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] - 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] - 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] - 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] - 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] - 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] - 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] - 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] - 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] - 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] - 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] - 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] - 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] - 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] - 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] - 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] - 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 97b69377c..8b1378917 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,32 +1 @@ -HTTP 5 280 1 -QQ 15 1727 1 -SSL_No_Cert 74 14132 2 -RTP 2991 398751 2 -SSL 5 1198 1 -Facebook 5 377 3 -Google 4 359 4 -HTTP_Proxy 16 1838 2 -Tor 40 10538 1 -Amazon 4 396 1 -KakaoTalk_Voice 44 6196 2 - 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] - 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] - 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] - 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] - 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] - 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] - 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] - 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] - 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] - 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] - 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] - 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] - 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] - 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 277e25fc8..8b1378917 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,27 +1 @@ -QQ 12 4781 5 -Facebook 6 1740 3 -Google 2 378 1 -Amazon 2 1469 1 -QuickPlay 133 96179 11 - 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] - 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] - 3 TCP 120.28.35.40:80 <-> 10.54.169.250:52007 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] - 4 TCP 120.28.35.40:80 <-> 10.54.169.250:52009 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] - 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] - 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] - 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] - 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] - 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] - 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] - 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] - 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] - 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] - 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 3cc919310..e781f27df 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 404 52712 16 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,7 +7,7 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1910 292610 244 +Skype 1933 296729 245 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,152 +144,153 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 158 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] + 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 208 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 210 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] + 211 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] + 212 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] + 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 226 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 240 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 248 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 250 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] + 251 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] + 252 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] + 253 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 273 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -301,11 +302,10 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 14 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index a1e14bdea..e7cbd2a82 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 216 66695 13 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1261 185232 222 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,143 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 135 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 178 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 217 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 120 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 121 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 123 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 124 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 136 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 141 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] + 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 143 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] + 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 149 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 150 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 151 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 152 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 157 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] + 158 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 178 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 179 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] + 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 183 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 186 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 189 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 201 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 202 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 218 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] + 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 228 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] + 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 242 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 243 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 244 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 245 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 246 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 250 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 252 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] + 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: @@ -274,10 +275,9 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes] + 12 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes] + 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 6ae99d378..51b426378 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -70,7 +70,7 @@ Amazon 8 528 1 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes] 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com] + 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] @@ -84,7 +84,7 @@ Amazon 8 528 1 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com] + 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 889f7d4f9..2bca4171c 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -61,5 +61,5 @@ Amazon 3 174 1 53 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] 54 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] 55 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com] + 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com][server: *.crittercism.com] 57 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] -- cgit v1.2.3 From 281ba768ec76a5e2823d20a8264a4e0537548fc2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 1 Apr 2017 21:33:15 +0200 Subject: Added Ookla (SpeedTest) protocol detection --- example/ndpi_util.c | 14 +- src/include/ndpi_protocol_ids.h | 4 +- src/lib/ndpi_main.c | 6 +- src/lib/protocols/http.c | 277 +++++++--------------------------------- 4 files changed, 60 insertions(+), 241 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 3ab6d8da4..d2f002270 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -62,6 +62,10 @@ #define GTP_U_V1_PORT 2152 #define TZSP_PORT 37008 +#ifndef DLT_LINUX_SLL +#define DLT_LINUX_SLL 113 +#endif + #include "ndpi_main.h" #include "ndpi_util.h" @@ -629,7 +633,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, datalink_check: switch(datalink_type) { - case DLT_NULL : + case DLT_NULL: if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) type = ETH_P_IP; else @@ -653,7 +657,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* IEEE 802.3 Ethernet - 1 */ - case DLT_EN10MB : + case DLT_EN10MB: ethernet = (struct ndpi_ethhdr *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; check = ntohs(ethernet->h_proto); @@ -674,15 +678,13 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Linux Cooked Capture - 113 */ -#ifdef __linux__ - case DLT_LINUX_SLL : + case DLT_LINUX_SLL: type = (packet[eth_offset+14] << 8) + packet[eth_offset+15]; ip_offset = 16 + eth_offset; break; -#endif /* Radiotap link-layer - 127 */ - case DLT_IEEE802_11_RADIO : + case DLT_IEEE802_11_RADIO: radiotap = (struct ndpi_radiotap_header *) &packet[eth_offset]; radio_len = radiotap->len; diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7eada61e2..5afa63c92 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -227,9 +227,9 @@ #define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 -/* 191, 192 are free */ -#define NDPI_PROTOCOL_FREE_191 191 +/* 192 is free */ #define NDPI_PROTOCOL_FREE_192 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0c5c0f0ff..2250928c4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1606,9 +1606,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OOKLA, + no_master, + no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 1bef7f8f5..61d59f856 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -63,7 +63,6 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct pos = &packet->payload[packet->empty_line_position] + 2; - if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { @@ -330,7 +329,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ return; } } - + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -341,7 +340,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - + /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, @@ -357,13 +356,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); flow->nat_ip[len] = '\0'; - + if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); /** check result of host subprotocol detection - + if "detected" in flow == 0 then "detected" = "guess" else "guess" = "detected" **/ @@ -386,7 +385,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ (char *)packet->http_origin.ptr, packet->http_origin.len, NDPI_PROTOCOL_HTTP); - + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); @@ -534,225 +533,6 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) #endif } -void _org_ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - u_int16_t filename_start; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "search http\n"); - - /* set client-server_direction */ - if(flow->l4.tcp.http_setup_dir == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "initializes http to stage: 1 \n"); - flow->l4.tcp.http_setup_dir = 1 + packet->packet_direction; - } - - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK - (ndpi_struct->generic_http_packet_bitmask, packet->detected_protocol_stack[0]) != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "protocol might be detected earlier as http jump to payload type detection\n"); - goto http_parse_detection; - } - - if(flow->l4.tcp.http_setup_dir == 1 + packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "http stage: 1\n"); - - if(flow->l4.tcp.http_wait_for_retransmission) { - if(!packet->tcp_retransmission) { - if(flow->packet_counter <= 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "still waiting for retransmission\n"); - return; - } else { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission not found, exclude\n"); - http_bitmask_exclude(flow); - return; - } - } - } - - if(flow->l4.tcp.http_stage == 0) { - filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { - if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - return; - } - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "filename not found, exclude\n"); - http_bitmask_exclude(flow); - return; - } - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - - if(packet->parsed_lines <= 1) { - /* parse one more packet .. */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "just one line, search next packet\n"); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - flow->l4.tcp.http_stage = 1; - return; - } - // parsed_lines > 1 here - if(packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - u_int16_t proto_id; - - packet->http_url_name.ptr = &packet->payload[filename_start]; - packet->http_url_name.len = packet->line[0].len - (filename_start + 9); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "http structure detected, adding\n"); - - if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) /* nathan@getoffmalawn.com */ - proto_id = NDPI_PROTOCOL_HTTP_CONNECT; - else { - if((packet->http_url_name.len > 7) && (!strncmp((const char*)packet->http_url_name.ptr, "http://", 7))) - proto_id = NDPI_PROTOCOL_HTTP_PROXY; - else { - proto_id = NDPI_PROTOCOL_HTTP; - } - } - - ndpi_int_http_add_connection(ndpi_struct, flow, proto_id); - check_content_type_and_change_protocol(ndpi_struct, flow); - /* HTTP found, look for host... */ - if(packet->host_line.ptr != NULL) { - /* aaahh, skip this direction and wait for a server reply here */ - flow->l4.tcp.http_stage = 2; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START HOST found\n"); - return; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START HOST found\n"); - - /* host not found, check in next packet after */ - flow->l4.tcp.http_stage = 1; - return; - } - } else if(flow->l4.tcp.http_stage == 1) { - /* SECOND PAYLOAD TRAFFIC FROM CLIENT, FIRST PACKET MIGHT HAVE BEEN HTTP... */ - /* UNKNOWN TRAFFIC, HERE FOR HTTP again.. */ - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - - if(packet->parsed_lines <= 1) { - /* wait some packets in case request is split over more than 2 packets */ - if(flow->packet_counter < 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "line still not finished, search next packet\n"); - return; - } else { - /* stop parsing here */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); - http_bitmask_exclude(flow); - return; - } - } - // http://www.slideshare.net/DSPIP/rtsp-analysis-wireshark - if(packet->line[0].len >= 9 && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP START HTTP found in 2. packet, check host here...\n"); - /* HTTP found, look for host... */ - flow->l4.tcp.http_stage = 2; - - return; - } - } - } else { - /* We have received a response for a previously identified partial HTTP request */ - - if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { - /* - In apache if you do "GET /\n\n" the response comes without any header so we can assume that - this can be the case - */ - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - return; - } - - } - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); - http_bitmask_exclude(flow); - return; - - http_parse_detection: - if(flow->l4.tcp.http_setup_dir == 1 + packet->packet_direction) { - /* we have something like http here, so check for host and content type if possible */ - if(flow->l4.tcp.http_stage == 0 || flow->l4.tcp.http_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP RUN MAYBE NEXT GET/POST...\n"); - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - /* check for url here */ - filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start != 0 && packet->parsed_lines > 1 && packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - packet->http_url_name.ptr = &packet->payload[filename_start]; - packet->http_url_name.len = packet->line[0].len - (filename_start + 9); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "next http action, " - "resetting to http and search for other protocols later.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - } - check_content_type_and_change_protocol(ndpi_struct, flow); - /* HTTP found, look for host... */ - if(packet->host_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP RUN MAYBE NEXT HOST found, skipping all packets from this direction\n"); - /* aaahh, skip this direction and wait for a server reply here */ - flow->l4.tcp.http_stage = 2; - return; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP RUN MAYBE NEXT HOST NOT found, scanning one more packet from this direction\n"); - flow->l4.tcp.http_stage = 1; - } else if(flow->l4.tcp.http_stage == 1) { - // parse packet and maybe find a packet info with host ptr,... - ndpi_parse_packet_line_info(ndpi_struct, flow); - check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP RUN second packet scanned\n"); - /* HTTP found, look for host... */ - flow->l4.tcp.http_stage = 2; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP skipping client packets after second packet\n"); - return; - } - /* server response */ - if(flow->l4.tcp.http_stage > 0) { - /* first packet from server direction, might have a content line */ - ndpi_parse_packet_line_info(ndpi_struct, flow); - check_content_type_and_change_protocol(ndpi_struct, flow); - - if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); - check_http_payload(ndpi_struct, flow); - } - - if(flow->l4.tcp.http_stage == 2) { - flow->l4.tcp.http_stage = 3; - } else { - flow->l4.tcp.http_stage = 0; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP response first or second packet scanned,new stage is: %u\n", flow->l4.tcp.http_stage); - return; - } else { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response next packet skipped\n"); - } -} - /*************************************************************************************************/ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, @@ -771,10 +551,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Filename HTTP not found, we look for possible truncate flow...\n"); + if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); @@ -783,6 +563,24 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } + if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; + } + + if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { + /* + + + + + + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); http_bitmask_exclude(flow); return; @@ -817,6 +615,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->http_method.ptr = packet->line[0].ptr; packet->http_method.len = filename_start - 1; + /* Check for Ookla */ + if((packet->referer_line.len > 0) + && strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); + return; + } + /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { @@ -824,7 +629,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct check_content_type_and_change_protocol(ndpi_struct, flow); return; } - + /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { @@ -881,8 +686,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct check_content_type_and_change_protocol(ndpi_struct, flow); } - if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) /* nathan@getoffmalawn.com */ - { + if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { + /* nathan@getoffmalawn.com */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); @@ -892,14 +697,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { - /** nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. */ - + if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); @@ -911,7 +715,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } check_content_type_and_change_protocol(ndpi_struct, flow); - return; } } @@ -922,6 +725,16 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); + + if(flow->l4.tcp.http_stage == 1) { + if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } else + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + } + /** At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, otherwise check the second packet for the http request -- cgit v1.2.3 From 0390c8ccfb7f3908cd3867262d3121c461fea9e7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 1 Apr 2017 21:39:47 +0200 Subject: Added Ookla test pcap Updated results --- tests/pcap/ookla.pcap | Bin 0 -> 4862840 bytes tests/result/KakaoTalk_chat.pcap.out | 47 +++++++++++++++++++++++++++++++++++ tests/result/KakaoTalk_talk.pcap.out | 31 +++++++++++++++++++++++ tests/result/ookla.pcap.out | 4 +++ tests/result/quickplay.pcap.out | 26 +++++++++++++++++++ 5 files changed, 108 insertions(+) create mode 100644 tests/pcap/ookla.pcap create mode 100644 tests/result/ookla.pcap.out diff --git a/tests/pcap/ookla.pcap b/tests/pcap/ookla.pcap new file mode 100644 index 000000000..a5fb5f72a Binary files /dev/null and b/tests/pcap/ookla.pcap differ diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 8b1378917..fa510f8ba 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1 +1,48 @@ +DNS 2 217 1 +HTTP 1 56 1 +ICMP 1 147 1 +SSL 29 4579 3 +Facebook 215 51809 12 +Google 16 1031 3 +HTTP_Proxy 26 3926 1 +Amazon 2 181 1 +KakaoTalk 55 9990 15 + 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] + 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] + 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] + 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] + 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] + 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] + 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] + 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] + 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] + 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] + 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] + 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] + 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] + 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] + 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] + 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] + 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] + 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] + 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] + 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] + 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] + 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] + 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] + 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] + 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] + 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] + 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] + 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] + 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] + 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 8b1378917..97b69377c 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1 +1,32 @@ +HTTP 5 280 1 +QQ 15 1727 1 +SSL_No_Cert 74 14132 2 +RTP 2991 398751 2 +SSL 5 1198 1 +Facebook 5 377 3 +Google 4 359 4 +HTTP_Proxy 16 1838 2 +Tor 40 10538 1 +Amazon 4 396 1 +KakaoTalk_Voice 44 6196 2 + 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] + 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] + 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] + 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] + 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] + 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] + 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] + 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] + 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] + 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] + 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] + 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] + 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] + 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] + 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] + 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out new file mode 100644 index 000000000..8064e5dfb --- /dev/null +++ b/tests/result/ookla.pcap.out @@ -0,0 +1,4 @@ +Ookla 5086 4689745 2 + + 1 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][20 pkts/4320 bytes] + 2 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][5066 pkts/4685425 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 8b1378917..277e25fc8 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1 +1,27 @@ +QQ 12 4781 5 +Facebook 6 1740 3 +Google 2 378 1 +Amazon 2 1469 1 +QuickPlay 133 96179 11 + 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] + 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] + 3 TCP 120.28.35.40:80 <-> 10.54.169.250:52007 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] + 4 TCP 120.28.35.40:80 <-> 10.54.169.250:52009 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] + 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] + 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] + 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] + 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] + 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] + 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] + 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] + 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] + 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] + 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] + 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] -- cgit v1.2.3 From 0659f9b592cff1718ae1b74060a573f4cbe9a6d5 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sun, 2 Apr 2017 11:17:57 +0200 Subject: Replace BSD dependent strnstr with ndpi portable one --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 61d59f856..0b734fa84 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -617,7 +617,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for Ookla */ if((packet->referer_line.len > 0) - && strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); return; } -- cgit v1.2.3 From e4ef2d81401bb45b88e4021bcf5bf13e280ba57e Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 4 Apr 2017 14:42:45 +0200 Subject: Improved Ookla protocol --- src/lib/ndpi_content_match.c.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 1ad13fbd2..2b7164932 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7961,6 +7961,7 @@ ndpi_protocol_match host_match[] = { { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From bc68949c769150c8a708505398168afa394ba27a Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 7 Apr 2017 08:05:39 +0200 Subject: Added AMQP (Advanced Message Queueing Protocol) --- src/include/ndpi_protocol_ids.h | 7 +--- src/include/ndpi_protocols.h | 1 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 9 ++++- src/lib/protocols/amqp.c | 83 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/amqp.pcap | Bin 0 -> 26098 bytes tests/result/amqp.pcap.out | 5 +++ 7 files changed, 100 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/amqp.c create mode 100644 tests/pcap/amqp.pcap create mode 100644 tests/result/amqp.pcap.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 5afa63c92..dfb39af8d 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,7 +1,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -228,10 +228,7 @@ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 #define NDPI_PROTOCOL_OOKLA 191 - -/* 192 is free */ -#define NDPI_PROTOCOL_FREE_192 192 - +#define NDPI_PROTOCOL_AMQP 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index edf4ca3dc..b3b4092b4 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -202,6 +202,7 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 987975c47..3770c9cfc 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -21,6 +21,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/applejuice.c \ protocols/armagetron.c \ protocols/ayiya.c \ + protocols/amqp.c \ protocols/battlefield.c \ protocols/bgp.c \ protocols/bittorrent.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2250928c4..9a2c5d7a5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1611,9 +1611,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, + no_master, + no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); @@ -2687,6 +2691,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BITTORRENT */ init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask); + /* AMQP */ + init_amqp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c new file mode 100644 index 000000000..72bbc0a38 --- /dev/null +++ b/src/lib/protocols/amqp.c @@ -0,0 +1,83 @@ +/* + * amqp.c + * + * Copyright (C) 2011-17 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_AMQP + +PACK_ON +struct amqp_header { + u_int8_t ptype; + u_int16_t channel; + u_int32_t length; + u_int16_t class_id, method; +} PACK_OFF; + +static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow/* , */ + /* ndpi_protocol_type_t protocol_type */) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMQP, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "search amqp. \n"); + + if (packet->tcp != NULL) { + if(packet->payload_packet_len > sizeof(struct amqp_header)) { + struct amqp_header *h = (struct amqp_header*)packet->payload; + + if(h->ptype <= 3) { + u_int32_t length = htonl(h->length); + + if(((length+8) >= packet->payload_packet_len) + && (length < 32768) /* Upper bound */) { + u_int16_t class_id = htons(h->class_id); + + if((class_id >= 10) /* Connection */ + && (class_id <= 110) /* Tunnel */) { + u_int16_t method = htons(h->method); + + if(method <= 120 /* Method basic NACK */) { + NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "found amqp over tcp. \n"); + ndpi_int_amqp_add_connection(ndpi_struct, flow); + return; + } + } + } + } + } + } +} + + +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("AMQP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_AMQP, + ndpi_search_amqp, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif diff --git a/tests/pcap/amqp.pcap b/tests/pcap/amqp.pcap new file mode 100644 index 000000000..30633f1ed Binary files /dev/null and b/tests/pcap/amqp.pcap differ diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out new file mode 100644 index 000000000..200394193 --- /dev/null +++ b/tests/result/amqp.pcap.out @@ -0,0 +1,5 @@ +AMQP 160 23514 3 + + 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][108 pkts/14423 bytes] + 2 TCP 127.0.0.1:44204 <-> 127.0.1.1:5672 [proto: 192/AMQP][22 pkts/5026 bytes] + 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][30 pkts/4065 bytes] -- cgit v1.2.3 From eed3ba5d1e81680414dd8e28ccdad1567500ec2a Mon Sep 17 00:00:00 2001 From: Jasper van den Berg Date: Fri, 7 Apr 2017 11:47:44 +0200 Subject: unified HTTPDownload name with other HTTP protocols (as HTTP_Download) for consistency --- src/lib/ndpi_main.c | 30 +++++++++++++++--------------- tests/result/starcraft_battle.pcap.out | 4 ++-- tests/result/waze.pcap.out | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9a2c5d7a5..e2685908a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -187,7 +187,7 @@ static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { ndpi_node *root = (ndpi_node *) vrootp; - + if(root != NULL) ndpi_tdestroy_recurse(root, freefct); } @@ -338,7 +338,7 @@ void ndpi_flow_free(void *ptr) { if(_ndpi_flow_free) _ndpi_flow_free(ptr); else void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { void *ret = ndpi_malloc(new_size); - + if(!ret) return(ret); else { @@ -477,9 +477,9 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { ndpi_default_ports_tree_node_t *fa = (ndpi_default_ports_tree_node_t*)a; ndpi_default_ports_tree_node_t *fb = (ndpi_default_ports_tree_node_t*)b; - + //printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port); - + return((fa->default_port == fb->default_port) ? 0 : ((fa->default_port < fb->default_port) ? -1 : 1)); } @@ -488,7 +488,7 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - + printf("<%d>Walk on node %s (%u)\n", depth, @@ -1016,7 +1016,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -3281,8 +3281,8 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_payload[a].func(ndpi_struct, flow); - - + + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } @@ -3347,7 +3347,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->protos.ssl.client_certificate[0] != '\0') { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); - } else { + } else { if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) @@ -3485,9 +3485,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* guess protocol */ flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { - + if(flow->packet.iph) { /* guess host protocol */ flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); @@ -3496,7 +3496,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ ret = ndpi_detection_giveup(ndpi_struct, flow); - + return(ret); } } else { @@ -3508,7 +3508,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } } } - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -4111,7 +4111,7 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ /* /\* master proto for packet *\/ */ /* flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */ - + /* } */ /* } */ @@ -4346,7 +4346,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.app_protocol = rc, ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); - + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 2056ea4f4..97c178b41 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -1,7 +1,7 @@ DNS 26 2848 7 HTTP 271 160676 18 SSDP 11 4984 1 -HTTPDownload 179 134204 1 +HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 38 2548 11 @@ -40,7 +40,7 @@ Starcraft 236 51494 6 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] - 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] + 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][179 pkts/134204 bytes][Host: llnw.blizzard.com] 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index b74ec7a15..2d0d2f207 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,7 +1,7 @@ Unknown 10 786 1 HTTP 28 1572 7 NTP 2 180 1 -HTTPDownload 37 63205 1 +HTTP_Download 37 63205 1 SSL_No_Cert 13 2142 1 SSL 8 432 2 Waze 484 289335 19 @@ -27,7 +27,7 @@ WhatsApp 15 1341 1 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com] 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com] 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com] - 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTPDownload][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] + 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][4 pkts/216 bytes] 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] -- cgit v1.2.3 From d8b2189cc30f675fba46b072d162dc5943b1c362 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 14 Apr 2017 00:07:46 +0200 Subject: Initial wireshark integration via extcap interface --- example/ndpiReader.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++++--- example/ndpi_util.c | 42 ++++----- example/ndpi_util.h | 6 +- 3 files changed, 255 insertions(+), 35 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index dda137df9..0852777c8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -24,11 +24,11 @@ #endif #include #include +#include #ifdef WIN32 #include /* winsock.h is included automatically */ #include #include -#include #define getopt getopt____ #else #include @@ -81,6 +81,10 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +static pcap_dumper_t *extcap_dumper = NULL; +static char *extcap_capture_fifo = NULL; +static u_int16_t extcap_packet_filter = (u_int16_t)-1; + // struct associated to a workflow for a thread struct reader_thread { struct ndpi_workflow * workflow; @@ -104,8 +108,15 @@ typedef struct ndpi_id { u_int32_t current_ndpi_memory = 0, max_ndpi_memory = 0; -/********************** FUNCTIONS ********************* */ +void test_lib(); /* Forward */ + +/* ********************************** */ + +#ifdef DEBUG_TRACE +FILE *trace = NULL; +#endif +/********************** FUNCTIONS ********************* */ /** * @brief Set main components necessary to the detection @@ -142,6 +153,20 @@ static void help(u_int long_help) { " -h | This help\n" " -v <1|2> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose\n"); + #ifndef WIN32 + printf("\nExcap (wireshark) options:\n" + " --extcap-interfaces\n" + " --extcap-version\n" + " --extcap-dlts\n" + " --extcap-interface \n" + " --extcap-config\n" + " --capture\n" + " --extcap-capture-filter\n" + " --fifo \n" + " --debug\n" + ); + #endif + if(long_help) { printf("\n\nSupported protocols:\n"); num_threads = 1; @@ -152,28 +177,153 @@ static void help(u_int long_help) { } +static struct option longopts[] = { + /* mandatory extcap options */ + { "extcap-interfaces", no_argument, NULL, '0'}, + { "extcap-version", optional_argument, NULL, '1'}, + { "extcap-dlts", no_argument, NULL, '2'}, + { "extcap-interface", required_argument, NULL, '3'}, + { "extcap-config", no_argument, NULL, '4'}, + { "capture", no_argument, NULL, '5'}, + { "extcap-capture-filter", required_argument, NULL, '6'}, + { "fifo", required_argument, NULL, '7'}, + { "debug", optional_argument, NULL, '8'}, + { "ndpi-proto-filter", required_argument, NULL, '9'}, + + /* ndpiReader options */ + { "enable-protocol-guess", no_argument, NULL, 'd'}, + { "interface", required_argument, NULL, 'i'}, + { "filter", required_argument, NULL, 'f'}, + { "cpu-bind", required_argument, NULL, 'g'}, + { "loops", required_argument, NULL, 'l'}, + { "num-threads", required_argument, NULL, 'n'}, + + { "protos", required_argument, NULL, 'p'}, + { "capture-duration", required_argument, NULL, 's'}, + { "decode-tunnels", no_argument, NULL, 't'}, + { "revision", no_argument, NULL, 'r'}, + { "verbose", no_argument, NULL, 'v'}, + { "version", no_argument, NULL, 'V'}, + { "help", no_argument, NULL, 'h'}, + { "json", required_argument, NULL, 'j'}, + { "result-path", required_argument, NULL, 'w'}, + { "quiet", no_argument, NULL, 'q'}, + + {0, 0, 0, 0} +}; + +/* ********************************** */ + +void extcap_interfaces() { + printf("extcap {version=%s}\n", ndpi_revision()); + printf("interface {value=ndpi}{display=nDPI interface}\n"); + exit(0); +} + +/* ********************************** */ + +void extcap_dlts() { + u_int dlts_number = DLT_EN10MB; + printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI interface"); + exit(0); +} + +/* ********************************** */ + +void extcap_config() { + int i, argidx = 0; + struct ndpi_detection_module_struct *ndpi_mod; + +#if 1 + printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" + "{tooltip=The interface name}\n", argidx++); +#else + + printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" + "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); +#endif + + printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" + "{tooltip=nDPI Protocol to be filtered}\n", argidx); + + setupDetection(0, NULL); + ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; + + printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) + printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, i, + ndpi_mod->proto_defaults[i].protoName, i); + + exit(0); +} + +/* ********************************** */ + +void extcap_capture() { +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); +#endif + + if((extcap_dumper = pcap_dump_open(pcap_open_dead(DLT_EN10MB, 16384 /* MTU */), + extcap_capture_fifo)) == NULL) { + fprintf(stderr, "Unable to open the pcap dumper on %s", extcap_capture_fifo); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Unable to open the pcap dumper on %s\n", + extcap_capture_fifo); +#endif + return; + } + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Starting packet capture [%p]\n", extcap_dumper); +#endif + + test_lib(); + pcap_dump_close(extcap_dumper); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "End of packet capture [%p]\n", extcap_dumper); +#endif +} + +/* ********************************** */ + /** * @brief Option parser */ static void parseOptions(int argc, char **argv) { - + int option_idx = 0, do_capture = 0; char *__pcap_file = NULL, *bind_mask = NULL; int thread_id, opt; #ifdef linux u_int num_cores = sysconf(_SC_NPROCESSORS_ONLN); #endif - while ((opt = getopt(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q")) != EOF) { +#ifdef DEBUG_TRACE + trace = fopen("/tmp/ndpiReader.log", "a"); + + if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); +#endif + + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:", longopts, &option_idx)) != EOF) { +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); +#endif + switch (opt) { case 'd': enable_protocol_guess = 0; break; case 'i': + case '3': _pcap_file[0] = optarg; break; case 'f': + case '6': _bpf_filter = optarg; break; @@ -240,12 +390,47 @@ static void parseOptions(int argc, char **argv) { quiet_mode = 1; break; + /* Extcap */ + case '0': + extcap_interfaces(); + break; + + case '1': + printf("extcap {version=%s}\n", ndpi_revision()); + break; + + case '2': + extcap_dlts(); + break; + + case '4': + extcap_config(); + break; + + case '5': + do_capture = 1; + break; + + case '7': + extcap_capture_fifo = strdup(optarg); + break; + + case '8': + nDPI_traceLevel = 9; + break; + + case '9': + extcap_packet_filter = atoi(optarg); + break; + default: help(0); break; } } + if(do_capture) extcap_capture(); + // check parameters if(_pcap_file[0] == NULL || strcmp(_pcap_file[0], "") == 0) { help(0); @@ -277,6 +462,10 @@ static void parseOptions(int argc, char **argv) { } } #endif + +#ifdef DEBUG_TRACE + if(trace) fclose(trace); +#endif } @@ -370,7 +559,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { ntohs(flow->upper_port)); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); - + if(flow->detected_protocol.master_protocol) { char buf[64]; @@ -388,7 +577,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); - + if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); @@ -1138,13 +1327,14 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi static void pcap_packet_callback_checked(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { - + struct ndpi_proto p; u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ uint8_t *packet_checked = malloc(header->caplen); + memcpy(packet_checked, packet, header->caplen); - ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); + p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); if((capture_until != 0) && (header->ts.tv_sec >= capture_until)) { if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) @@ -1182,6 +1372,25 @@ static void pcap_packet_callback_checked(u_char *args, } } +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Found %u bytes packet %u.%u\n", header->caplen, p.app_protocol, p.master_protocol); +#endif + + if(extcap_dumper + && ((extcap_packet_filter == (u_int16_t)-1) + || (p.app_protocol == extcap_packet_filter) + || (p.master_protocol == extcap_packet_filter) + ) + ) { + struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); +#endif + // h->caplen += 8, h->len += 8; + pcap_dump((u_char*)extcap_dumper, h, packet); + } + /* check for buffer changes */ if(memcmp(packet, packet_checked, header->caplen) != 0) printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", @@ -1244,7 +1453,6 @@ void * processing_thread(void *_thread_id) { * @brief Begin, process, end detection process */ void test_lib() { - struct timeval begin, end; u_int64_t tot_usec; long thread_id; @@ -1253,8 +1461,18 @@ void test_lib() { json_init(); #endif +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Num threads: %d\n", num_threads); +#endif + for(thread_id = 0; thread_id < num_threads; thread_id++) { - pcap_t * cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); + pcap_t *cap; + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Opening %s\n", (const u_char*)_pcap_file[thread_id]); +#endif + + cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); setupDetection(thread_id, cap); } @@ -1275,9 +1493,9 @@ void test_lib() { printResults(tot_usec); for(thread_id = 0; thread_id < num_threads; thread_id++) { - if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { + if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) pcap_close(ndpi_thread_info[thread_id].workflow->pcap_handle); - } + terminateDetection(thread_id); } } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d2f002270..60dc94230 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -502,13 +502,13 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl @Note: ipsize = header->len - ip_offset ; rawsize = header->len */ -static unsigned int packet_processing(struct ndpi_workflow * workflow, - const u_int64_t time, - u_int16_t vlan_id, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - u_int16_t ip_offset, - u_int16_t ipsize, u_int16_t rawsize) { +static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, + const u_int64_t time, + u_int16_t vlan_id, + const struct ndpi_iphdr *iph, + struct ndpi_ipv6hdr *iph6, + u_int16_t ip_offset, + u_int16_t ipsize, u_int16_t rawsize) { struct ndpi_id_struct *src, *dst; struct ndpi_flow_info *flow = NULL; struct ndpi_flow_struct *ndpi_flow = NULL; @@ -540,11 +540,11 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, flow->packets++, flow->bytes += rawsize; flow->last_seen = time; } else { - return(0); + return(flow->detected_protocol); } /* Protocol already detected */ - if(flow->detection_completed) return(0); + if(flow->detection_completed) return(flow->detected_protocol); flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, @@ -565,14 +565,14 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } process_ndpi_collected_info(workflow, flow); - return 0; + return(flow->detected_protocol); } /* ****************************************************** */ -void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet) { +struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet) { /* * Declare pointers to packet headers */ @@ -597,6 +597,8 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /** --- IPv6 header --- **/ struct ndpi_ipv6hdr *iph6; + struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; @@ -691,7 +693,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* Check Bad FCS presence */ if((radiotap->flags & BAD_FCS) == BAD_FCS) { workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } /* Calculate 802.11 header length (variable) */ @@ -721,7 +723,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, default: /* printf("Unknown datalink %d\n", datalink_type); */ - return; + return(nproto); } /* check ether type */ @@ -802,7 +804,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } } else if(iph->version == 6) { iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; @@ -827,7 +829,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, ipv4_warning_used = 1; } workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } if(workflow->prefs.decode_tunnels && (proto == IPPROTO_UDP)) { @@ -886,7 +888,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, offset += tag_len; if(offset >= header->caplen) - return; /* Invalid packet */ + return(nproto); /* Invalid packet */ else { eth_offset = offset; goto datalink_check; @@ -897,6 +899,6 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } /* process the packet */ - packet_processing(workflow, time, vlan_id, iph, iph6, - ip_offset, header->len - ip_offset, header->len); + return(packet_processing(workflow, time, vlan_id, iph, iph6, + ip_offset, header->len - ip_offset, header->len)); } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 1c092cbfa..4895cdcb1 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -138,9 +138,9 @@ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow); /* Process a packet and update the workflow */ -void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet); +struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet); /* flow callbacks for complete detected flow -- cgit v1.2.3 From 29cd6ef9942188633b79b5c1fe62360f048a6450 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:29:53 +0200 Subject: fix segmentation fault caused by missing spanning tree check - add control for threads return values --- example/ndpiReader.c | 32 +++++++++++++++++++++++++------- example/ndpi_util.c | 13 ++++++++++--- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0852777c8..3df43a9fe 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); + uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); @@ -1478,14 +1478,32 @@ void test_lib() { gettimeofday(&begin, NULL); - /* Running processing threads */ - for(thread_id = 0; thread_id < num_threads; thread_id++) - pthread_create(&ndpi_thread_info[thread_id].pthread, NULL, processing_thread, (void *) thread_id); + int status; + void * thd_res; + /* Running processing threads */ + for(thread_id = 0; thread_id < num_threads; thread_id++) { + status = pthread_create(&ndpi_thread_info[thread_id].pthread, NULL, processing_thread, (void *) thread_id); + /* check pthreade_create return value */ + if(status != 0) { + fprintf(stderr, "error on create %ld thread\n", thread_id); + exit(-1); + } + } /* Waiting for completion */ - for(thread_id = 0; thread_id < num_threads; thread_id++) - pthread_join(ndpi_thread_info[thread_id].pthread, NULL); - + for(thread_id = 0; thread_id < num_threads; thread_id++) { + status = pthread_join(ndpi_thread_info[thread_id].pthread, thd_res); + /* check pthreade_join return value */ + if(status != 0) { + fprintf(stderr, "error on join %ld thread\n", thread_id); + exit(-1); + } + if(thd_res != NULL) { + fprintf(stderr, "error on returned value of %ld joined thread\n", thread_id); + exit(-1); + } + } + gettimeofday(&end, NULL); tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 60dc94230..a5d9d300d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -48,6 +48,7 @@ #define MPLS_MULTI 0x8848 #define PPPoE 0x8864 #define SNAP 0xaa +#define BSTP 0x42 /* Bridge Spanning Tree Protocol */ /* mask for FCF */ #define WIFI_DATA 0x2 /* 0000 0010 */ @@ -286,8 +287,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); - } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + // udp + } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; @@ -670,12 +673,16 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { + llc = (struct ndpi_llc_header *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ - if(packet[ip_offset] == SNAP) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + if(llc->dsap == SNAP || llc->ssap == SNAP) { +#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + else if(llc->dsap == BSTP || llc->ssap == BSTP) { + goto v4_warning; + } } break; -- cgit v1.2.3 From 2b0809f3dc297289f9413db4dde2eaa109a3603e Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:40:01 +0200 Subject: name correction for llc_snap header and minor fix --- example/ndpiReader.c | 2 +- example/ndpi_util.c | 10 +++++----- src/include/ndpi_typedefs.h | 4 +--- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3df43a9fe..b32650871 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ + uint8_t *packet_checked = malloc(header->caplen); memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index a5d9d300d..8fe80111a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -582,7 +582,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* --- Ethernet header --- */ const struct ndpi_ethhdr *ethernet; /* --- LLC header --- */ - const struct ndpi_llc_header *llc; + const struct ndpi_llc_header_snap *llc; /* --- Cisco HDLC header --- */ const struct ndpi_chdlc *chdlc; @@ -673,13 +673,13 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + llc = (struct ndpi_llc_header_snap *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ if(llc->dsap == SNAP || llc->ssap == SNAP) { -#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + /* No SNAP extension - Spanning Tree pkt must be discarted */ else if(llc->dsap == BSTP || llc->ssap == BSTP) { goto v4_warning; } @@ -716,12 +716,12 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Check ether_type from LLC */ - llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len); + llc = (struct ndpi_llc_header_snap*)(packet + eth_offset + wifi_len + radio_len); if(llc->dsap == SNAP) type = ntohs(llc->snap.proto_ID); /* Set IP header offset */ - ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset; + ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap) + eth_offset; break; case DLT_RAW: diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 490098086..e1fbeb71c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -138,14 +138,12 @@ struct ndpi_snap_extension } PACK_OFF; PACK_ON -struct ndpi_llc_header +struct ndpi_llc_header_snap { u_int8_t dsap; u_int8_t ssap; u_int8_t ctrl; -#ifdef SNAP_EXT struct ndpi_snap_extension snap; -#endif } PACK_OFF; /* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */ -- cgit v1.2.3 From b97e3ee51a9a17b837a2ed8c30e5ddabbf2d7140 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 11:23:03 +0200 Subject: add initial detection for WeChat --- src/include/ndpi_protocol_ids.h | 54 ++++++++++++++++++++-------------------- src/lib/ndpi_content_match.c.inc | 18 +++++--------- src/lib/ndpi_main.c | 1 - 3 files changed, 33 insertions(+), 40 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index dfb39af8d..2c318b341 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -224,46 +224,46 @@ #define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ #define NDPI_PROTOCOL_VEVO 186 #define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 +#define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 +#define NDPI_PROTOCOL_AMQP 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ /* 197 is free */ -#define NDPI_PROTOCOL_FREE_197 197 +#define NDPI_PROTOCOL_WECHAT 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ /* 208 - 209 free */ -#define NDPI_PROTOCOL_FREE_208 208 -#define NDPI_PROTOCOL_FREE_209 209 +#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_FREE_209 209 -#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 #define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ /* 217 is free */ -#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_FREE_217 217 -#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 @@ -271,11 +271,11 @@ #define NDPI_PROTOCOL_RX 223 /* 224 is free */ -#define NDPI_PROTOCOL_FREE_224 224 +#define NDPI_PROTOCOL_FREE_224 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_OPENDNS 225 +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 2b7164932..df3426129 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8083,16 +8083,6 @@ ndpi_protocol_match host_match[] = { { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, -#if 0 - /* The lines below are not just for Office 365 so they cannot be used for this purpose */ - { ".verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcb.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcd.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".verisign.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".geotrust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".entrust.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".public-trust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, -#endif /* http://www.urlquery.net/report.php?id=1453233646161 */ { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8123,16 +8113,20 @@ ndpi_protocol_match host_match[] = { { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e2685908a..b07557b5a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1618,7 +1618,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); -- cgit v1.2.3 From 3a21152f4c7b1783a0cd6671af405d0014cf9b4b Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 21:18:50 +0200 Subject: improved wechat detection --- src/lib/ndpi_content_match.c.inc | 21 +++++- tests/pcap/wechat.pcap | Bin 0 -> 694086 bytes tests/result/KakaoTalk_talk.pcap.out | 4 +- tests/result/quickplay.pcap.out | 12 ++-- tests/result/wechat.pcap.out | 120 +++++++++++++++++++++++++++++++++++ 5 files changed, 147 insertions(+), 10 deletions(-) create mode 100644 tests/pcap/wechat.pcap create mode 100644 tests/result/wechat.pcap.out diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index df3426129..d9ceb77a4 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -79,6 +79,17 @@ static ndpi_network host_protocol_list[] = { { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* + WeChat + 203.205.147.171 + 203.205.147.173 + 203.205.151.162 + */ + + { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, + /* OpenDNS, LLC origin AS36692, AS30607 @@ -8126,8 +8137,14 @@ ndpi_protocol_match host_match[] = { { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; diff --git a/tests/pcap/wechat.pcap b/tests/pcap/wechat.pcap new file mode 100644 index 000000000..f731d9925 Binary files /dev/null and b/tests/pcap/wechat.pcap differ diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 97b69377c..96d39ede2 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,5 +1,4 @@ HTTP 5 280 1 -QQ 15 1727 1 SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 @@ -9,6 +8,7 @@ HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 +WeChat 15 1727 1 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] @@ -23,7 +23,7 @@ KakaoTalk_Voice 44 6196 2 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 277e25fc8..8c6781221 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,8 +1,8 @@ -QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 QuickPlay 133 96179 11 +WeChat 12 4781 5 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] @@ -11,8 +11,8 @@ QuickPlay 133 96179 11 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] @@ -21,7 +21,7 @@ QuickPlay 133 96179 11 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] + 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out new file mode 100644 index 000000000..b81a52377 --- /dev/null +++ b/tests/result/wechat.pcap.out @@ -0,0 +1,120 @@ +Unknown 1 110 1 +DNS 6 494 3 +HTTP 70 4620 8 +MDNS 116 10672 4 +NTP 1 90 1 +NetBIOS 12 1579 2 +DHCP 1 342 1 +IGMP 24 1280 4 +SSL 21 1209 3 +ICMPV6 3 218 2 +Google 128 29925 17 +LLMNR 12 944 6 +WeChat 1277 615827 51 + + 1 UDP 192.168.1.103:33915 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][8 pkts/469 bytes] + 3 UDP 192.168.1.103:41759 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org] + 4 UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] + 5 UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 6 UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] + 7 TCP 203.205.158.34:443 <-> 192.168.1.103:43850 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] + 8 UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] + 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] + 10 TCP 172.217.23.78:443 <-> 192.168.1.103:53220 [proto: 91.126/SSL.Google][8 pkts/583 bytes] + 11 TCP 216.58.205.78:443 <-> 192.168.1.103:47627 [proto: 91.126/SSL.Google][7 pkts/517 bytes] + 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] + 13 UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 14 TCP 192.168.1.103:54084 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] + 15 TCP 192.168.1.103:54058 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] + 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com] + 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com] + 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/15082 bytes][client: web.wechat.com] + 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][27 pkts/10532 bytes][client: web.wechat.com] + 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][28 pkts/18041 bytes][client: web.wechat.com] + 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 25 TCP 192.168.1.103:54106 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] + 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] + 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4735 bytes][client: web.wechat.com] + 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] + 30 UDP 192.168.1.103:56367 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][26 pkts/11518 bytes][client: web.wechat.com] + 32 UDP 192.168.1.103:58165 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 33 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com] + 34 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com] + 35 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com] + 36 TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] + 37 UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] + 38 TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] + 39 UDP 216.58.198.46:443 <-> 192.168.1.103:57591 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] + 40 UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] + 41 TCP 95.101.34.33:80 <-> 192.168.1.103:34996 [proto: 7/HTTP][9 pkts/594 bytes] + 42 TCP 95.101.34.33:80 <-> 192.168.1.103:35000 [proto: 7/HTTP][9 pkts/594 bytes] + 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] + 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] + 46 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50440 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] + 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] + 48 UDP 172.217.23.67:443 <-> 192.168.1.103:35601 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] + 49 TCP 172.217.22.14:443 <-> 192.168.1.103:38657 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] + 50 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] + 51 UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] + 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] + 53 UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] + 54 UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] + 55 ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] + 56 TCP 203.205.158.34:443 <-> 192.168.1.103:43851 [proto: 91/SSL][9 pkts/524 bytes] + 57 UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 58 UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] + 60 UDP 172.217.23.67:443 <-> 192.168.1.103:51507 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] + 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] + 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes] + 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com] + 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4537 bytes][client: web.wechat.com] + 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] + 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][39 pkts/25723 bytes][client: web.wechat.com] + 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][44 pkts/19995 bytes][client: web.wechat.com] + 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][54 pkts/36453 bytes][client: web.wechat.com] + 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][86 pkts/65999 bytes][client: web.wechat.com] + 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][96 pkts/63642 bytes][client: web.wechat.com] + 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/9761 bytes][client: web.wechat.com] + 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][73 pkts/44045 bytes][client: web.wechat.com] + 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][36 pkts/14963 bytes][client: web.wechat.com] + 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/30965 bytes][client: web.wechat.com] + 76 TCP 192.168.1.103:54183 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/302 bytes][Host: docs.google.com] + 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] + 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][17 pkts/1146 bytes] + 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] + 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/354 bytes] + 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/465 bytes][Host: web.wechat.com] + 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] + 84 UDP 192.168.1.100:49832 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq] + 85 UDP 192.168.1.100:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] + 86 UDP 192.168.1.100:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] + 87 UDP 192.168.1.100:54124 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] + 88 IGMP 224.0.0.1:0 <-> 192.168.1.254:0 [proto: 82/IGMP][4 pkts/200 bytes] + 89 IGMP 224.0.0.22:0 <-> 192.168.1.100:0 [proto: 82/IGMP][15 pkts/810 bytes] + 90 IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes] + 91 IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes] + 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] + 93 TCP 95.101.34.33:80 <-> 192.168.1.103:34999 [proto: 7/HTTP][9 pkts/594 bytes] + 94 TCP 95.101.34.33:80 <-> 192.168.1.103:34981 [proto: 7/HTTP][9 pkts/594 bytes] + 95 TCP 95.101.34.34:80 <-> 192.168.1.103:39207 [proto: 7/HTTP][9 pkts/594 bytes] + 96 TCP 95.101.34.34:80 <-> 192.168.1.103:39195 [proto: 7/HTTP][8 pkts/528 bytes] + 97 TCP 95.101.34.34:80 <-> 192.168.1.103:39231 [proto: 7/HTTP][9 pkts/594 bytes] + 98 UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] + 99 UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] + 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] + 101 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:49195 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] + 102 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50577 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + + +Undetected flows: + 1 0 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes] -- cgit v1.2.3 From 4c5de9ef8e9e14289ce9024349390fe06b59c769 Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 17 Apr 2017 09:38:30 +0200 Subject: Added ethernet checksum reforging and nDPI protocol export in nDPI-extcap reader --- example/ndpiReader.c | 26 +++++++++++++++++++++----- example/ndpi_util.c | 40 ++++++++++++++++++++++++++++++++++++++++ example/ndpi_util.h | 2 +- 3 files changed, 62 insertions(+), 6 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b32650871..9eab4500f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -81,7 +81,13 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct ndpi_packet_trailer { + u_int32_t magic; /* 0x19682017 */ + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; +}; + static pcap_dumper_t *extcap_dumper = NULL; +static char extcap_buf[2048]; static char *extcap_capture_fifo = NULL; static u_int16_t extcap_packet_filter = (u_int16_t)-1; @@ -422,7 +428,7 @@ static void parseOptions(int argc, char **argv) { case '9': extcap_packet_filter = atoi(optarg); break; - + default: help(0); break; @@ -1383,12 +1389,22 @@ static void pcap_packet_callback_checked(u_char *args, ) ) { struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; - + uint32_t *crc, delta = sizeof(struct ndpi_packet_trailer) + 4 /* ethernet trailer */; + struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; + + memcpy(extcap_buf, packet, h->caplen); + trailer->magic = 0x19682017; + trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol; + crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; + *crc = 0; + ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); + h->caplen += delta, h->len += delta; + #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); #endif - // h->caplen += 8, h->len += 8; - pcap_dump((u_char*)extcap_dumper, h, packet); + + pcap_dump((u_char*)extcap_dumper, h, (const u_char *)extcap_buf); } /* check for buffer changes */ @@ -1503,7 +1519,7 @@ void test_lib() { exit(-1); } } - + gettimeofday(&end, NULL); tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe80111a..cd3c8a1e3 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -909,3 +909,43 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, return(packet_processing(workflow, time, vlan_id, iph, iph6, ip_offset, header->len - ip_offset, header->len)); } + +/* ********************************************************** */ +/* http://home.thep.lu.se/~bjorn/crc/crc32_fast.c */ +/* ********************************************************** */ + +static uint32_t crc32_for_byte(uint32_t r) { + for(int j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + return r ^ (uint32_t)0xFF000000L; +} + +/* Any unsigned integer type with at least 32 bits may be used as + * accumulator type for fast crc32-calulation, but unsigned long is + * probably the optimal choice for most systems. */ +typedef unsigned long accum_t; + +static void init_tables(uint32_t* table, uint32_t* wtable) { + for(size_t i = 0; i < 0x100; ++i) + table[i] = crc32_for_byte(i); + for(size_t k = 0; k < sizeof(accum_t); ++k) + for(size_t w, i = 0; i < 0x100; ++i) { + for(size_t j = w = 0; j < sizeof(accum_t); ++j) + w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; + wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); + } +} + +void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { + static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; + size_t n_accum = n_bytes/sizeof(accum_t); + if(!*table) + init_tables(table, wtable); + for(size_t i = 0; i < n_accum; ++i) { + accum_t a = *crc ^ ((accum_t*)data)[i]; + for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; + } + for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; +} diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 4895cdcb1..a8e21d673 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -160,5 +160,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * /* compare two nodes in workflow */ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); - +void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); #endif -- cgit v1.2.3 From c1db9a830d84281c146d9628c10620d7425ee009 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 18 Apr 2017 17:20:43 +0200 Subject: Compilation fix for old compilers --- example/ndpi_util.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index cd3c8a1e3..783f05c86 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -915,7 +915,9 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - for(int j = 0; j < 8; ++j) + int j; + + for(j = 0; j < 8; ++j) r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; return r ^ (uint32_t)0xFF000000L; } @@ -926,11 +928,13 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - for(size_t i = 0; i < 0x100; ++i) + size_t i, k, w, j; + + for(i = 0; i < 0x100; ++i) table[i] = crc32_for_byte(i); - for(size_t k = 0; k < sizeof(accum_t); ++k) - for(size_t w, i = 0; i < 0x100; ++i) { - for(size_t j = w = 0; j < sizeof(accum_t); ++j) + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); } @@ -939,13 +943,16 @@ static void init_tables(uint32_t* table, uint32_t* wtable) { void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, k, j; + if(!*table) init_tables(table, wtable); - for(size_t i = 0; i < n_accum; ++i) { + for(i = 0; i < n_accum; ++i) { accum_t a = *crc ^ ((accum_t*)data)[i]; - for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + for(j = *crc = 0; j < sizeof(accum_t); ++j) *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; } - for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } -- cgit v1.2.3 From 56b6c7ed93b7fbdc1963200c208437c16fe5437f Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:50:54 +0200 Subject: Fixed thread crash caused by commit 29cd6ef9942188633b79b5c1fe62360f048a6450 --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9eab4500f..b0b21b2b3 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1508,7 +1508,7 @@ void test_lib() { } /* Waiting for completion */ for(thread_id = 0; thread_id < num_threads; thread_id++) { - status = pthread_join(ndpi_thread_info[thread_id].pthread, thd_res); + status = pthread_join(ndpi_thread_info[thread_id].pthread, &thd_res); /* check pthreade_join return value */ if(status != 0) { fprintf(stderr, "error on join %ld thread\n", thread_id); -- cgit v1.2.3 From 45582194cf0fa64160530e8dac1e6fb4410e95a2 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:56:51 +0200 Subject: Added DNScrypt detection --- src/include/ndpi_protocol_ids.h | 7 +++---- src/lib/ndpi_content_match.c.inc | 4 +++- src/lib/ndpi_main.c | 10 +++++++--- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2c318b341..726736a06 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -233,8 +233,6 @@ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ - -/* 197 is free */ #define NDPI_PROTOCOL_WECHAT 197 #define NDPI_PROTOCOL_MPEGTS 198 @@ -248,8 +246,9 @@ #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -/* 208 - 209 free */ -#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_DNSCRYPT 208 + +/* 209 free */ #define NDPI_PROTOCOL_FREE_209 209 #define NDPI_PROTOCOL_DEEZER 210 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d9ceb77a4..6bf18ffbc 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8144,7 +8144,7 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; @@ -8217,6 +8217,8 @@ ndpi_protocol_match content_match[] = { - www.qbtxzhetq4s2f.com - www.fgd2iwya7vinfutj5wq5we.net + See also DGA (Domain Generation Algorithm) + In essence www..com|net To do things properly we should check if host name in the certificate diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b07557b5a..5e864383a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1616,9 +1616,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - - /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT, + no_master, + no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + +/* To be removed as soon as we define new protocols */ ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); -- cgit v1.2.3 From cbc08f7e5045c3b0f49eccc1e071663e163bbf91 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:58:35 +0200 Subject: Added DNScrypt test files --- tests/pcap/dnscrypt.pcap | Bin 0 -> 46476 bytes tests/result/dnscrypt.pcap.out | 6 ++++++ 2 files changed, 6 insertions(+) create mode 100644 tests/pcap/dnscrypt.pcap create mode 100644 tests/result/dnscrypt.pcap.out diff --git a/tests/pcap/dnscrypt.pcap b/tests/pcap/dnscrypt.pcap new file mode 100644 index 000000000..44c588705 Binary files /dev/null and b/tests/pcap/dnscrypt.pcap differ diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out new file mode 100644 index 000000000..db567cb70 --- /dev/null +++ b/tests/result/dnscrypt.pcap.out @@ -0,0 +1,6 @@ +DNScrypt 111 44676 4 + + 1 TCP 134.119.26.24:443 <-> 192.168.43.167:50258 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 2 TCP 134.119.26.24:443 <-> 192.168.43.167:50233 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] + 3 TCP 134.119.26.24:443 <-> 192.168.43.167:50253 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 4 TCP 134.119.26.24:443 <-> 192.168.43.167:50259 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] -- cgit v1.2.3 From a9c01ded174ed380a2d135cfb9b903f616b0e175 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 19 Apr 2017 21:55:49 +0200 Subject: ndpiReader now prints (-v) the flows with the correct direction --- example/ndpiReader.c | 28 +++++++++++++++++----------- example/ndpi_util.c | 22 ++++++++++------------ example/ndpi_util.h | 2 +- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b0b21b2b3..ca06e98b8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -553,17 +553,23 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(!json_flag) { fprintf(out, "\t%u", ++num_flows); - fprintf(out, "\t%s %s%s%s:%u <-> %s%s%s:%u ", - ipProto2Name(flow->protocol), - (flow->ip_version == 6) ? "[" : "", - flow->lower_name, - (flow->ip_version == 6) ? "]" : "", - ntohs(flow->lower_port), - (flow->ip_version == 6) ? "[" : "", - flow->upper_name, - (flow->ip_version == 6) ? "]" : "", - ntohs(flow->upper_port)); - + fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); + + if(flow->src_to_dst_direction == 1) + fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port), + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port) + ); + else + fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port), + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port) + ); + if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); if(flow->detected_protocol.master_protocol) { diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 783f05c86..445ade1ac 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -260,9 +260,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; + // tcp workflow->stats.tcp_count++; - - // tcp *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); @@ -287,12 +286,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); - - // udp } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + // udp workflow->stats.udp_count++; - *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); *payload = &l4[sizeof(struct ndpi_udphdr)]; @@ -335,7 +332,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(ret == NULL) { if(workflow->stats.ndpi_flow_count == workflow->prefs.max_ndpi_flows) { - NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, "maximum flow count (%u) has been exceeded\n", workflow->prefs.max_ndpi_flows); + NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, + "maximum flow count (%u) has been exceeded\n", + workflow->prefs.max_ndpi_flows); exit(-1); } else { struct ndpi_flow_info *newflow = (struct ndpi_flow_info*)malloc(sizeof(struct ndpi_flow_info)); @@ -350,7 +349,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->lower_ip = lower_ip, newflow->upper_ip = upper_ip; newflow->lower_port = lower_port, newflow->upper_port = upper_port; newflow->ip_version = version; - + newflow->src_to_dst_direction = *src_to_dst_direction; + if(version == IPVERSION) { inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); @@ -520,7 +520,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, struct ndpi_udphdr *udph = NULL; u_int16_t sport, dport, payload_len; u_int8_t *payload; - u_int8_t src_to_dst_direction= 1; + u_int8_t src_to_dst_direction = 1; if(iph) flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL, @@ -542,9 +542,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_flow = flow->ndpi_flow; flow->packets++, flow->bytes += rawsize; flow->last_seen = time; - } else { + } else return(flow->detected_protocol); - } /* Protocol already detected */ if(flow->detection_completed) return(flow->detected_protocol); @@ -556,8 +555,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ - + /* New protocol detected or give up */ flow->detection_completed = 1; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index a8e21d673..335c94ddf 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -46,7 +46,7 @@ typedef struct ndpi_flow_info { u_int32_t upper_ip; u_int16_t lower_port; u_int16_t upper_port; - u_int8_t detection_completed, protocol; + u_int8_t detection_completed, protocol, src_to_dst_direction; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; char lower_name[48], upper_name[48]; -- cgit v1.2.3 From 4cc54cceb5514acce67bf577f2116ee97505d805 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 19 Apr 2017 23:31:45 +0200 Subject: Added port stats when verbose mode (-v) is used --- example/ndpiReader.c | 113 +++++- example/uthash.h | 1096 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1200 insertions(+), 9 deletions(-) create mode 100644 example/uthash.h diff --git a/example/ndpiReader.c b/example/ndpiReader.c index ca06e98b8..2b02093cb 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -44,6 +44,7 @@ #include #include "../config.h" #include "ndpi_api.h" +#include "uthash.h" #ifdef HAVE_JSON_C #include @@ -81,9 +82,17 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct port_stats { + u_int32_t port; /* we'll use this field as the key */ + u_int32_t num_pkts, num_bytes; + UT_hash_handle hh; /* makes this structure hashable */ +}; + +struct port_stats *srcStats = NULL, *dstStats = NULL; + struct ndpi_packet_trailer { - u_int32_t magic; /* 0x19682017 */ - u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; + u_int32_t magic; /* 0x19682017 */ + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; }; static pcap_dumper_t *extcap_dumper = NULL; @@ -554,7 +563,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { fprintf(out, "\t%u", ++num_flows); fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); - + if(flow->src_to_dst_direction == 1) fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", (flow->ip_version == 6) ? "[" : "", @@ -569,7 +578,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { (flow->ip_version == 6) ? "[" : "", flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port) ); - + if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); if(flow->detected_protocol.master_protocol) { @@ -703,7 +712,6 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi * @brief Proto Guess Walker */ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t thread_id = *((u_int16_t *) user_data); @@ -725,6 +733,53 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } } +/* *********************************************** */ + +static void updatePortStats(struct port_stats **stats, u_int32_t port, u_int32_t num_pkts, u_int32_t num_bytes) { + struct port_stats *s; + + HASH_FIND_INT(*stats, &port, s); + if(s == NULL) { + s = (struct port_stats*)malloc(sizeof(struct port_stats)); + if(!s) return; + + s->port = port, s->num_pkts = 0, s->num_bytes = 0; + HASH_ADD_INT(*stats, port, s); + } + + s->num_pkts += num_pkts, s->num_bytes += num_bytes; +} + +/* *********************************************** */ + +static void deletePortsStats(struct port_stats *stats) { + struct port_stats *current_port, *tmp; + + HASH_ITER(hh, stats, current_port, tmp) { + HASH_DEL(stats, current_port); + free(current_port); + } +} + +/* *********************************************** */ + +/** + * @brief Ports stats + */ +static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { + struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; + u_int16_t sport, dport; + + if(flow->src_to_dst_direction == 1) + sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); + else + sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); + + updatePortStats(&srcStats, sport, flow->packets, flow->bytes); + updatePortStats(&dstStats, dport, flow->packets, flow->bytes); +} + +/* *********************************************** */ /** * @brief Idle Scan Walker @@ -929,12 +984,12 @@ static void json_init() { } #endif +/* *********************************************** */ /** * @brief Bytes stats format */ char* formatBytes(u_int32_t howMuch, char *buf, u_int buf_len) { - char unit = 'B'; if(howMuch < 1024) { @@ -956,6 +1011,29 @@ char* formatBytes(u_int32_t howMuch, char *buf, u_int buf_len) { return(buf); } +/* *********************************************** */ + +static int port_stats_sort(void *_a, void *_b) { + struct port_stats *a = (struct port_stats*)_a; + struct port_stats *b = (struct port_stats*)_b; + + return(b->num_pkts - a->num_pkts); +} + +/* *********************************************** */ + +void printPortStats(struct port_stats *stats) { + struct port_stats *s, *tmp; + int i = 0; + + HASH_ITER(hh, stats, s, tmp) { + i++; + printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); + if(i >= 10) break; + } +} + +/* *********************************************** */ /** * @brief Print result @@ -973,17 +1051,24 @@ static void printResults(u_int64_t tot_usec) { json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; - + memset(&cumulative_stats, 0, sizeof(cumulative_stats)); - for(thread_id = 0; thread_id < num_threads; thread_id++) { + for(thread_id = 0; thread_id < num_threads; thread_id++) { if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) && (ndpi_thread_info[thread_id].workflow->stats.raw_packet_count == 0)) continue; - for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); + if(verbose) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + } + if(verbose) { + HASH_SORT(srcStats, port_stats_sort); + HASH_SORT(dstStats, port_stats_sort); + } + /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1204,6 +1289,16 @@ static void printResults(u_int64_t tot_usec) { fclose(json_fp); #endif } + + if(verbose) { + printf("\n\nSource Ports Stats:\n"); + printPortStats(srcStats); + + printf("\nDestination Ports Stats:\n"); + printPortStats(dstStats); + + deletePortsStats(srcStats), deletePortsStats(dstStats); + } } diff --git a/example/uthash.h b/example/uthash.h new file mode 100644 index 000000000..f78a73b86 --- /dev/null +++ b/example/uthash.h @@ -0,0 +1,1096 @@ +/* +Copyright (c) 2003-2017, Troy D. Hanson http://troydhanson.github.com/uthash/ +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef UTHASH_H +#define UTHASH_H + +#define UTHASH_VERSION 2.0.2 + +#include /* memcmp,strlen */ +#include /* ptrdiff_t */ +#include /* exit() */ + +/* These macros use decltype or the earlier __typeof GNU extension. + As decltype is only available in newer compilers (VS2010 or gcc 4.3+ + when compiling c++ source) this code uses whatever method is needed + or, for VS2008 where neither is available, uses casting workarounds. */ +#if !defined(DECLTYPE) && !defined(NO_DECLTYPE) +#if defined(_MSC_VER) /* MS compiler */ +#if _MSC_VER >= 1600 && defined(__cplusplus) /* VS2010 or newer in C++ mode */ +#define DECLTYPE(x) (decltype(x)) +#else /* VS2008 or older (or VS2010 in C mode) */ +#define NO_DECLTYPE +#endif +#elif defined(__BORLANDC__) || defined(__ICCARM__) || defined(__LCC__) || defined(__WATCOMC__) +#define NO_DECLTYPE +#else /* GNU, Sun and other compilers */ +#define DECLTYPE(x) (__typeof(x)) +#endif +#endif + +#ifdef NO_DECLTYPE +#define DECLTYPE(x) +#define DECLTYPE_ASSIGN(dst,src) \ +do { \ + char **_da_dst = (char**)(&(dst)); \ + *_da_dst = (char*)(src); \ +} while (0) +#else +#define DECLTYPE_ASSIGN(dst,src) \ +do { \ + (dst) = DECLTYPE(dst)(src); \ +} while (0) +#endif + +/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */ +#if defined(_WIN32) +#if defined(_MSC_VER) && _MSC_VER >= 1600 +#include +#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__) +#include +#else +typedef unsigned int uint32_t; +typedef unsigned char uint8_t; +#endif +#elif defined(__GNUC__) && !defined(__VXWORKS__) +#include +#else +typedef unsigned int uint32_t; +typedef unsigned char uint8_t; +#endif + +#ifndef uthash_fatal +#define uthash_fatal(msg) exit(-1) /* fatal error (out of memory,etc) */ +#endif +#ifndef uthash_malloc +#define uthash_malloc(sz) malloc(sz) /* malloc fcn */ +#endif +#ifndef uthash_free +#define uthash_free(ptr,sz) free(ptr) /* free fcn */ +#endif +#ifndef uthash_strlen +#define uthash_strlen(s) strlen(s) +#endif +#ifndef uthash_memcmp +#define uthash_memcmp(a,b,n) memcmp(a,b,n) +#endif + +#ifndef uthash_noexpand_fyi +#define uthash_noexpand_fyi(tbl) /* can be defined to log noexpand */ +#endif +#ifndef uthash_expand_fyi +#define uthash_expand_fyi(tbl) /* can be defined to log expands */ +#endif + +/* initial number of buckets */ +#define HASH_INITIAL_NUM_BUCKETS 32U /* initial number of buckets */ +#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */ +#define HASH_BKT_CAPACITY_THRESH 10U /* expand when bucket count reaches */ + +/* calculate the element whose hash handle address is hhp */ +#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho))) +/* calculate the hash handle from element address elp */ +#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho))) + +#define HASH_VALUE(keyptr,keylen,hashv) \ +do { \ + HASH_FCN(keyptr, keylen, hashv); \ +} while (0) + +#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out) \ +do { \ + (out) = NULL; \ + if (head) { \ + unsigned _hf_bkt; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt); \ + if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) { \ + HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \ + } \ + } \ +} while (0) + +#define HASH_FIND(hh,head,keyptr,keylen,out) \ +do { \ + unsigned _hf_hashv; \ + HASH_VALUE(keyptr, keylen, _hf_hashv); \ + HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out); \ +} while (0) + +#ifdef HASH_BLOOM +#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM) +#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL) +#define HASH_BLOOM_MAKE(tbl) \ +do { \ + (tbl)->bloom_nbits = HASH_BLOOM; \ + (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN); \ + if (!((tbl)->bloom_bv)) { uthash_fatal( "out of memory"); } \ + memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN); \ + (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE; \ +} while (0) + +#define HASH_BLOOM_FREE(tbl) \ +do { \ + uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN); \ +} while (0) + +#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U))) +#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U))) + +#define HASH_BLOOM_ADD(tbl,hashv) \ + HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U))) + +#define HASH_BLOOM_TEST(tbl,hashv) \ + HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U))) + +#else +#define HASH_BLOOM_MAKE(tbl) +#define HASH_BLOOM_FREE(tbl) +#define HASH_BLOOM_ADD(tbl,hashv) +#define HASH_BLOOM_TEST(tbl,hashv) (1) +#define HASH_BLOOM_BYTELEN 0U +#endif + +#define HASH_MAKE_TABLE(hh,head) \ +do { \ + (head)->hh.tbl = (UT_hash_table*)uthash_malloc( \ + sizeof(UT_hash_table)); \ + if (!((head)->hh.tbl)) { uthash_fatal( "out of memory"); } \ + memset((head)->hh.tbl, 0, sizeof(UT_hash_table)); \ + (head)->hh.tbl->tail = &((head)->hh); \ + (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS; \ + (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2; \ + (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head); \ + (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc( \ + HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ + if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); } \ + memset((head)->hh.tbl->buckets, 0, \ + HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ + HASH_BLOOM_MAKE((head)->hh.tbl); \ + (head)->hh.tbl->signature = HASH_SIGNATURE; \ +} while (0) + +#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \ +do { \ + (replaced) = NULL; \ + HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \ + if (replaced) { \ + HASH_DELETE(hh, head, replaced); \ + } \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \ +} while (0) + +#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \ +do { \ + (replaced) = NULL; \ + HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \ + if (replaced) { \ + HASH_DELETE(hh, head, replaced); \ + } \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \ +} while (0) + +#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced) \ +do { \ + unsigned _hr_hashv; \ + HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv); \ + HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \ +} while (0) + +#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn) \ +do { \ + unsigned _hr_hashv; \ + HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv); \ + HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \ +} while (0) + +#define HASH_APPEND_LIST(hh, head, add) \ +do { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail); \ + (head)->hh.tbl->tail->next = (add); \ + (head)->hh.tbl->tail = &((add)->hh); \ +} while (0) + +#define HASH_AKBI_INNER_LOOP(hh,head,add,cmpfcn) \ +do { \ + do { \ + if (cmpfcn(DECLTYPE(head)(_hs_iter), add) > 0) \ + break; \ + } while ((_hs_iter = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->next)); \ +} while (0) + +#ifdef NO_DECLTYPE +#undef HASH_AKBI_INNER_LOOP +#define HASH_AKBI_INNER_LOOP(hh,head,add,cmpfcn) \ +do { \ + char *_hs_saved_head = (char*)(head); \ + do { \ + DECLTYPE_ASSIGN(head, _hs_iter); \ + if (cmpfcn(head, add) > 0) { \ + DECLTYPE_ASSIGN(head, _hs_saved_head); \ + break; \ + } \ + DECLTYPE_ASSIGN(head, _hs_saved_head); \ + } while ((_hs_iter = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->next)); \ +} while (0) +#endif + +#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \ +do { \ + unsigned _ha_bkt; \ + (add)->hh.hashv = (hashval); \ + (add)->hh.key = (char*) (keyptr); \ + (add)->hh.keylen = (unsigned) (keylen_in); \ + if (!(head)) { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = NULL; \ + (head) = (add); \ + HASH_MAKE_TABLE(hh, head); \ + } else { \ + void *_hs_iter = (head); \ + (add)->hh.tbl = (head)->hh.tbl; \ + HASH_AKBI_INNER_LOOP(hh, head, add, cmpfcn); \ + if (_hs_iter) { \ + (add)->hh.next = _hs_iter; \ + if (((add)->hh.prev = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->prev)) { \ + HH_FROM_ELMT((head)->hh.tbl, (add)->hh.prev)->next = (add); \ + } else { \ + (head) = (add); \ + } \ + HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->prev = (add); \ + } else { \ + HASH_APPEND_LIST(hh, head, add); \ + } \ + } \ + (head)->hh.tbl->num_items++; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt); \ + HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh); \ + HASH_BLOOM_ADD((head)->hh.tbl, hashval); \ + HASH_EMIT_KEY(hh, head, keyptr, keylen_in); \ + HASH_FSCK(hh, head); \ +} while (0) + +#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn) \ +do { \ + unsigned _hs_hashv; \ + HASH_VALUE(keyptr, keylen_in, _hs_hashv); \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \ +} while (0) + +#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn) + +#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn) \ + HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn) + +#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add) \ +do { \ + unsigned _ha_bkt; \ + (add)->hh.hashv = (hashval); \ + (add)->hh.key = (char*) (keyptr); \ + (add)->hh.keylen = (unsigned) (keylen_in); \ + if (!(head)) { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = NULL; \ + (head) = (add); \ + HASH_MAKE_TABLE(hh, head); \ + } else { \ + (add)->hh.tbl = (head)->hh.tbl; \ + HASH_APPEND_LIST(hh, head, add); \ + } \ + (head)->hh.tbl->num_items++; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt); \ + HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh); \ + HASH_BLOOM_ADD((head)->hh.tbl, hashval); \ + HASH_EMIT_KEY(hh, head, keyptr, keylen_in); \ + HASH_FSCK(hh, head); \ +} while (0) + +#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add) \ +do { \ + unsigned _ha_hashv; \ + HASH_VALUE(keyptr, keylen_in, _ha_hashv); \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add); \ +} while (0) + +#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add) \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add) + +#define HASH_ADD(hh,head,fieldname,keylen_in,add) \ + HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add) + +#define HASH_TO_BKT(hashv,num_bkts,bkt) \ +do { \ + bkt = ((hashv) & ((num_bkts) - 1U)); \ +} while (0) + +/* delete "delptr" from the hash table. + * "the usual" patch-up process for the app-order doubly-linked-list. + * The use of _hd_hh_del below deserves special explanation. + * These used to be expressed using (delptr) but that led to a bug + * if someone used the same symbol for the head and deletee, like + * HASH_DELETE(hh,users,users); + * We want that to work, but by changing the head (users) below + * we were forfeiting our ability to further refer to the deletee (users) + * in the patch-up process. Solution: use scratch space to + * copy the deletee pointer, then the latter references are via that + * scratch pointer rather than through the repointed (users) symbol. + */ +#define HASH_DELETE(hh,head,delptr) \ +do { \ + struct UT_hash_handle *_hd_hh_del; \ + if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) ) { \ + uthash_free((head)->hh.tbl->buckets, \ + (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \ + HASH_BLOOM_FREE((head)->hh.tbl); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + head = NULL; \ + } else { \ + unsigned _hd_bkt; \ + _hd_hh_del = &((delptr)->hh); \ + if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) { \ + (head)->hh.tbl->tail = \ + (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) + \ + (head)->hh.tbl->hho); \ + } \ + if ((delptr)->hh.prev != NULL) { \ + ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) + \ + (head)->hh.tbl->hho))->next = (delptr)->hh.next; \ + } else { \ + DECLTYPE_ASSIGN(head,(delptr)->hh.next); \ + } \ + if (_hd_hh_del->next != NULL) { \ + ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next + \ + (head)->hh.tbl->hho))->prev = \ + _hd_hh_del->prev; \ + } \ + HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt); \ + HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del); \ + (head)->hh.tbl->num_items--; \ + } \ + HASH_FSCK(hh,head); \ +} while (0) + + +/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */ +#define HASH_FIND_STR(head,findstr,out) \ + HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out) +#define HASH_ADD_STR(head,strfield,add) \ + HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add) +#define HASH_REPLACE_STR(head,strfield,add,replaced) \ + HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced) +#define HASH_FIND_INT(head,findint,out) \ + HASH_FIND(hh,head,findint,sizeof(int),out) +#define HASH_ADD_INT(head,intfield,add) \ + HASH_ADD(hh,head,intfield,sizeof(int),add) +#define HASH_REPLACE_INT(head,intfield,add,replaced) \ + HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced) +#define HASH_FIND_PTR(head,findptr,out) \ + HASH_FIND(hh,head,findptr,sizeof(void *),out) +#define HASH_ADD_PTR(head,ptrfield,add) \ + HASH_ADD(hh,head,ptrfield,sizeof(void *),add) +#define HASH_REPLACE_PTR(head,ptrfield,add,replaced) \ + HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced) +#define HASH_DEL(head,delptr) \ + HASH_DELETE(hh,head,delptr) + +/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined. + * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined. + */ +#ifdef HASH_DEBUG +#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) +#define HASH_FSCK(hh,head) \ +do { \ + struct UT_hash_handle *_thh; \ + if (head) { \ + unsigned _bkt_i; \ + unsigned _count; \ + char *_prev; \ + _count = 0; \ + for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) { \ + unsigned _bkt_count = 0; \ + _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head; \ + _prev = NULL; \ + while (_thh) { \ + if (_prev != (char*)(_thh->hh_prev)) { \ + HASH_OOPS("invalid hh_prev %p, actual %p\n", \ + _thh->hh_prev, _prev ); \ + } \ + _bkt_count++; \ + _prev = (char*)(_thh); \ + _thh = _thh->hh_next; \ + } \ + _count += _bkt_count; \ + if ((head)->hh.tbl->buckets[_bkt_i].count != _bkt_count) { \ + HASH_OOPS("invalid bucket count %u, actual %u\n", \ + (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count); \ + } \ + } \ + if (_count != (head)->hh.tbl->num_items) { \ + HASH_OOPS("invalid hh item count %u, actual %u\n", \ + (head)->hh.tbl->num_items, _count ); \ + } \ + /* traverse hh in app order; check next/prev integrity, count */ \ + _count = 0; \ + _prev = NULL; \ + _thh = &(head)->hh; \ + while (_thh) { \ + _count++; \ + if (_prev !=(char*)(_thh->prev)) { \ + HASH_OOPS("invalid prev %p, actual %p\n", \ + _thh->prev, _prev ); \ + } \ + _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh); \ + _thh = ( _thh->next ? (UT_hash_handle*)((char*)(_thh->next) + \ + (head)->hh.tbl->hho) : NULL ); \ + } \ + if (_count != (head)->hh.tbl->num_items) { \ + HASH_OOPS("invalid app item count %u, actual %u\n", \ + (head)->hh.tbl->num_items, _count ); \ + } \ + } \ +} while (0) +#else +#define HASH_FSCK(hh,head) +#endif + +/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to + * the descriptor to which this macro is defined for tuning the hash function. + * The app can #include to get the prototype for write(2). */ +#ifdef HASH_EMIT_KEYS +#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) \ +do { \ + unsigned _klen = fieldlen; \ + write(HASH_EMIT_KEYS, &_klen, sizeof(_klen)); \ + write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen); \ +} while (0) +#else +#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) +#endif + +/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */ +#ifdef HASH_FUNCTION +#define HASH_FCN HASH_FUNCTION +#else +#define HASH_FCN HASH_JEN +#endif + +/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */ +#define HASH_BER(key,keylen,hashv) \ +do { \ + unsigned _hb_keylen=(unsigned)keylen; \ + const unsigned char *_hb_key=(const unsigned char*)(key); \ + (hashv) = 0; \ + while (_hb_keylen-- != 0U) { \ + (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++; \ + } \ +} while (0) + + +/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at + * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */ +#define HASH_SAX(key,keylen,hashv) \ +do { \ + unsigned _sx_i; \ + const unsigned char *_hs_key=(const unsigned char*)(key); \ + hashv = 0; \ + for(_sx_i=0; _sx_i < keylen; _sx_i++) { \ + hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i]; \ + } \ +} while (0) +/* FNV-1a variation */ +#define HASH_FNV(key,keylen,hashv) \ +do { \ + unsigned _fn_i; \ + const unsigned char *_hf_key=(const unsigned char*)(key); \ + hashv = 2166136261U; \ + for(_fn_i=0; _fn_i < keylen; _fn_i++) { \ + hashv = hashv ^ _hf_key[_fn_i]; \ + hashv = hashv * 16777619U; \ + } \ +} while (0) + +#define HASH_OAT(key,keylen,hashv) \ +do { \ + unsigned _ho_i; \ + const unsigned char *_ho_key=(const unsigned char*)(key); \ + hashv = 0; \ + for(_ho_i=0; _ho_i < keylen; _ho_i++) { \ + hashv += _ho_key[_ho_i]; \ + hashv += (hashv << 10); \ + hashv ^= (hashv >> 6); \ + } \ + hashv += (hashv << 3); \ + hashv ^= (hashv >> 11); \ + hashv += (hashv << 15); \ +} while (0) + +#define HASH_JEN_MIX(a,b,c) \ +do { \ + a -= b; a -= c; a ^= ( c >> 13 ); \ + b -= c; b -= a; b ^= ( a << 8 ); \ + c -= a; c -= b; c ^= ( b >> 13 ); \ + a -= b; a -= c; a ^= ( c >> 12 ); \ + b -= c; b -= a; b ^= ( a << 16 ); \ + c -= a; c -= b; c ^= ( b >> 5 ); \ + a -= b; a -= c; a ^= ( c >> 3 ); \ + b -= c; b -= a; b ^= ( a << 10 ); \ + c -= a; c -= b; c ^= ( b >> 15 ); \ +} while (0) + +#define HASH_JEN(key,keylen,hashv) \ +do { \ + unsigned _hj_i,_hj_j,_hj_k; \ + unsigned const char *_hj_key=(unsigned const char*)(key); \ + hashv = 0xfeedbeefu; \ + _hj_i = _hj_j = 0x9e3779b9u; \ + _hj_k = (unsigned)(keylen); \ + while (_hj_k >= 12U) { \ + _hj_i += (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 ) \ + + ( (unsigned)_hj_key[2] << 16 ) \ + + ( (unsigned)_hj_key[3] << 24 ) ); \ + _hj_j += (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 ) \ + + ( (unsigned)_hj_key[6] << 16 ) \ + + ( (unsigned)_hj_key[7] << 24 ) ); \ + hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 ) \ + + ( (unsigned)_hj_key[10] << 16 ) \ + + ( (unsigned)_hj_key[11] << 24 ) ); \ + \ + HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ + \ + _hj_key += 12; \ + _hj_k -= 12U; \ + } \ + hashv += (unsigned)(keylen); \ + switch ( _hj_k ) { \ + case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */ \ + case 10: hashv += ( (unsigned)_hj_key[9] << 16 ); /* FALLTHROUGH */ \ + case 9: hashv += ( (unsigned)_hj_key[8] << 8 ); /* FALLTHROUGH */ \ + case 8: _hj_j += ( (unsigned)_hj_key[7] << 24 ); /* FALLTHROUGH */ \ + case 7: _hj_j += ( (unsigned)_hj_key[6] << 16 ); /* FALLTHROUGH */ \ + case 6: _hj_j += ( (unsigned)_hj_key[5] << 8 ); /* FALLTHROUGH */ \ + case 5: _hj_j += _hj_key[4]; /* FALLTHROUGH */ \ + case 4: _hj_i += ( (unsigned)_hj_key[3] << 24 ); /* FALLTHROUGH */ \ + case 3: _hj_i += ( (unsigned)_hj_key[2] << 16 ); /* FALLTHROUGH */ \ + case 2: _hj_i += ( (unsigned)_hj_key[1] << 8 ); /* FALLTHROUGH */ \ + case 1: _hj_i += _hj_key[0]; \ + } \ + HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ +} while (0) + +/* The Paul Hsieh hash function */ +#undef get16bits +#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__) \ + || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__) +#define get16bits(d) (*((const uint16_t *) (d))) +#endif + +#if !defined (get16bits) +#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8) \ + +(uint32_t)(((const uint8_t *)(d))[0]) ) +#endif +#define HASH_SFH(key,keylen,hashv) \ +do { \ + unsigned const char *_sfh_key=(unsigned const char*)(key); \ + uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen; \ + \ + unsigned _sfh_rem = _sfh_len & 3U; \ + _sfh_len >>= 2; \ + hashv = 0xcafebabeu; \ + \ + /* Main loop */ \ + for (;_sfh_len > 0U; _sfh_len--) { \ + hashv += get16bits (_sfh_key); \ + _sfh_tmp = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv; \ + hashv = (hashv << 16) ^ _sfh_tmp; \ + _sfh_key += 2U*sizeof (uint16_t); \ + hashv += hashv >> 11; \ + } \ + \ + /* Handle end cases */ \ + switch (_sfh_rem) { \ + case 3: hashv += get16bits (_sfh_key); \ + hashv ^= hashv << 16; \ + hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18; \ + hashv += hashv >> 11; \ + break; \ + case 2: hashv += get16bits (_sfh_key); \ + hashv ^= hashv << 11; \ + hashv += hashv >> 17; \ + break; \ + case 1: hashv += *_sfh_key; \ + hashv ^= hashv << 10; \ + hashv += hashv >> 1; \ + } \ + \ + /* Force "avalanching" of final 127 bits */ \ + hashv ^= hashv << 3; \ + hashv += hashv >> 5; \ + hashv ^= hashv << 4; \ + hashv += hashv >> 17; \ + hashv ^= hashv << 25; \ + hashv += hashv >> 6; \ +} while (0) + +#ifdef HASH_USING_NO_STRICT_ALIASING +/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads. + * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error. + * MurmurHash uses the faster approach only on CPU's where we know it's safe. + * + * Note the preprocessor built-in defines can be emitted using: + * + * gcc -m64 -dM -E - < /dev/null (on gcc) + * cc -## a.c (where a.c is a simple test file) (Sun Studio) + */ +#if (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86)) +#define MUR_GETBLOCK(p,i) p[i] +#else /* non intel */ +#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL) +#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL) +#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL) +#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL) +#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL)) +#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__)) +#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24)) +#define MUR_TWO_TWO(p) ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16)) +#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >> 8)) +#else /* assume little endian non-intel */ +#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24)) +#define MUR_TWO_TWO(p) ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16)) +#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) << 8)) +#endif +#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) : \ + (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \ + (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) : \ + MUR_ONE_THREE(p)))) +#endif +#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r)))) +#define MUR_FMIX(_h) \ +do { \ + _h ^= _h >> 16; \ + _h *= 0x85ebca6bu; \ + _h ^= _h >> 13; \ + _h *= 0xc2b2ae35u; \ + _h ^= _h >> 16; \ +} while (0) + +#define HASH_MUR(key,keylen,hashv) \ +do { \ + const uint8_t *_mur_data = (const uint8_t*)(key); \ + const int _mur_nblocks = (int)(keylen) / 4; \ + uint32_t _mur_h1 = 0xf88D5353u; \ + uint32_t _mur_c1 = 0xcc9e2d51u; \ + uint32_t _mur_c2 = 0x1b873593u; \ + uint32_t _mur_k1 = 0; \ + const uint8_t *_mur_tail; \ + const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \ + int _mur_i; \ + for(_mur_i = -_mur_nblocks; _mur_i!=0; _mur_i++) { \ + _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i); \ + _mur_k1 *= _mur_c1; \ + _mur_k1 = MUR_ROTL32(_mur_k1,15); \ + _mur_k1 *= _mur_c2; \ + \ + _mur_h1 ^= _mur_k1; \ + _mur_h1 = MUR_ROTL32(_mur_h1,13); \ + _mur_h1 = (_mur_h1*5U) + 0xe6546b64u; \ + } \ + _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4)); \ + _mur_k1=0; \ + switch((keylen) & 3U) { \ + case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \ + case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8; /* FALLTHROUGH */ \ + case 1: _mur_k1 ^= (uint32_t)_mur_tail[0]; \ + _mur_k1 *= _mur_c1; \ + _mur_k1 = MUR_ROTL32(_mur_k1,15); \ + _mur_k1 *= _mur_c2; \ + _mur_h1 ^= _mur_k1; \ + } \ + _mur_h1 ^= (uint32_t)(keylen); \ + MUR_FMIX(_mur_h1); \ + hashv = _mur_h1; \ +} while (0) +#endif /* HASH_USING_NO_STRICT_ALIASING */ + +/* iterate over items in a known bucket to find desired item */ +#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out) \ +do { \ + if ((head).hh_head != NULL) { \ + DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head)); \ + } else { \ + (out) = NULL; \ + } \ + while ((out) != NULL) { \ + if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) { \ + if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) { \ + break; \ + } \ + } \ + if ((out)->hh.hh_next != NULL) { \ + DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next)); \ + } else { \ + (out) = NULL; \ + } \ + } \ +} while (0) + +/* add an item to a bucket */ +#define HASH_ADD_TO_BKT(head,addhh) \ +do { \ + head.count++; \ + (addhh)->hh_next = head.hh_head; \ + (addhh)->hh_prev = NULL; \ + if (head.hh_head != NULL) { (head).hh_head->hh_prev = (addhh); } \ + (head).hh_head=addhh; \ + if ((head.count >= ((head.expand_mult+1U) * HASH_BKT_CAPACITY_THRESH)) \ + && ((addhh)->tbl->noexpand != 1U)) { \ + HASH_EXPAND_BUCKETS((addhh)->tbl); \ + } \ +} while (0) + +/* remove an item from a given bucket */ +#define HASH_DEL_IN_BKT(hh,head,hh_del) \ + (head).count--; \ + if ((head).hh_head == hh_del) { \ + (head).hh_head = hh_del->hh_next; \ + } \ + if (hh_del->hh_prev) { \ + hh_del->hh_prev->hh_next = hh_del->hh_next; \ + } \ + if (hh_del->hh_next) { \ + hh_del->hh_next->hh_prev = hh_del->hh_prev; \ + } + +/* Bucket expansion has the effect of doubling the number of buckets + * and redistributing the items into the new buckets. Ideally the + * items will distribute more or less evenly into the new buckets + * (the extent to which this is true is a measure of the quality of + * the hash function as it applies to the key domain). + * + * With the items distributed into more buckets, the chain length + * (item count) in each bucket is reduced. Thus by expanding buckets + * the hash keeps a bound on the chain length. This bounded chain + * length is the essence of how a hash provides constant time lookup. + * + * The calculation of tbl->ideal_chain_maxlen below deserves some + * explanation. First, keep in mind that we're calculating the ideal + * maximum chain length based on the *new* (doubled) bucket count. + * In fractions this is just n/b (n=number of items,b=new num buckets). + * Since the ideal chain length is an integer, we want to calculate + * ceil(n/b). We don't depend on floating point arithmetic in this + * hash, so to calculate ceil(n/b) with integers we could write + * + * ceil(n/b) = (n/b) + ((n%b)?1:0) + * + * and in fact a previous version of this hash did just that. + * But now we have improved things a bit by recognizing that b is + * always a power of two. We keep its base 2 log handy (call it lb), + * so now we can write this with a bit shift and logical AND: + * + * ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0) + * + */ +#define HASH_EXPAND_BUCKETS(tbl) \ +do { \ + unsigned _he_bkt; \ + unsigned _he_bkt_i; \ + struct UT_hash_handle *_he_thh, *_he_hh_nxt; \ + UT_hash_bucket *_he_new_buckets, *_he_newbkt; \ + _he_new_buckets = (UT_hash_bucket*)uthash_malloc( \ + 2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ + if (!_he_new_buckets) { uthash_fatal( "out of memory"); } \ + memset(_he_new_buckets, 0, \ + 2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ + tbl->ideal_chain_maxlen = \ + (tbl->num_items >> (tbl->log2_num_buckets+1U)) + \ + (((tbl->num_items & ((tbl->num_buckets*2U)-1U)) != 0U) ? 1U : 0U); \ + tbl->nonideal_items = 0; \ + for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++) \ + { \ + _he_thh = tbl->buckets[ _he_bkt_i ].hh_head; \ + while (_he_thh != NULL) { \ + _he_hh_nxt = _he_thh->hh_next; \ + HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2U, _he_bkt); \ + _he_newbkt = &(_he_new_buckets[ _he_bkt ]); \ + if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) { \ + tbl->nonideal_items++; \ + _he_newbkt->expand_mult = _he_newbkt->count / \ + tbl->ideal_chain_maxlen; \ + } \ + _he_thh->hh_prev = NULL; \ + _he_thh->hh_next = _he_newbkt->hh_head; \ + if (_he_newbkt->hh_head != NULL) { _he_newbkt->hh_head->hh_prev = \ + _he_thh; } \ + _he_newbkt->hh_head = _he_thh; \ + _he_thh = _he_hh_nxt; \ + } \ + } \ + uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \ + tbl->num_buckets *= 2U; \ + tbl->log2_num_buckets++; \ + tbl->buckets = _he_new_buckets; \ + tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ? \ + (tbl->ineff_expands+1U) : 0U; \ + if (tbl->ineff_expands > 1U) { \ + tbl->noexpand=1; \ + uthash_noexpand_fyi(tbl); \ + } \ + uthash_expand_fyi(tbl); \ +} while (0) + + +/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */ +/* Note that HASH_SORT assumes the hash handle name to be hh. + * HASH_SRT was added to allow the hash handle name to be passed in. */ +#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn) +#define HASH_SRT(hh,head,cmpfcn) \ +do { \ + unsigned _hs_i; \ + unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize; \ + struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail; \ + if (head != NULL) { \ + _hs_insize = 1; \ + _hs_looping = 1; \ + _hs_list = &((head)->hh); \ + while (_hs_looping != 0U) { \ + _hs_p = _hs_list; \ + _hs_list = NULL; \ + _hs_tail = NULL; \ + _hs_nmerges = 0; \ + while (_hs_p != NULL) { \ + _hs_nmerges++; \ + _hs_q = _hs_p; \ + _hs_psize = 0; \ + for ( _hs_i = 0; _hs_i < _hs_insize; _hs_i++ ) { \ + _hs_psize++; \ + _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ? \ + ((void*)((char*)(_hs_q->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + if (! (_hs_q) ) { break; } \ + } \ + _hs_qsize = _hs_insize; \ + while ((_hs_psize > 0U) || ((_hs_qsize > 0U) && (_hs_q != NULL))) {\ + if (_hs_psize == 0U) { \ + _hs_e = _hs_q; \ + _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ? \ + ((void*)((char*)(_hs_q->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + _hs_qsize--; \ + } else if ( (_hs_qsize == 0U) || (_hs_q == NULL) ) { \ + _hs_e = _hs_p; \ + if (_hs_p != NULL){ \ + _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ? \ + ((void*)((char*)(_hs_p->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + } \ + _hs_psize--; \ + } else if (( \ + cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \ + DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \ + ) <= 0) { \ + _hs_e = _hs_p; \ + if (_hs_p != NULL){ \ + _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ? \ + ((void*)((char*)(_hs_p->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + } \ + _hs_psize--; \ + } else { \ + _hs_e = _hs_q; \ + _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ? \ + ((void*)((char*)(_hs_q->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + _hs_qsize--; \ + } \ + if ( _hs_tail != NULL ) { \ + _hs_tail->next = ((_hs_e != NULL) ? \ + ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL); \ + } else { \ + _hs_list = _hs_e; \ + } \ + if (_hs_e != NULL) { \ + _hs_e->prev = ((_hs_tail != NULL) ? \ + ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL); \ + } \ + _hs_tail = _hs_e; \ + } \ + _hs_p = _hs_q; \ + } \ + if (_hs_tail != NULL){ \ + _hs_tail->next = NULL; \ + } \ + if ( _hs_nmerges <= 1U ) { \ + _hs_looping=0; \ + (head)->hh.tbl->tail = _hs_tail; \ + DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list)); \ + } \ + _hs_insize *= 2U; \ + } \ + HASH_FSCK(hh,head); \ + } \ +} while (0) + +/* This function selects items from one hash into another hash. + * The end result is that the selected items have dual presence + * in both hashes. There is no copy of the items made; rather + * they are added into the new hash through a secondary hash + * hash handle that must be present in the structure. */ +#define HASH_SELECT(hh_dst, dst, hh_src, src, cond) \ +do { \ + unsigned _src_bkt, _dst_bkt; \ + void *_last_elt=NULL, *_elt; \ + UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL; \ + ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst)); \ + if (src != NULL) { \ + for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) { \ + for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head; \ + _src_hh != NULL; \ + _src_hh = _src_hh->hh_next) { \ + _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh); \ + if (cond(_elt)) { \ + _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho); \ + _dst_hh->key = _src_hh->key; \ + _dst_hh->keylen = _src_hh->keylen; \ + _dst_hh->hashv = _src_hh->hashv; \ + _dst_hh->prev = _last_elt; \ + _dst_hh->next = NULL; \ + if (_last_elt_hh != NULL) { _last_elt_hh->next = _elt; } \ + if (dst == NULL) { \ + DECLTYPE_ASSIGN(dst,_elt); \ + HASH_MAKE_TABLE(hh_dst,dst); \ + } else { \ + _dst_hh->tbl = (dst)->hh_dst.tbl; \ + } \ + HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt); \ + HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh); \ + (dst)->hh_dst.tbl->num_items++; \ + _last_elt = _elt; \ + _last_elt_hh = _dst_hh; \ + } \ + } \ + } \ + } \ + HASH_FSCK(hh_dst,dst); \ +} while (0) + +#define HASH_CLEAR(hh,head) \ +do { \ + if (head != NULL) { \ + uthash_free((head)->hh.tbl->buckets, \ + (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket)); \ + HASH_BLOOM_FREE((head)->hh.tbl); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + (head)=NULL; \ + } \ +} while (0) + +#define HASH_OVERHEAD(hh,head) \ + ((head != NULL) ? ( \ + (size_t)(((head)->hh.tbl->num_items * sizeof(UT_hash_handle)) + \ + ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket)) + \ + sizeof(UT_hash_table) + \ + (HASH_BLOOM_BYTELEN))) : 0U) + +#ifdef NO_DECLTYPE +#define HASH_ITER(hh,head,el,tmp) \ +for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \ + (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL))) +#else +#define HASH_ITER(hh,head,el,tmp) \ +for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL)); \ + (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL))) +#endif + +/* obtain a count of items in the hash */ +#define HASH_COUNT(head) HASH_CNT(hh,head) +#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U) + +typedef struct UT_hash_bucket { + struct UT_hash_handle *hh_head; + unsigned count; + + /* expand_mult is normally set to 0. In this situation, the max chain length + * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If + * the bucket's chain exceeds this length, bucket expansion is triggered). + * However, setting expand_mult to a non-zero value delays bucket expansion + * (that would be triggered by additions to this particular bucket) + * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH. + * (The multiplier is simply expand_mult+1). The whole idea of this + * multiplier is to reduce bucket expansions, since they are expensive, in + * situations where we know that a particular bucket tends to be overused. + * It is better to let its chain length grow to a longer yet-still-bounded + * value, than to do an O(n) bucket expansion too often. + */ + unsigned expand_mult; + +} UT_hash_bucket; + +/* random signature used only to find hash tables in external analysis */ +#define HASH_SIGNATURE 0xa0111fe1u +#define HASH_BLOOM_SIGNATURE 0xb12220f2u + +typedef struct UT_hash_table { + UT_hash_bucket *buckets; + unsigned num_buckets, log2_num_buckets; + unsigned num_items; + struct UT_hash_handle *tail; /* tail hh in app order, for fast append */ + ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */ + + /* in an ideal situation (all buckets used equally), no bucket would have + * more than ceil(#items/#buckets) items. that's the ideal chain length. */ + unsigned ideal_chain_maxlen; + + /* nonideal_items is the number of items in the hash whose chain position + * exceeds the ideal chain maxlen. these items pay the penalty for an uneven + * hash distribution; reaching them in a chain traversal takes >ideal steps */ + unsigned nonideal_items; + + /* ineffective expands occur when a bucket doubling was performed, but + * afterward, more than half the items in the hash had nonideal chain + * positions. If this happens on two consecutive expansions we inhibit any + * further expansion, as it's not helping; this happens when the hash + * function isn't a good fit for the key domain. When expansion is inhibited + * the hash will still work, albeit no longer in constant time. */ + unsigned ineff_expands, noexpand; + + uint32_t signature; /* used only to find hash tables in external analysis */ +#ifdef HASH_BLOOM + uint32_t bloom_sig; /* used only to test bloom exists in external analysis */ + uint8_t *bloom_bv; + uint8_t bloom_nbits; +#endif + +} UT_hash_table; + +typedef struct UT_hash_handle { + struct UT_hash_table *tbl; + void *prev; /* prev element in app order */ + void *next; /* next element in app order */ + struct UT_hash_handle *hh_prev; /* previous hh in bucket order */ + struct UT_hash_handle *hh_next; /* next hh in bucket order */ + void *key; /* ptr to enclosing struct's key */ + unsigned keylen; /* enclosing struct's key len */ + unsigned hashv; /* result of hash-fcn(key) */ +} UT_hash_handle; + +#endif /* UTHASH_H */ -- cgit v1.2.3 From 6581579d37fedcf406d8e4e02315dc020ab26da3 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 20 Apr 2017 17:57:40 +0200 Subject: update flow thanks to commit a9c01ded174ed380a2d135cfb9b903f616b0e175 --- tests/result/1kxun.pcap.out | 66 ++--- tests/result/6in4tunnel.pcap.out | 6 +- tests/result/Instagram.pcap.out | 22 +- tests/result/KakaoTalk_chat.pcap.out | 62 ++--- tests/result/KakaoTalk_talk.pcap.out | 24 +- tests/result/NTPv2.pcap.out | 2 +- tests/result/NTPv3.pcap.out | 2 +- tests/result/NTPv4.pcap.out | 2 +- tests/result/Viber_session.pcap.out | 58 ++--- tests/result/amqp.pcap.out | 2 +- tests/result/bittorrent.pcap.out | 4 +- tests/result/bittorrent_utp.pcap.out | 2 +- tests/result/coap_mqtt.pcap.out | 12 +- tests/result/dnscrypt.pcap.out | 8 +- tests/result/dropbox.pcap.out | 4 +- tests/result/git.pcap.out | 2 +- tests/result/google_ssl.pcap.out | 2 +- tests/result/hangout.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 22 +- tests/result/mpeg.pcap.out | 2 +- tests/result/mpegts.pcap.out | 2 +- tests/result/mssql_tds.pcap.out | 24 +- tests/result/netflix.pcap.out | 32 +-- tests/result/pps.pcap.out | 18 +- tests/result/quic.pcap.out | 8 +- tests/result/quickplay.pcap.out | 42 ++-- tests/result/rx.pcap.out | 8 +- tests/result/skype.pcap.out | 392 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 364 +++++++++++++-------------- tests/result/smpp_in_general.pcap.out | 2 +- tests/result/starcraft_battle.pcap.out | 26 +- tests/result/teredo.pcap.out | 6 +- tests/result/tor.pcap.out | 18 +- tests/result/viber_mobile.pcap.out | 124 +++++----- tests/result/vnc.pcap.out | 4 +- tests/result/waze.pcap.out | 12 +- tests/result/webex.pcap.out | 4 +- tests/result/wechat.pcap.out | 40 +-- tests/result/weibo.pcap.out | 52 ++-- tests/result/whatsapp_login_call.pcap.out | 6 +- tests/result/whatsapp_login_chat.pcap.out | 4 +- 41 files changed, 747 insertions(+), 747 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 4eea2595d..f0e7365a9 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -15,38 +15,38 @@ LLMNR 89 6799 47 Lync 2 132 1 1kxun 967 535718 28 - 1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes] + 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][23 pkts/7434 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] - 3 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:53938 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 4 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:61548 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 5 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:58468 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] + 3 UDP [ff02::1:3]:53938 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] + 4 UDP [ff02::1:3]:61548 <-> [fe80::9bd:81dd:2fdc:5750]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] + 5 UDP [ff02::1:3]:58468 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][client: 1] 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][client: 1] 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][client: 1] - 10 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:64568 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 11 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:61172 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] + 10 UDP [ff02::1:3]:64568 <-> [fe80::9bd:81dd:2fdc:5750]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] + 11 UDP [ff02::1:3]:61172 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] - 13 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:50194 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] - 14 UDP 168.95.1.1:53 <-> 192.168.5.16:63372 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] + 13 UDP [ff02::1:3]:50194 <-> [fe80::4568:efbc:40b1:1346]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] + 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] 15 UDP 192.168.5.45:59461 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 16 UDP 192.168.5.45:59789 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] 18 UDP 192.168.5.48:49701 <-> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] - 19 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:57148 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] + 19 UDP [ff02::1:3]:57148 <-> [fe80::4568:efbc:40b1:1346]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 20 UDP 192.168.3.95:51451 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] 21 UDP 192.168.5.44:51389 <-> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes] - 22 UDP 192.168.119.1:67 <-> 192.168.5.16:68 [proto: 18/DHCP][4 pkts/1368 bytes][Host: macbook-air] + 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: macbook-air] 23 UDP 192.168.5.41:55593 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: kevin-pc] 24 UDP 192.168.101.33:55485 <-> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes] 25 UDP 192.168.3.236:56043 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] - 26 UDP 8.8.8.8:53 <-> 192.168.115.8:51024 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] + 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] 27 UDP 192.168.5.57:55809 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes] 28 UDP 192.168.5.50:57143 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] 29 UDP 192.168.5.37:57325 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] 30 UDP 192.168.3.95:58779 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] 31 UDP 192.168.5.44:59571 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] - 32 UDP 8.8.8.8:53 <-> 192.168.115.8:54420 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] + 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] 33 UDP 192.168.5.48:59797 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: kasper-mac] 34 UDP 192.168.5.47:60267 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes] 35 UDP 192.168.10.110:60480 <-> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes] @@ -54,34 +54,34 @@ Lync 2 132 1 37 UDP 192.168.3.236:62069 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] 38 UDP 192.168.125.30:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] 39 UDP 192.168.10.7:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] - 40 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:57143 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] + 40 UDP [ff02::1:3]:57143 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] 41 UDP 192.168.140.140:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes] - 42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] - 43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] + 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] + 43 UDP [ff02::1:3]:61603 <-> [fe80::edf5:240a:c8c0:8312]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080] 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] - 47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 47 UDP [ff02::1:3]:51451 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] 49 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] 50 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] 51 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] - 52 UDP [fe80::f65c:89ff:fe89:e607]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][1 pkts/98 bytes] - 53 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:58779 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 52 UDP [ff02::1:2]:546 <-> [fe80::f65c:89ff:fe89:e607]:547 [proto: 103/DHCPV6][1 pkts/98 bytes] + 53 UDP [ff02::1:3]:58779 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 54 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] 55 UDP 59.120.208.218:50151 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 56 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:49735 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] + 56 UDP [ff02::1:3]:49735 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] - 58 UDP 168.95.1.1:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] + 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][25 pkts/4950 bytes][Host: vv.video.qq.com] 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] - 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 <-> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] + 61 UDP [ff02::c]:1900 <-> [fe80::9bd:81dd:2fdc:5750]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][client: 1] 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] - 66 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:63659 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 67 UDP [fe80::406:55a8:6453:25dd]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][5 pkts/490 bytes] + 66 UDP [ff02::1:3]:63659 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] + 67 UDP [ff02::1:2]:546 <-> [fe80::406:55a8:6453:25dd]:547 [proto: 103/DHCPV6][5 pkts/490 bytes] 68 UDP 192.168.5.50:49766 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] 69 UDP 192.168.5.50:50030 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] 70 UDP 192.168.115.8:51458 <-> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes][Host: wpad] @@ -99,14 +99,14 @@ Lync 2 132 1 82 UDP 192.168.3.95:54888 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] 83 UDP 192.168.5.41:55312 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes] 84 UDP 192.168.5.9:55484 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] - 85 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:49766 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] + 85 UDP [ff02::1:3]:49766 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] 86 UDP 192.168.5.37:56366 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] - 87 UDP 8.8.8.8:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] + 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 88 UDP 192.168.101.33:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] 89 UDP 192.168.5.9:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] 90 UDP 192.168.5.44:58702 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] 91 UDP 192.168.5.44:59062 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: jason-pc] - 92 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:53962 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] + 92 UDP [ff02::1:3]:53962 <-> [fe80::edf5:240a:c8c0:8312]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 93 UDP 192.168.3.236:59730 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes][Host: sonusav] 94 UDP 192.168.3.95:59468 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] 95 UDP 192.168.5.49:61548 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] @@ -124,8 +124,8 @@ Lync 2 132 1 107 UDP 192.168.119.1:67 <-> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes] 108 UDP 192.168.5.9:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: joanna-pc] 109 UDP 192.168.5.41:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] - 110 UDP [fe80::beee:7bff:fe0c:b3de]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][4 pkts/392 bytes] - 111 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:62756 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] + 110 UDP [ff02::1:2]:546 <-> [fe80::beee:7bff:fe0c:b3de]:547 [proto: 103/DHCPV6][4 pkts/392 bytes] + 111 UDP [ff02::1:3]:62756 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] 112 UDP 59.120.208.212:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes] 113 UDP 192.168.5.64:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes] 114 TCP 192.168.5.16:53605 <-> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes] @@ -136,14 +136,14 @@ Lync 2 132 1 119 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] 120 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] 121 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] - 122 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:54888 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 122 UDP [ff02::1:3]:54888 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] Undetected flows: 1 UDP 192.168.0.100:50925 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes] - 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 <-> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] - 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 <-> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] + 2 UDP [ff02::1]:62976 <-> [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 [proto: 0/Unknown][2 pkts/782 bytes] + 3 UDP [ff02::1]:62976 <-> [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 [proto: 0/Unknown][2 pkts/782 bytes] 4 UDP 192.168.119.1:56861 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes] - 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 <-> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes] - 6 UDP [fe80::4e5e:cff:feea:365]:5678 <-> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes] + 5 UDP [ff02::1]:5678 <-> [fe80::4e5e:cff:fe9a:ec54]:5678 [proto: 0/Unknown][1 pkts/185 bytes] + 6 UDP [ff02::1]:5678 <-> [fe80::4e5e:cff:feea:365]:5678 [proto: 0/Unknown][1 pkts/197 bytes] 7 UDP 192.168.119.2:43786 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index bc6b7973b..60ff3e343 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,13 +4,13 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] + 1 TCP [2a03:2880:1010:6f03:face:b00c::2]:53234 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] + 3 TCP [2604:a880:1:20::224:b001]:60205 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][2 pkts/258 bytes] 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] - 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 <-> [2604:a880:1:20::224:b001]:41538 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] + 10 TCP [2604:a880:1:20::224:b001]:41538 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 0e2f4620c..edd889471 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -7,31 +7,31 @@ Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] - 2 UDP 8.8.8.8:53 <-> 192.168.0.103:26540 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] - 3 UDP 8.8.8.8:53 <-> 192.168.0.103:27124 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 31.13.93.52:443 <-> 192.168.0.103:33763 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] - 5 TCP 31.13.93.52:443 <-> 192.168.0.103:33935 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] + 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] + 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] + 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] - 8 TCP 77.67.29.17:80 <-> 192.168.0.103:33976 [proto: 7/HTTP][34 pkts/29039 bytes] + 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] + 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] - 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 31.13.93.52:443 <-> 192.168.0.103:33936 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] + 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] - 22 TCP 192.168.0.103:40855 <-> 46.33.70.150:80 [proto: 7/HTTP][2 pkts/140 bytes] - 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] + 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] + 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][client: igcdn-photos-h-a.akamaihd.net] 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 26 TCP 192.168.0.103:41562 <-> 92.122.48.138:80 [proto: 7/HTTP][25 pkts/23525 bytes] + 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][25 pkts/23525 bytes] 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][client: igcdn-photos-g-a.akamaihd.net] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index fa510f8ba..4fee1d276 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -8,41 +8,41 @@ HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 - 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] - 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] - 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] + 1 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] + 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] + 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] + 4 TCP 120.28.26.242:80 <-> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes] 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] - 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] - 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] + 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] + 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] - 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] - 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] - 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 10 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] + 11 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] + 12 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] + 13 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] + 14 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] + 15 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] + 16 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] + 17 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] + 18 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 19 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] - 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] - 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] + 21 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] + 22 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 23 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] + 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] + 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] + 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] + 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] - 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] - 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] - 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] - 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] + 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] + 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] + 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] + 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 37 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 96d39ede2..ec1315984 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -10,23 +10,23 @@ Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 WeChat 15 1727 1 - 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] + 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][5 pkts/280 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] - 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 3 TCP 173.194.117.229:443 <-> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes] 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] + 5 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] - 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] + 7 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] + 9 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] + 11 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] + 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][40 pkts/10538 bytes] 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] - 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] - 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] - 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] - 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] - 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] + 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][1488 pkts/198510 bytes] + 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] + 18 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][1503 pkts/200241 bytes] + 19 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/NTPv2.pcap.out b/tests/result/NTPv2.pcap.out index 960fbe062..8172344ec 100644 --- a/tests/result/NTPv2.pcap.out +++ b/tests/result/NTPv2.pcap.out @@ -1,3 +1,3 @@ NTP 1 410 1 - 1 UDP 78.46.76.2:80 <-> 208.104.95.10:123 [proto: 9/NTP][1 pkts/410 bytes] + 1 UDP 208.104.95.10:123 <-> 78.46.76.2:80 [proto: 9/NTP][1 pkts/410 bytes] diff --git a/tests/result/NTPv3.pcap.out b/tests/result/NTPv3.pcap.out index 91d817e5e..54953afda 100644 --- a/tests/result/NTPv3.pcap.out +++ b/tests/result/NTPv3.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 78.46.76.2:80 <-> 175.144.140.29:123 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 175.144.140.29:123 <-> 78.46.76.2:80 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/NTPv4.pcap.out b/tests/result/NTPv4.pcap.out index fba0fd419..3794393bf 100644 --- a/tests/result/NTPv4.pcap.out +++ b/tests/result/NTPv4.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 78.46.76.11:123 <-> 85.22.62.120:123 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 85.22.62.120:123 <-> 78.46.76.11:123 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 7cdc76e4f..81ef39da8 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -10,44 +10,44 @@ Google 50 4084 5 Viber 4163 392492 4 Amazon 1 66 1 - 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 126/Google][10 pkts/757 bytes] - 2 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][9 pkts/692 bytes] - 3 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][1 pkts/60 bytes] - 4 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][5 pkts/412 bytes] + 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] + 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][9 pkts/692 bytes] + 3 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][5 pkts/412 bytes] 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][23 pkts/3345 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 8 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] - 9 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 10 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][1 pkts/60 bytes] + 8 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] + 9 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] - 12 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][1 pkts/60 bytes] - 13 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] - 14 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][7 pkts/436 bytes] - 15 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][1 pkts/60 bytes] + 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] + 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 20 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 21 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] - 23 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][12 pkts/1161 bytes] - 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] - 25 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][1 pkts/60 bytes] + 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] + 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] + 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] - 27 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] - 28 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][4143 pkts/390781 bytes] - 29 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][1 pkts/60 bytes] - 30 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] - 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] + 27 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 28 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4143 pkts/390781 bytes] + 29 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 30 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] + 31 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] Undetected flows: - 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index 200394193..27b64d3d0 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -1,5 +1,5 @@ AMQP 160 23514 3 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][108 pkts/14423 bytes] - 2 TCP 127.0.0.1:44204 <-> 127.0.1.1:5672 [proto: 192/AMQP][22 pkts/5026 bytes] + 2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][22 pkts/5026 bytes] 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][30 pkts/4065 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 415673d20..a0993283b 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -1,7 +1,7 @@ BitTorrent 299 305728 24 1 TCP 192.168.1.3:52908 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 2 TCP 79.53.228.2:14627 <-> 192.168.1.3:52896 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 2 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 4 TCP 192.168.1.3:52925 <-> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][4 pkts/1401 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] @@ -17,7 +17,7 @@ BitTorrent 299 305728 24 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][7 pkts/1550 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 16 TCP 192.168.1.3:52893 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][4 pkts/612 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 18 TCP 79.53.228.2:14627 <-> 192.168.1.3:52909 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 18 TCP 192.168.1.3:52909 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][6 pkts/1261 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][210 pkts/285139 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][3 pkts/930 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/bittorrent_utp.pcap.out b/tests/result/bittorrent_utp.pcap.out index 2078b7210..2b64008b0 100644 --- a/tests/result/bittorrent_utp.pcap.out +++ b/tests/result/bittorrent_utp.pcap.out @@ -1,3 +1,3 @@ BitTorrent 86 41489 1 - 1 UDP 192.168.1.5:40959 <-> 82.243.113.43:64969 [proto: 37/BitTorrent][86 pkts/41489 bytes] + 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][86 pkts/41489 bytes] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 67e3d3077..6deb36358 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -2,19 +2,19 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 7695 668291 4 - 1 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61043 [proto: 27/COAP][1 pkts/86 bytes] - 2 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61045 [proto: 27/COAP][1 pkts/86 bytes] - 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61047 [proto: 27/COAP][1 pkts/90 bytes] + 1 UDP [2001:620:8:35d9::10]:61043 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 2 UDP [2001:620:8:35d9::10]:61045 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 3 UDP [2001:620:8:35d9::10]:61047 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/90 bytes] 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][1926 pkts/167126 bytes] 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/404 bytes] 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][6 pkts/467 bytes] - 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61044 [proto: 27/COAP][1 pkts/86 bytes] - 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61046 [proto: 27/COAP][1 pkts/86 bytes] + 9 UDP [2001:620:8:35d9::10]:61044 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 10 UDP [2001:620:8:35d9::10]:61046 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][1922 pkts/166928 bytes] 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][1928 pkts/167509 bytes] - 15 TCP 192.168.56.1:53524 <-> 192.168.56.101:17501 [proto: 222/MQTT][1919 pkts/166728 bytes] + 15 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][1919 pkts/166728 bytes] 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/309 bytes] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index db567cb70..618d7ef28 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -1,6 +1,6 @@ DNScrypt 111 44676 4 - 1 TCP 134.119.26.24:443 <-> 192.168.43.167:50258 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] - 2 TCP 134.119.26.24:443 <-> 192.168.43.167:50233 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] - 3 TCP 134.119.26.24:443 <-> 192.168.43.167:50253 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] - 4 TCP 134.119.26.24:443 <-> 192.168.43.167:50259 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] + 1 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 2 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 4 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 786dc24de..cb9edfe34 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -21,11 +21,11 @@ Dropbox 1104 246122 16 17 UDP 192.168.1.101:4974 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] 18 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/774 bytes][Host: client-cf.dropbox.com] 19 UDP 192.168.1.105:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 20 UDP 239.255.255.250:1900 <-> 192.168.1.254:50828 [proto: 12/SSDP][44 pkts/19936 bytes] + 20 UDP 192.168.1.254:50828 <-> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes] 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 23 UDP 192.168.1.106:57268 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] - 24 TCP 54.240.174.31:443 <-> 192.168.1.105:44949 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] + 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][20 pkts/3928 bytes][Host: log.getdropbox.com] 26 UDP 192.168.1.101:2169 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] 27 UDP 192.168.1.101:2141 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] diff --git a/tests/result/git.pcap.out b/tests/result/git.pcap.out index 665dad5a8..77e226d41 100644 --- a/tests/result/git.pcap.out +++ b/tests/result/git.pcap.out @@ -1,3 +1,3 @@ Git 90 74005 1 - 1 TCP 5.153.231.21:9418 <-> 192.168.0.77:47991 [proto: 226/Git][90 pkts/74005 bytes] + 1 TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][90 pkts/74005 bytes] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 2e69420db..515659d48 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -1,3 +1,3 @@ Google 28 9108 1 - 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] + 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 7dff4f8e5..1cd3ffc5a 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ GoogleHangout 19 2774 1 - 1 UDP 10.89.61.13:56406 <-> 74.125.134.127:19305 [proto: 201/GoogleHangout][19 pkts/2774 bytes] + 1 UDP 74.125.134.127:19305 <-> 10.89.61.13:56406 [proto: 201/GoogleHangout][19 pkts/2774 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 6928e61e4..e3685438d 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,17 +5,17 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] - 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:804::200e]:40526 [proto: 91/SSL][2 pkts/172 bytes] - 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:41776 [proto: 91/SSL][14 pkts/2213 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53134 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] - 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:803::2008]:58660 [proto: 91/SSL][2 pkts/172 bytes] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1012]:59690 [proto: 91/SSL][2 pkts/172 bytes] + 2 TCP [2a03:b0c0:3:d0::70:1001]:37486 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] + 3 TCP [2a03:b0c0:3:d0::70:1001]:37488 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] + 4 TCP [2a03:b0c0:3:d0::70:1001]:37494 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] + 5 TCP [2a03:b0c0:3:d0::70:1001]:37506 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] + 6 TCP [2a00:1450:4006:804::200e]:40526 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] + 7 TCP [2a00:1450:4001:803::1017]:41776 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][14 pkts/2213 bytes] + 8 TCP [2a02:26f0:ad:197::236]:53132 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] + 9 TCP [2a02:26f0:ad:197::236]:53134 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] + 10 TCP [2a00:1450:4006:803::2008]:58660 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] + 11 TCP [2a00:1450:4001:803::1012]:59690 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][2 pkts/172 bytes] - 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:45931 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] + 14 UDP [2a00:1450:4001:803::1017]:45931 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][3 pkts/502 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 30cba198f..57c8325b0 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 46.101.157.119:80 <-> 192.168.80.160:55804 [proto: 7.229/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.229/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] diff --git a/tests/result/mpegts.pcap.out b/tests/result/mpegts.pcap.out index 7dd94beef..bfa70fd3e 100644 --- a/tests/result/mpegts.pcap.out +++ b/tests/result/mpegts.pcap.out @@ -1,3 +1,3 @@ MPEG_TS 1 1362 1 - 1 UDP 230.200.201.23:1234 <-> 10.1.16.48:40737 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] + 1 UDP 10.1.16.48:40737 <-> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index 28c1075ae..ea994e979 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,14 +1,14 @@ MsSQL-TDS 38 16260 12 - 1 TCP 10.0.0.1:1433 <-> 10.111.111.111:2222 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] - 2 TCP 10.0.0.1:1433 <-> 10.111.111.111:4444 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] - 3 TCP 10.0.0.1:1433 <-> 10.111.111.111:6666 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] - 4 TCP 10.0.0.1:1433 <-> 10.111.111.111:8888 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] - 5 TCP 10.0.0.1:1433 <-> 10.111.111.111:22222 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] - 6 TCP 10.0.0.1:1433 <-> 10.111.111.111:1111 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] - 7 TCP 10.0.0.1:1433 <-> 10.111.111.111:3333 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] - 8 TCP 10.0.0.1:1433 <-> 10.111.111.111:5555 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] - 9 TCP 10.0.0.1:1433 <-> 10.111.111.111:7777 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] - 10 TCP 10.0.0.1:1433 <-> 10.111.111.111:9999 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] - 11 TCP 10.0.0.1:1433 <-> 10.111.111.111:11111 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] - 12 TCP 10.0.0.1:1433 <-> 10.111.111.111:33333 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] + 1 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] + 2 TCP 10.111.111.111:4444 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] + 3 TCP 10.111.111.111:6666 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] + 4 TCP 10.111.111.111:8888 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] + 5 TCP 10.111.111.111:22222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] + 6 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] + 7 TCP 10.111.111.111:3333 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] + 8 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] + 9 TCP 10.111.111.111:7777 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] + 10 TCP 10.111.111.111:9999 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] + 11 TCP 10.111.111.111:11111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] + 12 TCP 10.111.111.111:33333 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index ec6e125c6..df8ae9cd8 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -7,12 +7,12 @@ Amazon 2 126 1 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][126 pkts/128603 bytes][Host: art-2.nflximg.net] 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][637 pkts/745904 bytes][Host: tp.akam.nflximg.com] 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/34971 bytes][Host: art-1.nflximg.net] - 4 UDP 192.168.1.1:53 <-> 192.168.1.7:51543 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] - 5 UDP 192.168.1.1:53 <-> 192.168.1.7:51949 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] - 6 UDP 192.168.1.1:53 <-> 192.168.1.7:52095 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] - 7 UDP 192.168.1.1:53 <-> 192.168.1.7:52347 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] - 8 UDP 192.168.1.1:53 <-> 192.168.1.7:57093 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] - 9 UDP 192.168.1.1:53 <-> 192.168.1.7:57719 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] + 4 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 5 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 6 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 7 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] + 8 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] + 9 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][53 pkts/45005 bytes] 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][55 pkts/47007 bytes] 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][49 pkts/32105 bytes] @@ -25,24 +25,24 @@ Amazon 2 126 1 19 IGMP 192.168.1.7:0 <-> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][27 pkts/16505 bytes][Host: api-global.netflix.com] 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][148 pkts/73954 bytes][client: api-global.netflix.com] - 22 TCP 52.41.30.5:443 <-> 192.168.1.7:53239 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] + 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] 23 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] 24 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][31 pkts/10934 bytes][client: ios.nccp.netflix.com] 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][22 pkts/10239 bytes][client: ios.nccp.netflix.com] - 27 TCP 52.41.30.5:443 <-> 192.168.1.7:53249 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] + 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][37 pkts/9285 bytes][client: ichnaea.netflix.com] 29 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] 30 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][63 pkts/47005 bytes][Host: art-2.nflximg.net] 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][21 pkts/13259 bytes][Host: art-2.nflximg.net] 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/42239 bytes][Host: art-1.nflximg.net] - 34 UDP 192.168.1.1:53 <-> 192.168.1.7:51622 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] - 35 UDP 192.168.1.1:53 <-> 192.168.1.7:51728 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] - 36 UDP 192.168.1.1:53 <-> 192.168.1.7:52116 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] - 37 UDP 192.168.1.1:53 <-> 192.168.1.7:58102 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] - 38 UDP 192.168.1.1:53 <-> 192.168.1.7:59180 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] - 39 UDP 192.168.1.1:53 <-> 192.168.1.7:60962 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] + 34 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 35 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] + 36 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] + 37 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] + 38 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] + 39 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] 40 UDP 192.168.1.7:53776 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][58 pkts/47176 bytes] 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][50 pkts/25032 bytes] @@ -53,13 +53,13 @@ Amazon 2 126 1 47 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] 48 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] 49 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] - 50 TCP 52.24.87.6:443 <-> 192.168.1.7:52929 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] + 50 TCP 192.168.1.7:52929 <-> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][28 pkts/6662 bytes][client: api-global.netflix.com] 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][20 pkts/3017 bytes][client: api-global.netflix.com] 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][40 pkts/13487 bytes][client: api-global.netflix.com] 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][25 pkts/8201 bytes][client: api-global.netflix.com] 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][41 pkts/33170 bytes][Host: appboot.netflix.com] - 56 TCP 52.41.30.5:443 <-> 192.168.1.7:53250 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] + 56 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][25 pkts/8228 bytes][client: ios.nccp.netflix.com] 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][34 pkts/12728 bytes][client: ichnaea.netflix.com] 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][31 pkts/14720 bytes][client: ios.nccp.netflix.com] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index a55361d5a..8a5eb8fd6 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,7 +5,7 @@ Google 2 1093 1 UPnP 1 130 1 iQIYI 1490 1845116 56 - 1 TCP 192.168.115.8:50443 <-> 117.79.81.135:80 [proto: 7/HTTP][1 pkts/347 bytes] + 1 TCP 117.79.81.135:80 <-> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes] 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] @@ -17,7 +17,7 @@ iQIYI 1490 1845116 56 10 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] 11 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] 12 TCP 192.168.115.8:50504 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50506 <-> 202.108.14.219:80 [proto: 7/HTTP][1 pkts/199 bytes] + 13 TCP 202.108.14.219:80 <-> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes] 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][2 pkts/1093 bytes][Host: clients1.google.com] 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] 16 UDP 192.168.5.63:39383 <-> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] @@ -46,7 +46,7 @@ iQIYI 1490 1845116 56 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] - 42 TCP 192.168.115.8:50295 <-> 202.108.14.219:80 [proto: 7/HTTP][2 pkts/398 bytes] + 42 TCP 202.108.14.219:80 <-> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes] 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][4 pkts/2296 bytes][Host: msg.71.am] @@ -72,18 +72,18 @@ iQIYI 1490 1845116 56 65 UDP 192.168.5.57:59648 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] 66 UDP 192.168.5.63:60976 <-> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] 67 UDP 192.168.5.48:63930 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] - 68 TCP 192.168.115.8:49174 <-> 77.234.41.35:80 [proto: 7/HTTP][5 pkts/3309 bytes] + 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][5 pkts/3309 bytes] 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/895 bytes][Host: api.cupid.iqiyi.com] - 72 TCP 111.206.13.3:80 <-> 192.168.115.8:50492 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] + 72 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/588 bytes][Host: msg.iqiyi.com] Undetected flows: 1 UDP 192.168.115.8:22793 <-> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes] 2 UDP 192.168.115.8:22793 <-> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes] - 3 UDP 192.168.115.8:22793 <-> 183.228.182.44:13913 [proto: 0/Unknown][3 pkts/257 bytes] + 3 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][3 pkts/257 bytes] 4 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][40 pkts/12412 bytes] 5 UDP 192.168.115.8:22793 <-> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes] 6 UDP 192.168.115.8:22793 <-> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes] @@ -104,13 +104,13 @@ Undetected flows: 21 UDP 192.168.115.8:22793 <-> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes] 22 UDP 192.168.115.8:22793 <-> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes] 23 UDP 192.168.115.8:22793 <-> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes] - 24 UDP 210.44.171.1:29702 <-> 192.168.115.8:22793 [proto: 0/Unknown][2 pkts/132 bytes] - 25 UDP 192.168.115.8:22793 <-> 1.173.5.226:22636 [proto: 0/Unknown][400 pkts/165246 bytes] + 24 UDP 192.168.115.8:22793 <-> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes] + 25 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][400 pkts/165246 bytes] 26 UDP 192.168.115.8:22793 <-> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes] 27 UDP 192.168.115.8:22793 <-> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes] 28 UDP 192.168.115.8:22793 <-> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes] 29 UDP 192.168.115.8:22793 <-> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes] - 30 UDP 192.168.115.8:22793 <-> 118.171.15.56:5544 [proto: 0/Unknown][101 pkts/38819 bytes] + 30 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][101 pkts/38819 bytes] 31 UDP 192.168.115.8:22793 <-> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes] 32 UDP 192.168.115.8:22793 <-> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes] 33 UDP 192.168.115.8:22793 <-> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index b79529833..c1eed4b8e 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -6,9 +6,9 @@ QUIC 3 364 1 1 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][3 pkts/2863 bytes][Host: i.ytimg.com] 2 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][2 pkts/2784 bytes][Host: yt3.ggpht.com] - 3 UDP 216.58.212.101:443 <-> 192.168.1.109:57833 [proto: 188.122/QUIC.GMail][413 pkts/254874 bytes][Host: mail.google.com] - 4 UDP 172.217.16.3:443 <-> 192.168.1.105:40461 [proto: 188/QUIC][3 pkts/364 bytes] - 5 UDP 172.217.16.4:443 <-> 192.168.1.105:45669 [proto: 188.126/QUIC.Google][5 pkts/4334 bytes][Host: www.google.com] + 3 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][413 pkts/254874 bytes][Host: mail.google.com] + 4 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][3 pkts/364 bytes] + 5 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][5 pkts/4334 bytes][Host: www.google.com] 6 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][7 pkts/6545 bytes][Host: www.youtube.com] 7 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][69 pkts/58433 bytes][Host: www.youtube.com] 8 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][6 pkts/5729 bytes][Host: fonts.gstatic.com] @@ -16,4 +16,4 @@ QUIC 3 364 1 Undetected flows: - 1 UDP 10.0.0.3:6121 <-> 10.0.0.4:40134 [proto: 0/Unknown][6 pkts/7072 bytes] + 1 UDP 10.0.0.4:40134 <-> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 8c6781221..d54b359fc 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -4,24 +4,24 @@ Amazon 2 1469 1 QuickPlay 133 96179 11 WeChat 12 4781 5 - 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] - 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] - 3 TCP 120.28.35.40:80 <-> 10.54.169.250:52007 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] - 4 TCP 120.28.35.40:80 <-> 10.54.169.250:52009 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] - 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] - 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] - 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] - 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] - 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] - 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] - 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] - 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] - 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] - 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] + 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] + 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] + 3 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] + 4 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] + 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] + 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] + 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] + 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] + 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] + 13 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] + 14 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] + 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] + 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] + 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] + 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index 1339732cb..42f9ebf1a 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -1,7 +1,7 @@ RX 132 26475 5 - 1 UDP 192.167.206.124:7002 <-> 131.114.219.168:38331 [proto: 223/RX][3 pkts/519 bytes] - 2 UDP 192.167.206.124:7002 <-> 131.114.219.168:41559 [proto: 223/RX][3 pkts/519 bytes] - 3 UDP 192.167.206.124:7003 <-> 131.114.219.168:7001 [proto: 223/RX][27 pkts/9919 bytes] + 1 UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][3 pkts/519 bytes] + 2 UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][3 pkts/519 bytes] + 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][27 pkts/9919 bytes] 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][79 pkts/12376 bytes] - 5 UDP 192.167.206.124:7000 <-> 131.114.219.168:7001 [proto: 223/RX][20 pkts/3142 bytes] + 5 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][20 pkts/3142 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index e781f27df..fd4ad387f 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,29 +1,29 @@ -Unknown 381 48593 15 +Unknown 404 52712 16 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1933 296729 245 +Skype 1918 293218 245 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1402 bytes] - 2 UDP 111.221.74.15:40024 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 2 UDP 192.168.1.34:13021 <-> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes] 3 UDP 192.168.1.34:13021 <-> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes] 4 UDP 192.168.1.34:13021 <-> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes] 5 UDP 192.168.1.34:13021 <-> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes] - 6 UDP 111.221.74.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 7 UDP 111.221.74.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 8 UDP 111.221.74.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 9 UDP 111.221.74.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] + 6 UDP 192.168.1.34:13021 <-> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes] + 7 UDP 192.168.1.34:13021 <-> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 8 UDP 192.168.1.34:13021 <-> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes] + 9 UDP 192.168.1.34:13021 <-> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes] 10 UDP 192.168.1.34:13021 <-> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes] - 11 UDP 111.221.74.29:40024 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 11 UDP 192.168.1.34:13021 <-> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes] 12 UDP 192.168.1.34:13021 <-> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes] 13 UDP 192.168.1.34:13021 <-> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes] 14 UDP 192.168.1.34:13021 <-> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes] @@ -33,13 +33,13 @@ MS_OneDrive 387 198090 1 18 UDP 192.168.1.34:13021 <-> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes] 19 UDP 192.168.1.34:13021 <-> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes] 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 21 TCP 91.190.216.23:12350 <-> 192.168.1.34:50126 [proto: 125/Skype][20 pkts/5160 bytes] + 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][20 pkts/5160 bytes] 22 UDP 192.168.1.34:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] 23 UDP 192.168.1.92:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1152 bytes] 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][19 pkts/1510 bytes] - 26 UDP 157.56.52.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 27 TCP 76.167.161.6:20274 <-> 192.168.1.34:50135 [proto: 125/Skype][14 pkts/1108 bytes] + 26 UDP 192.168.1.34:13021 <-> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes] + 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][14 pkts/1108 bytes] 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][15 pkts/1262 bytes] 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][15 pkts/1345 bytes] 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][15 pkts/1265 bytes] @@ -48,12 +48,12 @@ MS_OneDrive 387 198090 1 33 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1534 bytes] 34 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][15 pkts/1306 bytes] 35 UDP 192.168.1.34:13021 <-> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes] - 36 UDP 157.56.52.28:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] - 37 UDP 157.56.52.15:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 38 UDP 157.56.52.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 39 UDP 157.56.52.17:40013 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 40 UDP 157.56.52.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] - 41 UDP 157.56.52.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 36 UDP 192.168.1.34:13021 <-> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes] + 37 UDP 192.168.1.34:13021 <-> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes] + 38 UDP 192.168.1.34:13021 <-> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 39 UDP 192.168.1.34:13021 <-> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes] + 40 UDP 192.168.1.34:13021 <-> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes] + 41 UDP 192.168.1.34:13021 <-> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes] 42 UDP 192.168.1.34:13021 <-> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes] 43 UDP 192.168.1.34:13021 <-> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes] 44 UDP 192.168.1.34:13021 <-> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes] @@ -76,30 +76,30 @@ MS_OneDrive 387 198090 1 61 UDP 192.168.1.34:13021 <-> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes] 62 UDP 192.168.1.34:13021 <-> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes] 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][14 pkts/1132 bytes] - 64 UDP 192.168.1.1:53 <-> 192.168.1.34:49163 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] + 64 UDP 192.168.1.34:49163 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 65 UDP 192.168.1.34:49793 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 66 UDP 192.168.1.34:49903 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] - 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.1:53 <-> 192.168.1.34:55893 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.1:53 <-> 192.168.1.34:56387 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 69 UDP 192.168.1.34:54343 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 70 UDP 192.168.1.34:55159 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 71 UDP 192.168.1.34:55711 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 72 UDP 192.168.1.34:55893 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] + 73 UDP 192.168.1.34:56387 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 74 UDP 192.168.1.34:13021 <-> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes] 75 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes] 76 UDP 192.168.1.34:13021 <-> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes] 77 UDP 192.168.1.34:13021 <-> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes] 78 UDP 192.168.1.34:13021 <-> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes] 79 UDP 192.168.1.34:13021 <-> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] - 80 UDP 192.168.1.1:53 <-> 192.168.1.34:58681 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] - 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 84 UDP 192.168.1.34:63421 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] + 86 UDP 192.168.1.34:65045 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 87 UDP 192.168.1.34:65037 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] 89 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] 90 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] @@ -121,7 +121,7 @@ MS_OneDrive 387 198090 1 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 109 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/69 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] @@ -133,179 +133,179 @@ MS_OneDrive 387 198090 1 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 121 UDP 65.55.223.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 65.55.223.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 123 UDP 65.55.223.21:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 126 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] + 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 158 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 174 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 210 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 211 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 212 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 226 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 230 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 240 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 248 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 250 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 251 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 252 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 253 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 263 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 264 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 265 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 266 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 267 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 273 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 197 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 201 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 207 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 212 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 213 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 214 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 221 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 222 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 223 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 226 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 229 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 239 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 252 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 259 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 277 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][31 pkts/4688 bytes] 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][43 pkts/5754 bytes] - 3 TCP 149.13.32.15:13392 <-> 192.168.1.34:50133 [proto: 0/Unknown][16 pkts/2600 bytes] - 4 UDP 192.168.1.1:5351 <-> 192.168.1.34:49511 [proto: 0/Unknown][4 pkts/216 bytes] - 5 UDP 192.168.1.1:5351 <-> 192.168.1.34:54067 [proto: 0/Unknown][4 pkts/216 bytes] + 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][16 pkts/2600 bytes] + 4 UDP 192.168.1.34:49511 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 14 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index e7cbd2a82..2d9048852 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 216 66695 13 +Unknown 236 70600 14 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,17 +7,17 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1261 185232 222 +Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 1 UDP 192.168.1.34:13021 <-> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes] 2 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1490 bytes] - 3 UDP 111.221.74.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] + 3 UDP 192.168.1.34:13021 <-> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes] 4 UDP 192.168.1.34:13021 <-> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes] 5 UDP 192.168.1.34:13021 <-> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes] - 6 UDP 111.221.74.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/72 bytes] - 7 UDP 111.221.74.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] + 6 UDP 192.168.1.34:13021 <-> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes] + 7 UDP 192.168.1.34:13021 <-> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes] 8 UDP 192.168.1.34:13021 <-> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes] 9 UDP 192.168.1.34:13021 <-> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes] 10 UDP 192.168.1.34:13021 <-> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes] @@ -29,7 +29,7 @@ MS_OneDrive 348 181687 1 16 UDP 192.168.1.92:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] 17 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/479 bytes] 18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/1369 bytes] - 19 UDP 157.56.52.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 19 UDP 192.168.1.34:13021 <-> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes] 20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][14 pkts/1134 bytes] 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][17 pkts/1712 bytes] 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1428 bytes] @@ -37,12 +37,12 @@ MS_OneDrive 348 181687 1 24 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][15 pkts/1520 bytes] 25 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][15 pkts/1415 bytes] 26 UDP 192.168.1.34:13021 <-> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes] - 27 UDP 157.56.52.27:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/72 bytes] - 28 UDP 157.56.52.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 29 UDP 157.56.52.15:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 30 UDP 157.56.52.13:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 31 UDP 157.56.52.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 32 UDP 157.56.52.17:40013 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 27 UDP 192.168.1.34:13021 <-> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes] + 28 UDP 192.168.1.34:13021 <-> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes] + 29 UDP 192.168.1.34:13021 <-> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes] + 30 UDP 192.168.1.34:13021 <-> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes] + 31 UDP 192.168.1.34:13021 <-> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 32 UDP 192.168.1.34:13021 <-> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes] 33 UDP 192.168.1.34:13021 <-> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes] 34 UDP 192.168.1.34:13021 <-> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes] 35 UDP 192.168.1.34:13021 <-> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes] @@ -66,27 +66,27 @@ MS_OneDrive 348 181687 1 53 UDP 192.168.1.34:13021 <-> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes] 54 UDP 192.168.1.34:13021 <-> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes] 55 UDP 192.168.1.34:13021 <-> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes] - 56 UDP 133.236.67.25:49195 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes] - 57 UDP 192.168.1.1:53 <-> 192.168.1.34:50055 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 58 TCP 149.13.32.15:13392 <-> 192.168.1.34:51305 [proto: 125/Skype][18 pkts/1426 bytes] - 59 TCP 149.13.32.15:13392 <-> 192.168.1.34:51309 [proto: 125/Skype][15 pkts/1197 bytes] - 60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 56 UDP 192.168.1.34:13021 <-> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes] + 57 UDP 192.168.1.34:50055 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 58 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1426 bytes] + 59 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][15 pkts/1197 bytes] + 60 UDP 192.168.1.34:51753 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][16 pkts/1637 bytes] 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes] - 63 UDP 111.221.74.14:443 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes] + 63 UDP 192.168.1.34:13021 <-> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes] 64 UDP 192.168.1.34:13021 <-> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes] 65 UDP 192.168.1.34:13021 <-> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes] 66 UDP 192.168.1.34:13021 <-> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes] 67 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes] 68 UDP 192.168.1.34:13021 <-> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes] 69 UDP 192.168.1.34:13021 <-> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes] - 70 UDP 192.168.1.1:53 <-> 192.168.1.34:58631 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 71 UDP 192.168.1.1:53 <-> 192.168.1.34:59113 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 70 UDP 192.168.1.34:58631 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 71 UDP 192.168.1.34:59113 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 72 UDP 192.168.1.34:60413 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 73 UDP 192.168.1.34:61095 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 74 UDP 192.168.1.34:62875 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 75 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 76 UDP 192.168.1.34:64971 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes] 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes] @@ -94,11 +94,11 @@ MS_OneDrive 348 181687 1 81 UDP 192.168.1.34:58061 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 82 IGMP 233.89.188.1:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] 83 UDP 192.168.1.34:59237 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 TCP 192.168.1.34:50407 <-> 17.143.160.149:5223 [proto: 140/Apple][8 pkts/1118 bytes] + 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][8 pkts/1118 bytes] 85 UDP 192.168.1.34:13021 <-> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes] - 86 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 86 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes] 87 UDP 192.168.1.34:13021 <-> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes] - 88 TCP 157.56.52.28:40009 <-> 192.168.1.34:51229 [proto: 125/Skype][16 pkts/1292 bytes] + 88 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][16 pkts/1292 bytes] 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][18 pkts/1454 bytes] 90 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes] 91 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes] @@ -113,171 +113,171 @@ MS_OneDrive 348 181687 1 100 UDP 192.168.1.34:13021 <-> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes] 101 UDP 192.168.1.34:13021 <-> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes] 102 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes] - 103 UDP 65.55.223.17:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 104 UDP 65.55.223.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 105 UDP 65.55.223.22:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 106 UDP 65.55.223.20:40023 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 107 UDP 65.55.223.18:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 108 UDP 65.55.223.27:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 109 UDP 65.55.223.24:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 103 UDP 192.168.1.34:13021 <-> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes] + 104 UDP 192.168.1.34:13021 <-> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes] + 105 UDP 192.168.1.34:13021 <-> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes] + 106 UDP 192.168.1.34:13021 <-> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes] + 107 UDP 192.168.1.34:13021 <-> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes] + 108 UDP 192.168.1.34:13021 <-> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes] 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][6 pkts/377 bytes] 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][10 pkts/599 bytes] 112 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 114 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes] + 113 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes] + 114 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes] 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 120 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 121 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 123 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 124 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 136 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes] - 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 141 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 143 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] - 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 149 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 150 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 151 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 152 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 157 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 158 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 178 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 179 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] - 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 183 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 186 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 189 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 218 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] - 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 228 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] - 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 242 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 243 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 244 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 245 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 246 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 250 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 252 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] - 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] + 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] + 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] + 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] + 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: 1 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][33 pkts/5097 bytes] - 2 TCP 149.13.32.15:13392 <-> 192.168.1.34:51307 [proto: 0/Unknown][26 pkts/17499 bytes] - 3 TCP 149.13.32.15:13392 <-> 192.168.1.34:51317 [proto: 0/Unknown][20 pkts/6208 bytes] + 2 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 0/Unknown][26 pkts/17499 bytes] + 3 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][20 pkts/6208 bytes] 4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][18 pkts/1482 bytes] 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes] - 11 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes] - 12 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes] - 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] + 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] + 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out index 1ec966e82..e7c0293d6 100644 --- a/tests/result/smpp_in_general.pcap.out +++ b/tests/result/smpp_in_general.pcap.out @@ -1,3 +1,3 @@ SMPP 17 1144 1 - 1 TCP 10.226.202.53:9000 <-> 10.226.202.118:1770 [proto: 207/SMPP][17 pkts/1144 bytes] + 1 TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][17 pkts/1144 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 97c178b41..f2d26ea0a 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -10,13 +10,13 @@ QUIC 6 475 1 Github 3 234 1 Starcraft 236 51494 6 - 1 TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] - 2 TCP 80.239.186.26:80 <-> 192.168.1.100:3518 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] - 3 TCP 80.239.186.21:80 <-> 192.168.1.100:3522 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net] - 4 TCP 80.239.186.26:80 <-> 192.168.1.100:3524 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] - 5 TCP 80.239.186.40:80 <-> 192.168.1.100:3526 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] + 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] + 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] + 3 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net] + 4 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] + 5 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][13 pkts/902 bytes] - 7 UDP 239.255.255.250:1900 <-> 192.168.1.254:38605 [proto: 12/SSDP][11 pkts/4984 bytes] + 7 UDP 192.168.1.254:38605 <-> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes] 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/336 bytes][Host: nydus.battle.net] 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa] 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa] @@ -32,11 +32,11 @@ Starcraft 236 51494 6 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 23 TCP 80.239.186.26:80 <-> 192.168.1.100:3515 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] - 24 TCP 80.239.186.21:80 <-> 192.168.1.100:3519 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] - 25 TCP 80.239.186.26:80 <-> 192.168.1.100:3521 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] - 26 TCP 80.239.186.26:80 <-> 192.168.1.100:3523 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net] - 27 TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] + 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] + 24 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] + 25 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] + 26 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net] + 27 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] @@ -60,5 +60,5 @@ Starcraft 236 51494 6 48 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 49 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 50 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 51 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] - 52 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 213/Starcraft][2 pkts/104 bytes] + 51 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] + 52 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][2 pkts/104 bytes] diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index 6c65bc313..d73d8c080 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -1,7 +1,7 @@ Teredo 24 2574 5 - 1 UDP 194.136.28.76:3544 <-> 10.112.16.106:52513 [proto: 214/Teredo][4 pkts/508 bytes] - 2 UDP 194.136.28.76:3544 <-> 10.112.16.89:60381 [proto: 214/Teredo][2 pkts/254 bytes] + 1 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][4 pkts/508 bytes] + 2 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][14 pkts/1304 bytes] 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] - 5 UDP 194.136.28.76:3544 <-> 10.112.16.92:63448 [proto: 214/Teredo][2 pkts/254 bytes] + 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 134965393..f733c4f84 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -5,13 +5,13 @@ Dropbox 10 1860 1 Tor 3676 3014362 7 1 UDP 192.168.1.1:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] - 2 UDP [fe80::c583:1972:5728:7323]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][6 pkts/906 bytes] - 3 TCP 212.83.155.250:443 <-> 192.168.1.252:51174 [proto: 163/Tor][32 pkts/10431 bytes] - 4 TCP 46.59.52.31:443 <-> 192.168.1.252:51111 [proto: 163/Tor][34 pkts/11142 bytes] - 5 TCP 91.143.93.242:443 <-> 192.168.1.252:51175 [proto: 163/Tor][38 pkts/12520 bytes] - 6 TCP 157.56.30.46:443 <-> 192.168.1.252:51104 [proto: 91/SSL][1 pkts/60 bytes] + 2 UDP [ff02::1:2]:546 <-> [fe80::c583:1972:5728:7323]:547 [proto: 103/DHCPV6][6 pkts/906 bytes] + 3 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][32 pkts/10431 bytes] + 4 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][34 pkts/11142 bytes] + 5 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][38 pkts/12520 bytes] + 6 TCP 192.168.1.252:51104 <-> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes] 7 UDP 192.168.1.252:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] - 8 TCP 38.229.70.53:443 <-> 192.168.1.252:51112 [proto: 163/Tor][1576 pkts/1388792 bytes] - 9 TCP 38.229.70.53:443 <-> 192.168.1.252:51176 [proto: 163/Tor][1826 pkts/1513278 bytes] - 10 TCP 62.210.137.230:443 <-> 192.168.1.252:51185 [proto: 163/Tor][29 pkts/9661 bytes] - 11 TCP 91.143.93.242:443 <-> 192.168.1.252:51110 [proto: 163/Tor][141 pkts/68538 bytes] + 8 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][1576 pkts/1388792 bytes] + 9 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][1826 pkts/1513278 bytes] + 10 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][29 pkts/9661 bytes] + 11 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][141 pkts/68538 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 51b426378..c311e74b3 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -13,85 +13,85 @@ WhatsApp 31 6224 2 Viber 10081 1413446 4 Amazon 8 528 1 - 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] - 2 UDP 122.146.250.88:9415 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][16 pkts/5838 bytes] + 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] + 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] + 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 5 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][5 pkts/300 bytes] - 6 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][7 pkts/532 bytes] - 7 UDP 8.8.8.8:53 <-> 192.168.200.222:15836 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 8 UDP 84.202.23.122:22737 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 9 UDP 178.57.5.53:64731 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/498 bytes] - 10 UDP 60.71.113.134:37764 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 11 UDP 23.113.222.89:49548 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/503 bytes] - 12 UDP 1.163.234.205:58738 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/471 bytes] + 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 14 UDP 90.19.187.56:40500 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 15 UDP 80.47.129.1:44420 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 16 UDP 70.112.231.62:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 18 UDP 94.6.33.9:46735 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] + 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 20 UDP 88.176.55.218:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 23 UDP 8.8.8.8:53 <-> 192.168.200.222:47874 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 24 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 25 UDP 92.249.148.218:53810 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 26 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][5 pkts/300 bytes] + 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 28 UDP 8.8.8.8:53 <-> 192.168.200.222:55854 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 29 UDP 8.8.8.8:53 <-> 192.168.200.222:58434 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 30 UDP 2.85.108.0:21241 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 31 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 8.8.8.8:53 <-> 192.168.200.222:60474 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 38 UDP 80.234.25.211:12624 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 39 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][5 pkts/300 bytes] + 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 42 UDP 8.8.8.8:53 <-> 192.168.200.222:16965 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 43 UDP 24.43.1.206:40959 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][4 pkts/996 bytes] - 44 UDP 46.181.170.37:36237 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 45 UDP 8.8.8.8:53 <-> 192.168.200.222:22761 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 46 UDP 188.165.225.138:6881 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/480 bytes] - 47 UDP 8.8.8.8:53 <-> 192.168.200.222:39149 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 50 UDP 178.157.199.144:22133 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 51 UDP 8.8.8.8:53 <-> 192.168.200.222:39695 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 54 UDP 8.8.8.8:53 <-> 192.168.200.222:43901 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 62 UDP 8.8.8.8:53 <-> 192.168.200.222:58921 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 63 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][5 pkts/300 bytes] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 65 UDP 93.100.186.199:6881 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/498 bytes] - 66 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][10057 pkts/1410853 bytes] - 67 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] - 68 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][5 pkts/300 bytes] + 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index ad20b1441..03faca104 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -1,4 +1,4 @@ VNC 4551 329158 2 - 1 TCP 192.168.2.110:6900 <-> 95.237.48.208:51559 [proto: 89/VNC][1008 pkts/72613 bytes] - 2 TCP 192.168.2.110:6900 <-> 95.237.48.208:59791 [proto: 89/VNC][3543 pkts/256545 bytes] + 1 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][1008 pkts/72613 bytes] + 2 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][3543 pkts/256545 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 2d0d2f207..f73d020a8 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -11,12 +11,12 @@ WhatsApp 15 1341 1 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][server: *.world.waze.com] 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][server: *.world.waze.com] 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][server: *.world.waze.com] - 5 TCP 200.160.4.49:80 <-> 10.16.37.157:41823 [proto: 7/HTTP][4 pkts/228 bytes] - 6 TCP 200.160.4.31:80 <-> 10.16.37.157:43991 [proto: 7/HTTP][4 pkts/228 bytes] + 5 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] + 6 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][4 pkts/228 bytes] 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][server: *.waze.com] 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][4 pkts/216 bytes] - 9 TCP 200.160.4.49:80 <-> 10.16.37.157:46473 [proto: 7/HTTP][4 pkts/228 bytes] - 10 TCP 200.160.4.49:80 <-> 10.16.37.157:52953 [proto: 7/HTTP][4 pkts/228 bytes] + 9 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] + 10 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][server: *.world.waze.com] 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][server: *.world.waze.com] 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][server: *.world.waze.com] @@ -33,7 +33,7 @@ WhatsApp 15 1341 1 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][server: *.waze.com] 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes] - 27 TCP 200.160.4.49:80 <-> 10.16.37.157:52746 [proto: 7/HTTP][4 pkts/228 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/216 bytes] 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][4 pkts/216 bytes] 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][server: *.world.waze.com] @@ -42,4 +42,4 @@ WhatsApp 15 1341 1 Undetected flows: - 1 TCP 174.37.231.81:5222 <-> 10.16.37.157:42256 [proto: 0/Unknown][10 pkts/786 bytes] + 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][10 pkts/786 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 2bca4171c..3d17c6a68 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -19,7 +19,7 @@ Amazon 3 174 1 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][server: *.webex.com] 12 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][16 pkts/1171 bytes] 13 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] - 14 TCP 107.20.242.44:443 <-> 10.133.206.47:59447 [proto: 91.178/SSL.Amazon][3 pkts/174 bytes] + 14 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][3 pkts/174 bytes] 15 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] 16 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] 17 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] @@ -48,7 +48,7 @@ Amazon 3 174 1 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] - 43 TCP 185.63.147.10:443 <-> 10.133.206.47:54651 [proto: 91/SSL][3 pkts/174 bytes] + 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][3 pkts/174 bytes] 44 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index b81a52377..ed61d910e 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -18,15 +18,15 @@ WeChat 1277 615827 51 4 UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] 5 UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] 6 UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 203.205.158.34:443 <-> 192.168.1.103:43850 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] + 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] 8 UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] - 10 TCP 172.217.23.78:443 <-> 192.168.1.103:53220 [proto: 91.126/SSL.Google][8 pkts/583 bytes] - 11 TCP 216.58.205.78:443 <-> 192.168.1.103:47627 [proto: 91.126/SSL.Google][7 pkts/517 bytes] + 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][8 pkts/583 bytes] + 11 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][7 pkts/517 bytes] 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] 13 UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] - 14 TCP 192.168.1.103:54084 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] - 15 TCP 192.168.1.103:54058 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] + 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] + 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com] 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com] @@ -50,28 +50,28 @@ WeChat 1277 615827 51 36 TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] 37 UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] 38 TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] - 39 UDP 216.58.198.46:443 <-> 192.168.1.103:57591 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] 40 UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] - 41 TCP 95.101.34.33:80 <-> 192.168.1.103:34996 [proto: 7/HTTP][9 pkts/594 bytes] - 42 TCP 95.101.34.33:80 <-> 192.168.1.103:35000 [proto: 7/HTTP][9 pkts/594 bytes] + 41 TCP 192.168.1.103:34996 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 42 TCP 192.168.1.103:35000 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] - 46 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50440 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] + 46 UDP [ff02::1:3]:50440 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] - 48 UDP 172.217.23.67:443 <-> 192.168.1.103:35601 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] - 49 TCP 172.217.22.14:443 <-> 192.168.1.103:38657 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] + 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] + 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] 50 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] 51 UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] 53 UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] 54 UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] 55 ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] - 56 TCP 203.205.158.34:443 <-> 192.168.1.103:43851 [proto: 91/SSL][9 pkts/524 bytes] + 56 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][9 pkts/524 bytes] 57 UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] 58 UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] - 60 UDP 172.217.23.67:443 <-> 192.168.1.103:51507 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] + 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes] 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com] @@ -104,16 +104,16 @@ WeChat 1277 615827 51 90 IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes] 91 IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes] 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] - 93 TCP 95.101.34.33:80 <-> 192.168.1.103:34999 [proto: 7/HTTP][9 pkts/594 bytes] - 94 TCP 95.101.34.33:80 <-> 192.168.1.103:34981 [proto: 7/HTTP][9 pkts/594 bytes] - 95 TCP 95.101.34.34:80 <-> 192.168.1.103:39207 [proto: 7/HTTP][9 pkts/594 bytes] - 96 TCP 95.101.34.34:80 <-> 192.168.1.103:39195 [proto: 7/HTTP][8 pkts/528 bytes] - 97 TCP 95.101.34.34:80 <-> 192.168.1.103:39231 [proto: 7/HTTP][9 pkts/594 bytes] + 93 TCP 192.168.1.103:34999 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 94 TCP 192.168.1.103:34981 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 95 TCP 192.168.1.103:39207 <-> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] + 96 TCP 192.168.1.103:39195 <-> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes] + 97 TCP 192.168.1.103:39231 <-> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] 98 UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] 99 UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] - 101 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:49195 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] - 102 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50577 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + 101 UDP [ff02::1:3]:49195 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] + 102 UDP [ff02::1:3]:50577 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] Undetected flows: diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index c1d4bc2b7..0114702b8 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -6,16 +6,16 @@ Amazon 2 132 1 QUIC 23 4118 2 Sina(Weibo) 418 258007 15 - 1 TCP 140.205.174.1:443 <-> 192.168.1.105:48352 [proto: 91/SSL][1 pkts/74 bytes] - 2 TCP 140.205.174.1:443 <-> 192.168.1.105:48356 [proto: 91/SSL][1 pkts/74 bytes] + 1 TCP 192.168.1.105:48352 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 2 TCP 192.168.1.105:48356 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] - 4 TCP 216.58.212.65:443 <-> 192.168.1.105:34699 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 5 TCP 222.73.28.96:80 <-> 192.168.1.105:42275 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] - 6 UDP 192.168.1.1:53 <-> 192.168.1.105:50533 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] - 7 UDP 192.168.1.1:53 <-> 192.168.1.105:53543 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] + 4 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 5 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] + 6 UDP 192.168.1.105:50533 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] + 7 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][9 pkts/1944 bytes] - 9 TCP 216.58.214.78:443 <-> 192.168.1.105:58481 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 10 UDP 192.168.1.1:53 <-> 192.168.1.105:7148 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] + 9 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 10 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][106 pkts/76903 bytes][Host: img.t.sinajs.cn] 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][41 pkts/23245 bytes][Host: img.t.sinajs.cn] 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] @@ -23,30 +23,30 @@ Sina(Weibo) 418 258007 15 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][client: g.alicdn.com] 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] - 18 TCP 42.156.184.19:443 <-> 192.168.1.105:52272 [proto: 91/SSL][1 pkts/74 bytes] - 19 TCP 42.156.184.19:443 <-> 192.168.1.105:52274 [proto: 91/SSL][1 pkts/74 bytes] - 20 UDP 192.168.1.1:53 <-> 192.168.1.105:11798 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] - 21 UDP 192.168.1.1:53 <-> 192.168.1.105:16804 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] - 22 TCP 140.205.170.63:443 <-> 192.168.1.105:47721 [proto: 91/SSL][1 pkts/74 bytes] - 23 TCP 140.205.170.63:443 <-> 192.168.1.105:47723 [proto: 91/SSL][1 pkts/74 bytes] - 24 TCP 140.205.174.1:443 <-> 192.168.1.105:48353 [proto: 91/SSL][1 pkts/74 bytes] - 25 UDP 192.168.1.1:53 <-> 192.168.1.105:33822 [proto: 5/DNS][2 pkts/242 bytes][Host: login.taobao.com] + 18 TCP 192.168.1.105:52272 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 19 TCP 192.168.1.105:52274 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 20 UDP 192.168.1.105:11798 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] + 21 UDP 192.168.1.105:16804 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] + 22 TCP 192.168.1.105:47721 <-> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] + 23 TCP 192.168.1.105:47723 <-> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] + 24 TCP 192.168.1.105:48353 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 25 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/242 bytes][Host: login.taobao.com] 26 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][9 pkts/1599 bytes][Host: weibo.com] 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 29 TCP 216.58.212.69:443 <-> 192.168.1.105:37802 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 30 UDP 192.168.1.1:53 <-> 192.168.1.105:41352 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] - 31 TCP 222.73.28.96:80 <-> 192.168.1.105:42280 [proto: 7/HTTP][1 pkts/74 bytes] - 32 UDP 192.168.1.1:53 <-> 192.168.1.105:50640 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] - 33 UDP 192.168.1.1:53 <-> 192.168.1.105:51440 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] - 34 UDP 192.168.1.1:53 <-> 192.168.1.105:53466 [proto: 5/DNS][2 pkts/186 bytes][Host: log.mmstat.com] - 35 UDP 192.168.1.1:53 <-> 192.168.1.105:54988 [proto: 5/DNS][2 pkts/154 bytes][Host: weibo.com] + 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 30 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] + 31 TCP 192.168.1.105:42280 <-> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes] + 32 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] + 33 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] + 34 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/186 bytes][Host: log.mmstat.com] + 35 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/154 bytes][Host: weibo.com] 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][14 pkts/2174 bytes] - 37 TCP 216.58.214.78:443 <-> 192.168.1.105:58480 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 37 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][2 pkts/132 bytes] 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][3 pkts/214 bytes] - 42 TCP 42.156.184.19:443 <-> 192.168.1.105:52271 [proto: 91/SSL][1 pkts/74 bytes] - 43 UDP 192.168.1.1:53 <-> 192.168.1.105:18035 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] + 42 TCP 192.168.1.105:52271 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 43 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][79 pkts/37492 bytes][Host: www.weibo.com] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 50231ba14..f689282ed 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -16,8 +16,8 @@ WhatsAppVoice 706 91156 4 2 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes] 3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes] - 5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] + 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] @@ -48,7 +48,7 @@ WhatsAppVoice 706 91156 4 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 6f873ed4a..ea3c32a15 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -7,10 +7,10 @@ Spotify 1 86 1 1 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] 2 UDP [fe80::189c:c31b:1298:224]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes] - 3 UDP 192.168.2.1:53 <-> 192.168.2.4:61697 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] + 3 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][44 pkts/21371 bytes] 5 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes][Host: lucas-imac] 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][30 pkts/2963 bytes] 7 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes] - 8 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][6 pkts/2095 bytes] + 8 TCP 17.110.229.14:5223 <-> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes] 9 UDP 192.168.2.4:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes] -- cgit v1.2.3 From 9a94c34b91250643c383904b14352e282cfb056c Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 20 Apr 2017 23:00:11 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/364 --- example/ndpi_util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 445ade1ac..d6be479a0 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -220,7 +220,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow return NULL; if((iph->ihl * 4) > ipsize || ipsize < ntohs(iph->tot_len) - || (iph->frag_off & htons(0x1FFF)) != 0) + /* || (iph->frag_off & htons(0x1FFF)) != 0 */) return NULL; l4_offset = iph->ihl * 4; @@ -521,6 +521,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, u_int16_t sport, dport, payload_len; u_int8_t *payload; u_int8_t src_to_dst_direction = 1; + struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; if(iph) flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL, @@ -542,8 +543,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_flow = flow->ndpi_flow; flow->packets++, flow->bytes += rawsize; flow->last_seen = time; - } else - return(flow->detected_protocol); + } else { // flow is NULL + workflow->stats.total_discarded_bytes++; + return (nproto); + } /* Protocol already detected */ if(flow->detection_completed) return(flow->detected_protocol); -- cgit v1.2.3 From e2f2111637638192b0e8c40aaf90046904873a4a Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 21 Apr 2017 01:42:54 +0200 Subject: update bittorrent detection - fix https://github.com/ntop/nDPI/issues/362 --- src/lib/ndpi_content_match.c.inc | 56 +++++++++++++++++++++++++++++++++++++++- src/lib/ndpi_main.c | 2 +- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6bf18ffbc..85cfc0ec9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -833,6 +833,21 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, + /* + BitTorrent + */ + + { 0xB9381424 /* 185.56.20.36/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xC0DEED0A /* 192.222.237.10/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x4DDEAE14 /* 77.222.174.20/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x25779CBD /* 37.119.156.189/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x05277C26 /* 5.39.124.38/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x4FC0AB43 /* 79.192.171.67/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xAC100010 /* 172.16.0.16/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + + /* Tor http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv @@ -7952,14 +7967,18 @@ ndpi_protocol_match host_match[] = { { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -7967,12 +7986,15 @@ ndpi_protocol_match host_match[] = { { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -7986,18 +8008,25 @@ ndpi_protocol_match host_match[] = { { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8007,20 +8036,27 @@ ndpi_protocol_match host_match[] = { { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8029,17 +8065,26 @@ ndpi_protocol_match host_match[] = { { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8060,6 +8105,7 @@ ndpi_protocol_match host_match[] = { { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8068,17 +8114,22 @@ ndpi_protocol_match host_match[] = { { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8144,7 +8195,10 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5e864383a..a7d5f7bd8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -902,7 +902,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, no_master, -- cgit v1.2.3 From c96507b7a462e9b02b592eb5dfc494590456560d Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 21 Apr 2017 02:01:09 +0200 Subject: updated tests pcap --- tests/pcap/bittorrent_ip.pcap | Bin 0 -> 524448 bytes tests/result/bittorrent_ip.pcap.out | 4 ++++ 2 files changed, 4 insertions(+) create mode 100644 tests/pcap/bittorrent_ip.pcap create mode 100644 tests/result/bittorrent_ip.pcap.out diff --git a/tests/pcap/bittorrent_ip.pcap b/tests/pcap/bittorrent_ip.pcap new file mode 100644 index 000000000..8c7ff6ed5 Binary files /dev/null and b/tests/pcap/bittorrent_ip.pcap differ diff --git a/tests/result/bittorrent_ip.pcap.out b/tests/result/bittorrent_ip.pcap.out new file mode 100644 index 000000000..93ae22bff --- /dev/null +++ b/tests/result/bittorrent_ip.pcap.out @@ -0,0 +1,4 @@ +BitTorrent 479 508018 2 + + 1 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][48 pkts/37932 bytes] + 2 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][431 pkts/470086 bytes] -- cgit v1.2.3 From b9a2511ea80341a5b7186dc49835e4173c4437e5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 23 Apr 2017 19:58:41 +0200 Subject: Initial Wireshark nDPI integration --- example/ndpiReader.c | 10 +++---- example/ndpi_util.c | 85 ++++++++++++++++++++++++++-------------------------- wireshark/README.md | 20 +++++++++++++ wireshark/ndpi.lua | 47 +++++++++++++++++++++++++++++ 4 files changed, 114 insertions(+), 48 deletions(-) create mode 100644 wireshark/README.md create mode 100644 wireshark/ndpi.lua diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2b02093cb..254934ba9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -93,6 +93,7 @@ struct port_stats *srcStats = NULL, *dstStats = NULL; struct ndpi_packet_trailer { u_int32_t magic; /* 0x19682017 */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; + char name[16]; }; static pcap_dumper_t *extcap_dumper = NULL; @@ -249,14 +250,12 @@ void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; -#if 1 + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" "{tooltip=The interface name}\n", argidx++); -#else printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); -#endif printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); @@ -1494,8 +1493,9 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; memcpy(extcap_buf, packet, h->caplen); - trailer->magic = 0x19682017; - trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol; + trailer->magic = htonl(0x19680924); + trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d6be479a0..941e7f88d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -260,7 +260,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; - // tcp + // tcp workflow->stats.tcp_count++; *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); @@ -288,7 +288,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { // udp - + workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); @@ -350,7 +350,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->lower_port = lower_port, newflow->upper_port = upper_port; newflow->ip_version = version; newflow->src_to_dst_direction = *src_to_dst_direction; - + if(version == IPVERSION) { inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); @@ -442,19 +442,19 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { if(!flow->ndpi_flow) return; - - snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", + + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); /* BITTORRENT */ if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { int i, j, n = 0; - + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); j += 2, n += flow->ndpi_flow->bittorent_hash[i]; } - + if(n == 0) flow->bittorent_hash[0] = '\0'; } /* MDNS */ @@ -545,7 +545,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->last_seen = time; } else { // flow is NULL workflow->stats.total_discarded_bytes++; - return (nproto); + return(nproto); } /* Protocol already detected */ @@ -558,17 +558,16 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ + /* New protocol detected or give up */ flow->detection_completed = 1; - } - if(flow->detection_completed) { + process_ndpi_collected_info(workflow, flow); + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); - } + } - process_ndpi_collected_info(workflow, flow); return(flow->detected_protocol); } @@ -602,7 +601,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, struct ndpi_ipv6hdr *iph6; struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; - + /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; @@ -916,11 +915,11 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - int j; - - for(j = 0; j < 8; ++j) - r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; - return r ^ (uint32_t)0xFF000000L; + int j; + + for(j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + return r ^ (uint32_t)0xFF000000L; } /* Any unsigned integer type with at least 32 bits may be used as @@ -929,31 +928,31 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - size_t i, k, w, j; - - for(i = 0; i < 0x100; ++i) - table[i] = crc32_for_byte(i); - for(k = 0; k < sizeof(accum_t); ++k) - for(i = 0; i < 0x100; ++i) { - for(j = w = 0; j < sizeof(accum_t); ++j) - w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; - wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); - } + size_t i, k, w, j; + + for(i = 0; i < 0x100; ++i) + table[i] = crc32_for_byte(i); + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) + w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; + wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); + } } void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { - static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; - size_t n_accum = n_bytes/sizeof(accum_t); - size_t i, k, j; - - if(!*table) - init_tables(table, wtable); - for(i = 0; i < n_accum; ++i) { - accum_t a = *crc ^ ((accum_t*)data)[i]; - for(j = *crc = 0; j < sizeof(accum_t); ++j) - *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; - } - - for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) - *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; + static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; + size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, k, j; + + if(!*table) + init_tables(table, wtable); + for(i = 0; i < n_accum; ++i) { + accum_t a = *crc ^ ((accum_t*)data)[i]; + for(j = *crc = 0; j < sizeof(accum_t); ++j) + *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; + } + + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } diff --git a/wireshark/README.md b/wireshark/README.md new file mode 100644 index 000000000..1811c663e --- /dev/null +++ b/wireshark/README.md @@ -0,0 +1,20 @@ +# nDPI Wireshark Plugin + +## Introduction + +nDPI can provide Wireshark protocol dissection to complement internal protocol decoding. In order to do this, the ndpiReader application is used to provide Wireshark nDPI protocol dissection, and a Wireshark plugin interprets nDPI information. + +## Installation + +- Copy the ndpiReader application (it is located under nDPI/example) to the Extcap path. See Wireshark -> About menu for identifying the extcap directory. Under OSX it is usually /Applications/Wireshark.app/Contents/MacOS/extcap +- Copy the ndpi.lua plugin under ~/.wireshark/plugins (or in the global Wireshark plugins directory) + +## Usage + +At Wireshark startup you will find a new extcap interface named "nDPI interface". Select that interface and specify an interface name (for live capture) or a pcap file path (for reading packets from a pcap file). You can choose a nDPI protocol list from the dropdown menu in case you want Wireshark to dissect only protocols of the specified nDPI application protocol. + +During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information and it displays it in the Wireshark GUI. + +## nDPI Packet Filtering + +As nDPI is natively integrated into Wireshark, you can filter packets using the usual filtering mechanism. Example use "ndpi.protocol.name==BitTorrent" to filter all BitTorrent traffic. diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua new file mode 100644 index 000000000..2065d2335 --- /dev/null +++ b/wireshark/ndpi.lua @@ -0,0 +1,47 @@ +-- +-- (C) 2017 - ntop.org +-- +-- This plugin is part of nDPI (https://github.com/ntop/nDPI) +-- +-- +local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") + +ndpi_proto.fields = {} +local fds = ndpi_proto.fields + +fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) +fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) +fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) + +local f_eth_trailer = Field.new("eth.trailer") + +-- ############################################### + +-- the dissector function callback +function ndpi_proto.dissector(tvb, pinfo, tree) + local pktlen = tvb:len() + local eth_trailer = f_eth_trailer() + local magic = tostring(tvb(pktlen-28,4)) + + if(magic == "19680924") then + local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") + local network_protocol = tvb(pktlen-24,2) + local application_protocol = tvb(pktlen-22,2) + local name = tvb(pktlen-20,16) + local name_str = name:string(ENC_UTF_8) + + ndpi_subtree:add(fds.network_protocol, network_protocol) + ndpi_subtree:add(fds.application_protocol, application_protocol) + ndpi_subtree:add(fds.name, name) + + local pname = ""..application_protocol + if(pname ~= "0000") then + -- Set protocol name in the wireshark protocol column (if not Unknown) + pinfo.cols.protocol = name_str + end + end +end + +register_postdissector(ndpi_proto) + +-- ############################################### -- cgit v1.2.3 From 43f18ddb0f5b849deb454fa68e447a22912b9ba9 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 24 Apr 2017 00:45:43 +0200 Subject: Updated Wireshark lua dissector Added -v to ndpiReader to print port stats Recomputed protocol test results --- example/ndpiReader.c | 23 +- tests/result/Instagram.pcap.out | 14 +- tests/result/KakaoTalk_chat.pcap.out | 6 +- tests/result/Viber_session.pcap.out | 40 ++-- tests/result/ocs.pcap.out | 4 +- tests/result/skype.pcap.out | 386 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 2 +- tests/result/starcraft_battle.pcap.out | 8 +- tests/result/viber_mobile.pcap.out | 160 ++++++------- tests/result/whatsapp_login_call.pcap.out | 105 ++++---- wireshark/ndpi.lua | 135 ++++++++++- 11 files changed, 512 insertions(+), 371 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 254934ba9..e23e0c1f9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -167,7 +167,7 @@ static void help(u_int long_help) { " -w | Write test output on the specified file. This is useful for\n" " | testing purposes in order to compare results across runs\n" " -h | This help\n" - " -v <1|2> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose\n"); + " -v <1|2|3> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose, 3=port stats\n"); #ifndef WIN32 printf("\nExcap (wireshark) options:\n" @@ -240,7 +240,7 @@ void extcap_interfaces() { void extcap_dlts() { u_int dlts_number = DLT_EN10MB; - printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI interface"); + printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI Interface"); exit(0); } @@ -251,13 +251,16 @@ void extcap_config() { struct ndpi_detection_module_struct *ndpi_mod; /* -i */ - printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" + printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); +#if 0 printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); +#endif - printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" + + printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); setupDetection(0, NULL); @@ -558,6 +561,9 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { #endif FILE *out = results_file ? results_file : stdout; + if((verbose != 1) && (verbose != 2)) + return; + if(!json_flag) { fprintf(out, "\t%u", ++num_flows); @@ -1060,10 +1066,10 @@ static void printResults(u_int64_t tot_usec) { for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); - if(verbose) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + if(verbose == 3) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); } - if(verbose) { + if(verbose == 3) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); } @@ -1242,7 +1248,7 @@ static void printResults(u_int64_t tot_usec) { // printf("\n\nTotal Flow Traffic: %llu (diff: %llu)\n", total_flow_bytes, cumulative_stats.total_ip_bytes-total_flow_bytes); - if(verbose) { + if((verbose == 1) || (verbose == 2)) { FILE *out = results_file ? results_file : stdout; if(!json_flag) fprintf(out, "\n"); @@ -1289,7 +1295,7 @@ static void printResults(u_int64_t tot_usec) { #endif } - if(verbose) { + if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); @@ -1493,6 +1499,7 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; memcpy(extcap_buf, packet, h->caplen); + memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index edd889471..83b0492bb 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -1,30 +1,30 @@ Unknown 1 66 1 -HTTP 116 91784 6 +HTTP 266 245342 7 ICMP 5 510 1 -SSL 2 169 1 -Facebook 251 215986 5 +SSL 93 57298 4 +Facebook 10 5299 1 Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91/SSL][11 pkts/5397 bytes] 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] + 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/SSL][68 pkts/45688 bytes] + 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/SSL][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 4fee1d276..b1df9ee34 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,9 +1,9 @@ DNS 2 217 1 -HTTP 1 56 1 +HTTP 15 840 2 ICMP 1 147 1 SSL 29 4579 3 Facebook 215 51809 12 -Google 16 1031 3 +Google 2 247 2 HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 @@ -36,7 +36,7 @@ KakaoTalk 55 9990 15 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 81ef39da8..f396686c7 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -1,13 +1,13 @@ -Unknown 163 9995 7 +Unknown 145 9356 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 80 7703 8 -Facebook 29 3944 2 +SSL 104 9782 9 +Facebook 59 5744 3 Dropbox 1 97 1 GMail 21 1891 1 -Google 50 4084 5 -Viber 4163 392492 4 +Google 26 2005 4 +Viber 4151 391331 3 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] @@ -22,17 +22,17 @@ Amazon 1 66 1 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] - 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] - 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] - 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] + 13 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 119/Facebook][30 pkts/1800 bytes] + 14 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91/SSL][24 pkts/2079 bytes] + 15 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 16 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] + 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] + 20 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 21 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 22 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 23 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] @@ -45,9 +45,9 @@ Amazon 1 66 1 Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 4 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 5 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 0/Unknown][12 pkts/1161 bytes] 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index abb202085..feb238eb8 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,15 +1,15 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 -SSL 20 2715 1 Google 41 5525 6 +Amazon 20 2715 1 OCS 863 57552 7 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][20 pkts/2715 bytes] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index fd4ad387f..0f0a3cc5e 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,14 +1,14 @@ -Unknown 404 52712 16 +Unknown 416 54589 17 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 -Dropbox 38 17948 5 -Skype 1918 293218 245 -Apple 15 2045 2 +SSL 96 8876 7 +Dropbox 52 19156 6 +Skype 1896 291402 243 +Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -111,185 +111,184 @@ MS_OneDrive 387 198090 1 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] - 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] - 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] - 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] - 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] - 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] - 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] - 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] - 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] - 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] - 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] - 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] - 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] - 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 99 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] + 100 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] + 101 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] + 102 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] + 103 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] + 104 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] + 105 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] + 106 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] + 107 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] + 108 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] + 109 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] + 110 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] + 111 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] + 112 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] + 113 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] + 114 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] + 115 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] + 116 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] + 117 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] + 118 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] + 119 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] + 120 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] + 124 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] + 127 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] + 128 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] + 129 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] + 130 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 148 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 149 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 150 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 151 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 152 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 156 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 157 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 158 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 159 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 160 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 161 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 162 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 163 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 164 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 166 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 167 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 194 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 195 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 196 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 197 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 198 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 200 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 201 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 204 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 205 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 206 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 207 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 208 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 209 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 210 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 211 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 212 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 213 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 214 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 215 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 220 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 221 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 222 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 224 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 225 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 226 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 227 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 228 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 229 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 230 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 231 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 232 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 233 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 234 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 235 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 236 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 237 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 238 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 241 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 244 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 245 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 246 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 247 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 248 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 249 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 250 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 251 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 252 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 253 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 254 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 255 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 258 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 259 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 267 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 268 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 269 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 270 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 271 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 272 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.121/SSL.Dropbox][14 pkts/1208 bytes] + 273 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 274 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 275 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 276 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -300,12 +299,13 @@ Undetected flows: 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] - 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 8 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 0/Unknown][12 pkts/1877 bytes] + 9 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] + 10 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] + 11 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 12 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 13 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 14 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 15 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 16 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 17 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 2d9048852..6f39106c4 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -261,7 +261,7 @@ MS_OneDrive 348 181687 1 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index f2d26ea0a..3d096ba01 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 38 2548 11 +SSL 30 1998 9 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 236 51494 6 +Starcraft 244 52044 8 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 236 51494 6 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index c311e74b3..80e00c267 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -1,4 +1,4 @@ -Unknown 163 9995 7 +Unknown 195 17876 9 DNS 16 1943 7 HTTP 43 4771 7 BitTorrent 57 13074 27 @@ -8,90 +8,90 @@ SSL 79 21658 7 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 76 17175 8 +Google 60 11337 7 WhatsApp 31 6224 2 -Viber 10081 1413446 4 +Viber 10065 1411403 3 Amazon 8 528 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] - 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] - 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] - 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] - 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] - 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] - 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] - 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] - 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] - 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] - 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] - 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] - 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] - 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] - 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] - 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] - 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] - 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] - 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] - 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] - 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 3 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] + 4 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 5 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 6 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 7 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 8 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 9 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 10 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 11 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] + 12 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] + 13 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 14 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 15 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 16 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] + 17 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] + 18 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 19 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 20 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] + 21 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 22 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 23 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 24 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 25 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 26 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] + 27 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 28 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 29 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 30 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 31 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 33 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 34 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] + 35 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 36 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] + 37 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 38 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 39 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 40 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] + 41 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 42 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 43 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 44 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 45 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 46 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 47 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] + 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 49 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 50 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 51 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] + 52 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 54 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 55 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 56 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 57 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 58 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 59 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 60 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 61 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 62 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] + 63 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 64 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 65 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 66 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 67 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] + 68 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 69 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 70 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 0/Unknown][16 pkts/5838 bytes] + 2 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 5 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 6 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 0/Unknown][16 pkts/2043 bytes] + 8 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 9 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index f689282ed..99ff51ed5 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,7 +1,7 @@ +Unknown 27 2322 2 HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 -STUN 27 2322 2 ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 @@ -19,53 +19,56 @@ WhatsAppVoice 706 91156 4 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] - 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] - 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] - 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] - 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] - 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] - 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] - 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] - 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] - 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 8 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 9 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 10 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 11 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 12 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] + 15 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] + 16 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 30 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] + 31 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] + 32 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] + 33 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] + 34 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] + 35 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] + 36 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 37 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] + 38 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 39 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 40 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 41 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 42 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 43 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] + 44 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 45 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 46 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 49 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] + 50 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] + 51 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] + 52 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 53 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 54 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] + 55 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + + +Undetected flows: + 1 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 0/Unknown][15 pkts/1290 bytes] + 2 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 0/Unknown][12 pkts/1032 bytes] diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 2065d2335..177e0f121 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -15,8 +15,36 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR local f_eth_trailer = Field.new("eth.trailer") +local ndpi_protos = {} +local ndpi_senders = {} +local ndpi_receivers = {} + -- ############################################### +function ndpi_proto.init() + ndpi_protos = {} + ndpi_senders = {} + ndpi_receivers = {} +end + +function slen(str) + local i = 1 + local len = 0 + local zero = string.char(0) + + for i = 1, 16 do + local c = str:sub(i,i) + + if(c ~= zero) then + len = len + 1 + else + break + end + end + + return(str:sub(1, len)) +end + -- the dissector function callback function ndpi_proto.dissector(tvb, pinfo, tree) local pktlen = tvb:len() @@ -28,8 +56,9 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local network_protocol = tvb(pktlen-24,2) local application_protocol = tvb(pktlen-22,2) local name = tvb(pktlen-20,16) - local name_str = name:string(ENC_UTF_8) - + local name_str = name:string(ENC_ASCII) + local key + ndpi_subtree:add(fds.network_protocol, network_protocol) ndpi_subtree:add(fds.application_protocol, application_protocol) ndpi_subtree:add(fds.name, name) @@ -39,9 +68,111 @@ function ndpi_proto.dissector(tvb, pinfo, tree) -- Set protocol name in the wireshark protocol column (if not Unknown) pinfo.cols.protocol = name_str end + + key = tostring(slen(name_str)) + if(ndpi_protos[key] == nil) then ndpi_protos[key] = 0 end + ndpi_protos[key] = ndpi_protos[key] + pinfo.len + + key = tostring(pinfo.src) + if(ndpi_senders[key] == nil) then ndpi_senders[key] = 0 end + ndpi_senders[key] = ndpi_senders[key] + pinfo.len + + key = tostring(pinfo.dst) + if(ndpi_receivers[key] == nil) then ndpi_receivers[key] = 0 end + ndpi_receivers[key] = ndpi_receivers[key] + pinfo.len end end register_postdissector(ndpi_proto) -- ############################################### + +function round(num, idp) return tonumber(string.format("%." .. (idp or 0) .. "f", num)) end + +-- Convert bytes to human readable format +function bytesToSize(bytes) + if(bytes == nil) then + return("0") + else + precision = 2 + kilobyte = 1024; + megabyte = kilobyte * 1024; + gigabyte = megabyte * 1024; + terabyte = gigabyte * 1024; + + bytes = tonumber(bytes) + if((bytes >= 0) and (bytes < kilobyte)) then + return round(bytes, precision) .. " Bytes"; + elseif((bytes >= kilobyte) and (bytes < megabyte)) then + return round(bytes / kilobyte, precision) .. ' KB'; + elseif((bytes >= megabyte) and (bytes < gigabyte)) then + return round(bytes / megabyte, precision) .. ' MB'; + elseif((bytes >= gigabyte) and (bytes < terabyte)) then + return round(bytes / gigabyte, precision) .. ' GB'; + elseif(bytes >= terabyte) then + return round(bytes / terabyte, precision) .. ' TB'; + else + return round(bytes, precision) .. ' Bytes'; + end + end +end + +function pairsByValues(t, f) + local a = {} + for n in pairs(t) do table.insert(a, n) end + table.sort(a, function(x, y) return f(t[x], t[y]) end) + local i = 0 -- iterator variable + local iter = function () -- iterator function + i = i + 1 + if a[i] == nil then return nil + else return a[i], t[a[i]] + end + end + return iter +end + +function asc(a,b) return (a < b) end +function rev(a,b) return (a > b) end + +local function ndpi_dialog_menu() + local win = TextWindow.new("nDPI Protocol Statistics"); + local label = "" + local i + local max_i = 10 + + if(ndpi_protos ~= {}) then + label = "nDPI Protocol Breakdown\n" + label = label .. "-----------------------\n" + + i = 0 + for k,v in pairsByValues(ndpi_protos, rev) do + -- label = label .. k .. "\t".. bytesToSize(v) .. "\n" + label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + if(i == max_i) then break else i = i + 1 end + end + + -- ####### + + label = label .. "\nTop Senders\n" + label = label .. "-----------\n" + i = 0 + for k,v in pairsByValues(ndpi_senders, rev) do + label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + if(i == max_i) then break else i = i + 1 end + end + + -- ####### + + label = label .. "\nTop Receivers\n" + label = label .. "-------------\n" + i = 0 + for k,v in pairsByValues(ndpi_receivers, rev) do + label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + if(i == max_i) then break else i = i + 1 end + end + + win:set(label) + end +end + +register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) -- cgit v1.2.3 From 6c2c885176c6f102f15fc6b781525c23b1435cb7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 25 Apr 2017 10:42:03 +0200 Subject: Extcap crash fix --- example/ndpiReader.c | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e23e0c1f9..cd83b9ff5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -97,7 +97,7 @@ struct ndpi_packet_trailer { }; static pcap_dumper_t *extcap_dumper = NULL; -static char extcap_buf[2048]; +static char extcap_buf[16384]; static char *extcap_capture_fifo = NULL; static u_int16_t extcap_packet_filter = (u_int16_t)-1; @@ -296,13 +296,6 @@ void extcap_capture() { #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Starting packet capture [%p]\n", extcap_dumper); #endif - - test_lib(); - pcap_dump_close(extcap_dumper); - -#ifdef DEBUG_TRACE - if(trace) fprintf(trace, "End of packet capture [%p]\n", extcap_dumper); -#endif } /* ********************************** */ @@ -1494,31 +1487,39 @@ static void pcap_packet_callback_checked(u_char *args, || (p.master_protocol == extcap_packet_filter) ) ) { - struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; + struct pcap_pkthdr h; uint32_t *crc, delta = sizeof(struct ndpi_packet_trailer) + 4 /* ethernet trailer */; - struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; + struct ndpi_packet_trailer *trailer; - memcpy(extcap_buf, packet, h->caplen); + memcpy(&h, header, sizeof(h)); + + if(h.caplen > (sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4)) { + printf("INTERNAL ERROR: caplen=%u\n", h.caplen); + h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; + } + + trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; + memcpy(extcap_buf, packet, h.caplen); memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); - crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; + crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; - ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); - h->caplen += delta, h->len += delta; + ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer), crc); + h.caplen += delta, h.len += delta; #ifdef DEBUG_TRACE - if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); + if(trace) fprintf(trace, "Dumping %u bytes packet\n", h.caplen); #endif - pcap_dump((u_char*)extcap_dumper, h, (const u_char *)extcap_buf); + pcap_dump((u_char*)extcap_dumper, &h, (const u_char *)extcap_buf); } /* check for buffer changes */ if(memcmp(packet, packet_checked, header->caplen) != 0) - printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", - thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count); + printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu, caplen=%u]\n", + thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count, header->caplen); free(packet_checked); } @@ -1685,9 +1686,10 @@ int main(int argc, char **argv) { for(i=0; i Date: Tue, 25 Apr 2017 11:21:40 +0200 Subject: Improced extcap configuration window with sorted protocol list Reported flow stats in Statistics -> nDPI menu --- example/ndpiReader.c | 41 ++++++++++++++++++++++++++++++-------- wireshark/ndpi.lua | 56 ++++++++++++++++++++++++---------------------------- 2 files changed, 59 insertions(+), 38 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cd83b9ff5..1f982b60b 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -246,10 +246,23 @@ void extcap_dlts() { /* ********************************** */ +struct ndpi_proto_sorter { + int id; + char name[16]; +}; + +int cmpProto(const void *_a, const void *_b) { + struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a; + struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b; + + return(strcmp(a->name, b->name)); +} + void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; - + struct ndpi_proto_sorter *protos; + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -258,20 +271,31 @@ void extcap_config() { printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); #endif + + setupDetection(0, NULL); + ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; + + protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols); + if(!protos) exit(0); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { + protos[i].id = i; + snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_mod->proto_defaults[i].protoName); + } + qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); - setupDetection(0, NULL); - ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; - printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); - + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) - printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, i, - ndpi_mod->proto_defaults[i].protoName, i); + printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id, + protos[i].name, protos[i].id); + free(protos); + exit(0); } @@ -1507,13 +1531,14 @@ static void pcap_packet_callback_checked(u_char *args, crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer), crc); - h.caplen += delta, h.len += delta; + h.caplen += delta, h.len += delta; #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Dumping %u bytes packet\n", h.caplen); #endif pcap_dump((u_char*)extcap_dumper, &h, (const u_char *)extcap_buf); + pcap_dump_flush(extcap_dumper); } /* check for buffer changes */ diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 177e0f121..3d35c9083 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -15,16 +15,15 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR local f_eth_trailer = Field.new("eth.trailer") -local ndpi_protos = {} -local ndpi_senders = {} -local ndpi_receivers = {} +local ndpi_protos = {} +local ndpi_flows = {} +local compute_flows_stats = true -- ############################################### function ndpi_proto.init() ndpi_protos = {} - ndpi_senders = {} - ndpi_receivers = {} + ndpi_flows = {} end function slen(str) @@ -57,7 +56,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local application_protocol = tvb(pktlen-22,2) local name = tvb(pktlen-20,16) local name_str = name:string(ENC_ASCII) - local key + local ndpikey, srckey, dstkey, flowkey ndpi_subtree:add(fds.network_protocol, network_protocol) ndpi_subtree:add(fds.application_protocol, application_protocol) @@ -69,17 +68,22 @@ function ndpi_proto.dissector(tvb, pinfo, tree) pinfo.cols.protocol = name_str end - key = tostring(slen(name_str)) - if(ndpi_protos[key] == nil) then ndpi_protos[key] = 0 end - ndpi_protos[key] = ndpi_protos[key] + pinfo.len + if(compute_flows_stats) then + ndpikey = tostring(slen(name_str)) - key = tostring(pinfo.src) - if(ndpi_senders[key] == nil) then ndpi_senders[key] = 0 end - ndpi_senders[key] = ndpi_senders[key] + pinfo.len + if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end + ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len + + srckey = tostring(pinfo.src) + dstkey = tostring(pinfo.dst) + + flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]" + if(ndpi_flows[flowkey] == nil) then + ndpi_flows[flowkey] = 0 + end - key = tostring(pinfo.dst) - if(ndpi_receivers[key] == nil) then ndpi_receivers[key] = 0 end - ndpi_receivers[key] = ndpi_receivers[key] + pinfo.len + ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len + end end end @@ -147,27 +151,17 @@ local function ndpi_dialog_menu() i = 0 for k,v in pairsByValues(ndpi_protos, rev) do -- label = label .. k .. "\t".. bytesToSize(v) .. "\n" - label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) if(i == max_i) then break else i = i + 1 end end -- ####### - label = label .. "\nTop Senders\n" + label = label .. "\nTop nDPI Flows\n" label = label .. "-----------\n" i = 0 - for k,v in pairsByValues(ndpi_senders, rev) do - label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) - if(i == max_i) then break else i = i + 1 end - end - - -- ####### - - label = label .. "\nTop Receivers\n" - label = label .. "-------------\n" - i = 0 - for k,v in pairsByValues(ndpi_receivers, rev) do - label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + for k,v in pairsByValues(ndpi_flows, rev) do + label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) if(i == max_i) then break else i = i + 1 end end @@ -175,4 +169,6 @@ local function ndpi_dialog_menu() end end -register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) +if(compute_flows_stats) then + register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) +end -- cgit v1.2.3 From 6cae3a7dceff002852778f1a09caf9571687f8b5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 27 Apr 2017 12:17:32 +0200 Subject: Removed Napatech dependency --- configure.ac | 9 --------- 1 file changed, 9 deletions(-) diff --git a/configure.ac b/configure.ac index 239187360..c970cbe5b 100644 --- a/configure.ac +++ b/configure.ac @@ -82,15 +82,6 @@ AS_IF([test "x$enable_json_c" != "xno"], [ []) ]) -OLD_LIBS=$LIBS -LIBS="-L/opt/napatech3/lib $LIBS" -AC_CHECK_LIB([ntapi], - [NT_Init], - [PCAP_LIB="$PCAP_LIB -L/opt/napatech3/lib -lntapi"], - [], [] ) -LIBS=$OLD_LIBS - - AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc]) -- cgit v1.2.3 From e1b905124fce4d1aac35006f6721e27c1ee81228 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 27 Apr 2017 14:57:04 +0200 Subject: Improved SSL dissection --- example/ndpi_util.c | 7 +- tests/result/Instagram.pcap.out | 14 +- tests/result/KakaoTalk_chat.pcap.out | 6 +- tests/result/Viber_session.pcap.out | 40 ++-- tests/result/ocs.pcap.out | 4 +- tests/result/skype.pcap.out | 384 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 290 +++++++++++----------- tests/result/starcraft_battle.pcap.out | 8 +- tests/result/viber_mobile.pcap.out | 160 ++++++------- tests/result/whatsapp_login_call.pcap.out | 105 ++++---- 10 files changed, 507 insertions(+), 511 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 941e7f88d..eb6744ccc 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -561,11 +561,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, /* New protocol detected or give up */ flow->detection_completed = 1; - process_ndpi_collected_info(workflow, flow); - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, + flow->ndpi_flow); + process_ndpi_collected_info(workflow, flow); } return(flow->detected_protocol); diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 83b0492bb..edd889471 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -1,30 +1,30 @@ Unknown 1 66 1 -HTTP 266 245342 7 +HTTP 116 91784 6 ICMP 5 510 1 -SSL 93 57298 4 -Facebook 10 5299 1 +SSL 2 169 1 +Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91/SSL][11 pkts/5397 bytes] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][150 pkts/153558 bytes] + 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/SSL][68 pkts/45688 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/SSL][12 pkts/6044 bytes] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] + 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index b1df9ee34..4fee1d276 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,9 +1,9 @@ DNS 2 217 1 -HTTP 15 840 2 +HTTP 1 56 1 ICMP 1 147 1 SSL 29 4579 3 Facebook 215 51809 12 -Google 2 247 2 +Google 16 1031 3 HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 @@ -36,7 +36,7 @@ KakaoTalk 55 9990 15 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index f396686c7..81ef39da8 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -1,13 +1,13 @@ -Unknown 145 9356 7 +Unknown 163 9995 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 104 9782 9 -Facebook 59 5744 3 +SSL 80 7703 8 +Facebook 29 3944 2 Dropbox 1 97 1 GMail 21 1891 1 -Google 26 2005 4 -Viber 4151 391331 3 +Google 50 4084 5 +Viber 4163 392492 4 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] @@ -22,17 +22,17 @@ Amazon 1 66 1 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] - 13 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 119/Facebook][30 pkts/1800 bytes] - 14 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91/SSL][24 pkts/2079 bytes] - 15 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 16 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] - 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 20 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 21 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 22 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 23 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] + 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] @@ -45,9 +45,9 @@ Amazon 1 66 1 Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 4 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 5 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 0/Unknown][12 pkts/1161 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index feb238eb8..abb202085 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,15 +1,15 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 +SSL 20 2715 1 Google 41 5525 6 -Amazon 20 2715 1 OCS 863 57552 7 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][20 pkts/2715 bytes] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 0f0a3cc5e..69fff20f5 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 416 54589 17 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -6,9 +6,9 @@ SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 -Dropbox 52 19156 6 -Skype 1896 291402 243 -Apple 3 168 1 +Dropbox 38 17948 5 +Skype 1933 296729 245 +Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -111,184 +111,186 @@ MS_OneDrive 387 198090 1 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] - 99 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] - 100 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] - 101 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] - 102 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] - 103 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] - 104 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] - 105 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] - 106 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] - 107 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 108 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 109 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 110 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 111 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 112 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 114 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 115 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 116 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 117 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 118 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 119 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 120 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 122 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 123 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 124 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] - 127 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] - 128 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 129 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] - 130 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 148 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 149 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 150 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 151 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 152 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 156 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 157 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 158 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 159 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 160 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 161 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 162 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 163 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 164 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 166 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 167 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 194 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 195 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 196 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 197 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 198 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 199 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 200 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 201 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 203 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 204 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 205 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 206 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 208 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 209 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 210 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 211 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 212 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 213 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 214 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 220 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 221 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 222 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 224 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 225 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 226 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 227 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 228 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 229 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 230 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 231 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 232 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 233 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 234 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 236 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 237 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 238 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 241 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 244 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 245 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 246 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 247 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 248 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 249 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 250 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 251 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 252 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 253 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 254 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 258 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 267 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 268 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 269 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 270 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 271 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 272 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.121/SSL.Dropbox][14 pkts/1208 bytes] - 273 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 274 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 275 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 276 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] + 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] + 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] + 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] + 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] + 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] + 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] + 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] + 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] + 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] + 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] + 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] + 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] + 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] + 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] + 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] + 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] + 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] + 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] + 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] + 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] + 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] + 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] + 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] + 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] + 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] + 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 208 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 213 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 240 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 253 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 278 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -299,13 +301,11 @@ Undetected flows: 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] - 8 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 0/Unknown][12 pkts/1877 bytes] - 9 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 10 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 11 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 12 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 13 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 14 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 15 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 16 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 17 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 6f39106c4..3e631832f 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 216 66695 13 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1261 185232 222 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,143 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 120 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 121 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 123 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 124 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 141 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] + 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 143 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 149 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 150 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 151 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 152 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 178 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 179 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] + 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 183 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 186 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 189 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 190 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 191 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 201 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 202 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 205 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 207 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 209 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 218 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] + 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 228 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 242 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 243 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 244 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 245 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 246 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 250 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 252 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] + 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: @@ -274,10 +275,9 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 10 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] + 12 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 3d096ba01..f2d26ea0a 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 30 1998 9 +SSL 38 2548 11 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 244 52044 8 +Starcraft 236 51494 6 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 244 52044 8 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 80e00c267..c311e74b3 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -1,4 +1,4 @@ -Unknown 195 17876 9 +Unknown 163 9995 7 DNS 16 1943 7 HTTP 43 4771 7 BitTorrent 57 13074 27 @@ -8,90 +8,90 @@ SSL 79 21658 7 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 60 11337 7 +Google 76 17175 8 WhatsApp 31 6224 2 -Viber 10065 1411403 3 +Viber 10081 1413446 4 Amazon 8 528 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 4 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 5 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] - 6 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 7 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] - 8 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] - 9 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] - 10 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] - 11 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] - 12 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 13 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] - 14 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 15 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 16 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 17 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] - 18 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 19 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 20 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 21 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 22 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 23 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 24 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 25 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 26 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 27 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 28 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 29 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 30 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 31 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 33 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] - 34 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 35 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 36 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 37 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] - 38 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 39 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 40 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 41 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 42 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] - 43 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] - 44 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 45 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] - 46 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] - 47 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 49 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] - 50 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] - 51 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 52 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 54 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 55 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 56 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 57 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 58 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 59 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] - 60 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 61 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 62 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 63 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] - 64 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] - 65 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 66 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 67 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 68 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 69 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 70 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] + 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] + 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] + 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] + 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] + 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] + 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] + 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] + 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] + 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] + 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] + 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] + 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] + 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] + 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 0/Unknown][16 pkts/5838 bytes] - 2 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 5 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 6 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 0/Unknown][16 pkts/2043 bytes] - 8 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 9 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 99ff51ed5..f689282ed 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,7 +1,7 @@ -Unknown 27 2322 2 HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 +STUN 27 2322 2 ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 @@ -19,56 +19,53 @@ WhatsAppVoice 706 91156 4 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 9 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] - 15 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] - 16 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 30 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] - 31 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 32 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] - 33 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] - 34 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 35 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 36 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 37 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 38 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 39 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 40 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 44 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 46 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 49 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] - 50 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] - 51 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 52 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 53 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 54 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 55 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - - -Undetected flows: - 1 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 0/Unknown][15 pkts/1290 bytes] - 2 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 0/Unknown][12 pkts/1032 bytes] + 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] + 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] + 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] + 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] + 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] + 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] + 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] + 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] + 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] + 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] + 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] + 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] + 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] + 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] + 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] + 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] + 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] -- cgit v1.2.3 From af5021d571b682d540b796eb59f31dcddd3f3aa0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 29 Apr 2017 08:32:28 +0000 Subject: Fixed warning --- src/lib/protocols/oscar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index 869b36378..d6ca25cde 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -579,7 +579,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct { /* request ID */ req_ID = get_u_int32_t(packet->payload, 12); - if((req_ID <= 4294967295)) + if((req_ID <= ((u_int32_t)-1))) { NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From 064b50df819918734062294984e529bd62bd594c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Apr 2017 10:12:28 +0200 Subject: Added -m for splitting analysis in sub-analysis steps --- example/ndpiReader.c | 102 ++++++++++++++++++++++++++++++++------------------- example/ndpi_util.c | 2 +- example/ndpi_util.h | 1 + 3 files changed, 67 insertions(+), 38 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1f982b60b..59ca8b3a1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -69,10 +69,12 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; +static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; static u_int8_t shutdown_app = 0, quiet_mode = 0; static u_int8_t num_threads = 1; +static struct timeval begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif @@ -146,13 +148,14 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); static void help(u_int long_help) { printf("Welcome to nDPI %s\n\n", ndpi_revision()); - printf("ndpiReader -i [-f ][-s ]\n" + printf("ndpiReader -i [-f ][-s ][-m ]\n" " [-p ][-l [-q][-d][-h][-t][-v ]\n" " [-n ] [-w ] [-j ]\n\n" "Usage:\n" " -i | Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list)\n" " -f | Specify a BPF filter for filtering selected traffic\n" " -s | Maximum capture duration in seconds (live traffic capture only)\n" + " -m | Split analysis duration in max seconds\n" " -p .protos | Specify a protocol file (eg. protos.txt)\n" " -l | Number of detection loops (test only)\n" " -n | Number of threads. Default: number of interfaces in -i. Ignored with pcap files.\n" @@ -262,7 +265,7 @@ void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; struct ndpi_proto_sorter *protos; - + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -271,12 +274,12 @@ void extcap_config() { printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); #endif - + setupDetection(0, NULL); ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; - + protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols); - if(!protos) exit(0); + if(!protos) exit(0); for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { protos[i].id = i; @@ -284,18 +287,18 @@ void extcap_config() { } qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); - + printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); - + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id, protos[i].name, protos[i].id); free(protos); - + exit(0); } @@ -341,7 +344,7 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:", longopts, &option_idx)) != EOF) { + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -356,6 +359,10 @@ static void parseOptions(int argc, char **argv) { _pcap_file[0] = optarg; break; + case 'm': + pcap_analysis_duration = atol(optarg); + break; + case 'f': case '6': _bpf_filter = optarg; @@ -580,7 +587,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if((verbose != 1) && (verbose != 2)) return; - + if(!json_flag) { fprintf(out, "\t%u", ++num_flows); @@ -937,7 +944,6 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { * @brief End of detection and free flow */ static void terminateDetection(u_int16_t thread_id) { - ndpi_workflow_free(ndpi_thread_info[thread_id].workflow); } @@ -1047,12 +1053,12 @@ static int port_stats_sort(void *_a, void *_b) { void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; int i = 0; - + HASH_ITER(hh, stats, s, tmp) { i++; printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); if(i >= 10) break; - } + } } /* *********************************************** */ @@ -1061,7 +1067,6 @@ void printPortStats(struct port_stats *stats) { * @brief Print result */ static void printResults(u_int64_t tot_usec) { - u_int32_t i; u_int64_t total_flow_bytes = 0; u_int32_t avg_pkt_size = 0; @@ -1073,10 +1078,10 @@ static void printResults(u_int64_t tot_usec) { json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; - + memset(&cumulative_stats, 0, sizeof(cumulative_stats)); - for(thread_id = 0; thread_id < num_threads; thread_id++) { + for(thread_id = 0; thread_id < num_threads; thread_id++) { if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) && (ndpi_thread_info[thread_id].workflow->stats.raw_packet_count == 0)) continue; @@ -1090,7 +1095,7 @@ static void printResults(u_int64_t tot_usec) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); } - + /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1117,6 +1122,8 @@ static void printResults(u_int64_t tot_usec) { cumulative_stats.max_packet_len += ndpi_thread_info[thread_id].workflow->stats.max_packet_len; } + if(cumulative_stats.total_wire_bytes == 0) return; + if(!quiet_mode) { printf("\nnDPI Memory statistics:\n"); printf("\tnDPI Memory (once): %-13s\n", formatBytes(sizeof(struct ndpi_detection_module_struct), buf, sizeof(buf))); @@ -1155,7 +1162,7 @@ static void printResults(u_int64_t tot_usec) { printf("\tPacket Len > 1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[5]); if(tot_usec > 0) { - char buf[32], buf1[32]; + char buf[32], buf1[32], when[64]; float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; @@ -1164,6 +1171,11 @@ static void printResults(u_int64_t tot_usec) { printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration; + + strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_start.tv_sec)); + printf("\tAnalysis begin: %s\n", when); + strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_end.tv_sec)); + printf("\tAnalysis end: %s\n", when); printf("\tTraffic throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); } @@ -1315,11 +1327,12 @@ static void printResults(u_int64_t tot_usec) { if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); - + printf("\nDestination Ports Stats:\n"); printPortStats(dstStats); - + deletePortsStats(srcStats), deletePortsStats(dstStats); + srcStats = NULL, dstStats = NULL; } } @@ -1328,14 +1341,11 @@ static void printResults(u_int64_t tot_usec) { * @brief Force a pcap_dispatch() or pcap_loop() call to return */ static void breakPcapLoop(u_int16_t thread_id) { - if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { pcap_breakloop(ndpi_thread_info[thread_id].workflow->pcap_handle); } } - - /** * @brief Sigproc is executed for each packet in the pcap file */ @@ -1453,9 +1463,9 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi /** * @brief Check pcap packet */ -static void pcap_packet_callback_checked(u_char *args, - const struct pcap_pkthdr *header, - const u_char *packet) { +static void pcap_process_packet(u_char *args, + const struct pcap_pkthdr *header, + const u_char *packet) { struct ndpi_proto p; u_int16_t thread_id = *((u_int16_t*)args); @@ -1516,13 +1526,13 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer; memcpy(&h, header, sizeof(h)); - + if(h.caplen > (sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4)) { printf("INTERNAL ERROR: caplen=%u\n", h.caplen); - h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; + h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; } - trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; + trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; memcpy(extcap_buf, packet, h.caplen); memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); @@ -1546,6 +1556,28 @@ static void pcap_packet_callback_checked(u_char *args, printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu, caplen=%u]\n", thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count, header->caplen); free(packet_checked); + + if((pcap_end.tv_sec-pcap_start.tv_sec) > pcap_analysis_duration) { + int i; + u_int64_t tot_usec; + + gettimeofday(&end, NULL); + tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + + printResults(tot_usec); + + for(i=0; iprefs.num_roots; i++) { + ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); + ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i] = NULL; + + memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats)); + } + + printf("\n-------------------------------------------\n\n"); + + memcpy(&begin, &end, sizeof(begin)); + memcpy(&pcap_start, &pcap_end, sizeof(pcap_start)); + } } @@ -1553,12 +1585,10 @@ static void pcap_packet_callback_checked(u_char *args, * @brief Call pcap_loop() to process packets from a live capture or savefile */ static void runPcapLoop(u_int16_t thread_id) { - if((!shutdown_app) && (ndpi_thread_info[thread_id].workflow->pcap_handle != NULL)) - pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_packet_callback_checked, (u_char*)&thread_id); + pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_process_packet, (u_char*)&thread_id); } - /** * @brief Process a running thread */ @@ -1583,7 +1613,7 @@ void * processing_thread(void *_thread_id) { if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); pcap_loop: - runPcapLoop(thread_id); + runPcapLoop(thread_id); if(playlist_fp[thread_id] != NULL) { /* playlist: read next file */ char filename[256]; @@ -1603,7 +1633,7 @@ void * processing_thread(void *_thread_id) { * @brief Begin, process, end detection process */ void test_lib() { - struct timeval begin, end; + struct timeval end; u_int64_t tot_usec; long thread_id; @@ -1690,8 +1720,6 @@ int main(int argc, char **argv) { automataUnitTest(); memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); - memset(&pcap_start, 0, sizeof(pcap_start)); - memset(&pcap_end, 0, sizeof(pcap_end)); parseOptions(argc, argv); @@ -1714,7 +1742,7 @@ int main(int argc, char **argv) { if(results_path) free(results_path); if(results_file) fclose(results_file); if(extcap_dumper) pcap_dump_close(extcap_dumper); - + return 0; } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index eb6744ccc..1ba77eb80 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -129,7 +129,7 @@ struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * pre /* ***************************************************** */ -static void ndpi_flow_info_freer(void *node) { +void ndpi_flow_info_freer(void *node) { struct ndpi_flow_info *flow = (struct ndpi_flow_info*)node; ndpi_free_flow_info_half(flow); diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 335c94ddf..9d8f1e446 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -161,4 +161,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); +void ndpi_flow_info_freer(void *node); #endif -- cgit v1.2.3 From 4030b52ecb5c7a98eeb3eadc362eab60521fb565 Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 1 May 2017 14:07:41 +0200 Subject: Added IP Statistics to Port Stats --- example/ndpiReader.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++--- example/ndpi_util.h | 3 +- 2 files changed, 172 insertions(+), 10 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 59ca8b3a1..63e33d783 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -84,9 +84,24 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct info_pair{ + u_int32_t addr; + int count; +}; + +typedef struct node_a{ + u_int32_t addr; + int count; + struct node_a *left, *right; +}addr_node; + struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; + u_int32_t num_addr; /*to hold number of distinct IP addresses*/ + u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses*/ + addr_node *addr_tree; /* to hold distinct IP addresses*/ + struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; UT_hash_handle hh; /* makes this structure hashable */ }; @@ -136,6 +151,9 @@ FILE *trace = NULL; /********************** FUNCTIONS ********************* */ + + + /** * @brief Set main components necessary to the detection */ @@ -764,8 +782,99 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -static void updatePortStats(struct port_stats **stats, u_int32_t port, u_int32_t num_pkts, u_int32_t num_bytes) { +int updateIpTree(const u_int32_t key, addr_node **vrootp){ + addr_node *q; + addr_node **rootp = vrootp; + + if(rootp == (addr_node **)0) + return 0; + + while (*rootp != (addr_node *)0) { /* Knuth's T1: */ + + if(key == ((*rootp)->addr)) { /* T2: */ + return ++((*rootp)->count); + } + + rootp = (key < ((*rootp)->addr)) ? + &(*rootp)->left : /* T3: follow left branch */ + &(*rootp)->right; /* T4: follow right branch */ + } + q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ + if(q != (addr_node *)0) { /* make new node */ + *rootp = q; /* link new node to old */ + q->addr = key; /* initialize new node */ + q->count = 1; + q->left = q->right = (addr_node *)0; + return q->count; + } + +} + +/* *********************************************** */ + +void freeIpTree(addr_node *root) { + while (root != NULL) { + addr_node *left = root->left; + if (left == NULL) { + addr_node *right = root->right; + root->right = NULL; + root = right; + } else { + /* Rotate the left child up.*/ + root->left = left->right; + left->right = root; + root = left; + } + } +} + +/* *********************************************** */ + +void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int size){ + int update = 0; + int min_i = 0; + int min = count; + + if(count == 0) return; + + struct info_pair pair; + pair.addr = addr, pair.count = count; + + /* if the same ip with a bigger + count just update it */ + for(int i=0; iport = port, s->num_pkts = 0, s->num_bytes = 0; + s->num_addr = 1, s->cumulative_addr = 1; + + memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); + updateTopIpAddress(addr, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + + s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); + if(!s->addr_tree) return; + + s->addr_tree->addr = addr; + s->addr_tree->count = 1; + s->addr_tree->left = NULL; + s->addr_tree->right = NULL; + HASH_ADD_INT(*stats, port, s); } + int count = updateIpTree(addr, &(*s).addr_tree); + if(count == UPDATED_TREE) s->num_addr++; + if(count) { + s->cumulative_addr++; + updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + } + s->num_pkts += num_pkts, s->num_bytes += num_bytes; + } /* *********************************************** */ @@ -786,6 +916,8 @@ static void deletePortsStats(struct port_stats *stats) { HASH_ITER(hh, stats, current_port, tmp) { HASH_DEL(stats, current_port); + freeIpTree(current_port->addr_tree); + free(current_port->addr_tree); free(current_port); } } @@ -798,14 +930,18 @@ static void deletePortsStats(struct port_stats *stats) { static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t sport, dport; + u_int32_t saddr, daddr; - if(flow->src_to_dst_direction == 1) - sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); - else - sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); - - updatePortStats(&srcStats, sport, flow->packets, flow->bytes); - updatePortStats(&dstStats, dport, flow->packets, flow->bytes); + if(flow->src_to_dst_direction == 1) { + sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); + saddr = flow->lower_ip, daddr = flow->upper_ip; + } + else { + sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); + saddr = flow->upper_ip, daddr = flow->lower_ip; + } + updatePortStats(&srcStats, sport, saddr, flow->packets, flow->bytes); + updatePortStats(&dstStats, dport, daddr, flow->packets, flow->bytes); } /* *********************************************** */ @@ -1050,13 +1186,38 @@ static int port_stats_sort(void *_a, void *_b) { /* *********************************************** */ +static int info_pair_cmp (const void *_a, const void *_b) +{ + struct info_pair *a = (struct info_pair *)_a; + struct info_pair *b = (struct info_pair *)_b; + return b->count - a->count; +} + +/* *********************************************** */ + void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; + char ip_name[48]; int i = 0; + int first = 1; + HASH_ITER(hh, stats, s, tmp) { i++; - printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); + printf("\t%2d\tPort %5u\t[%u IP address/%u pkts/%u bytes]\n", i, s->port, s->num_addr, s->num_pkts, s->num_bytes); + + qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); + + for(int i=0;itop_ip_addrs[i].count != 0) { + inet_ntop(AF_INET, &s->top_ip_addrs[i].addr, ip_name, sizeof(ip_name)); + printf("\t\t\t\t%s\t%s ~ %.2f%%\n", (first) ? "Top IP Stats:" : "\t", + ip_name, ((s->top_ip_addrs[i].count) * 100.0) / s->cumulative_addr); + first = 0; + } + } + printf("\n"); + first = 1; if(i >= 10) break; } } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 9d8f1e446..ca9f20274 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -38,7 +38,8 @@ #define NUM_ROOTS 512 #define MAX_NDPI_FLOWS 200000000 #define TICK_RESOLUTION 1000 - +#define MAX_NUM_IP_ADDRESS 5 /* len of ip address array */ +#define UPDATED_TREE 1 // flow tracking typedef struct ndpi_flow_info { -- cgit v1.2.3 From 32d02836f01c2c2938750e608c64e0c98775649b Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 1 May 2017 14:37:12 +0200 Subject: fixed syntax for gcc compiler --- example/ndpiReader.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 63e33d783..8fa1b10ce 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -832,6 +832,7 @@ void freeIpTree(addr_node *root) { void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int size){ int update = 0; + int i; int min_i = 0; int min = count; @@ -842,7 +843,7 @@ void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int s /* if the same ip with a bigger count just update it */ - for(int i=0; itop_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); - for(int i=0;itop_ip_addrs[i].count != 0) { - inet_ntop(AF_INET, &s->top_ip_addrs[i].addr, ip_name, sizeof(ip_name)); + for(j=0; jtop_ip_addrs[j].count != 0) { + inet_ntop(AF_INET, &s->top_ip_addrs[j].addr, ip_name, sizeof(ip_name)); printf("\t\t\t\t%s\t%s ~ %.2f%%\n", (first) ? "Top IP Stats:" : "\t", - ip_name, ((s->top_ip_addrs[i].count) * 100.0) / s->cumulative_addr); + ip_name, ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); first = 0; } } + printf("\n"); first = 1; + if(i >= 10) break; } } -- cgit v1.2.3 From a03a343723889c49c33c1011aac13ef61c36f7b7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 19:44:46 +0200 Subject: Minor code cleanup --- example/ndpiReader.c | 103 ++++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8fa1b10ce..ac3d75e77 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -98,9 +98,9 @@ typedef struct node_a{ struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; - u_int32_t num_addr; /*to hold number of distinct IP addresses*/ - u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses*/ - addr_node *addr_tree; /* to hold distinct IP addresses*/ + u_int32_t num_addr; /*to hold number of distinct IP addresses */ + u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses */ + addr_node *addr_tree; /* to hold distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; UT_hash_handle hh; /* makes this structure hashable */ }; @@ -782,50 +782,52 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -int updateIpTree(const u_int32_t key, addr_node **vrootp){ - addr_node *q; - addr_node **rootp = vrootp; +int updateIpTree(const u_int32_t key, addr_node **vrootp) { + addr_node *q; + addr_node **rootp = vrootp; - if(rootp == (addr_node **)0) - return 0; + if(rootp == (addr_node **)0) + return 0; - while (*rootp != (addr_node *)0) { /* Knuth's T1: */ + while (*rootp != (addr_node *)0) { /* Knuth's T1: */ + if(key == ((*rootp)->addr)) { /* T2: */ + return ++((*rootp)->count); + } - if(key == ((*rootp)->addr)) { /* T2: */ - return ++((*rootp)->count); - } + rootp = (key < ((*rootp)->addr)) ? + &(*rootp)->left : /* T3: follow left branch */ + &(*rootp)->right; /* T4: follow right branch */ + } - rootp = (key < ((*rootp)->addr)) ? - &(*rootp)->left : /* T3: follow left branch */ - &(*rootp)->right; /* T4: follow right branch */ - } - q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ - if(q != (addr_node *)0) { /* make new node */ - *rootp = q; /* link new node to old */ - q->addr = key; /* initialize new node */ - q->count = 1; - q->left = q->right = (addr_node *)0; - return q->count; - } + q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ + if(q != (addr_node *)0) { /* make new node */ + *rootp = q; /* link new node to old */ + q->addr = key; /* initialize new node */ + q->count = UPDATED_TREE; + q->left = q->right = (addr_node *)0; + return q->count; + } + return(0); } /* *********************************************** */ void freeIpTree(addr_node *root) { - while (root != NULL) { - addr_node *left = root->left; - if (left == NULL) { - addr_node *right = root->right; - root->right = NULL; - root = right; - } else { - /* Rotate the left child up.*/ - root->left = left->right; - left->right = root; - root = left; - } + while (root != NULL) { + addr_node *left = root->left; + + if(left == NULL) { + addr_node *right = root->right; + root->right = NULL; + root = right; + } else { + /* Rotate the left child up.*/ + root->left = left->right; + left->right = root; + root = left; } + } } /* *********************************************** */ @@ -844,7 +846,7 @@ void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int s /* if the same ip with a bigger count just update it */ for(i=0; inum_addr++; + if(count) { s->cumulative_addr++; updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); } s->num_pkts += num_pkts, s->num_bytes += num_bytes; - } /* *********************************************** */ @@ -1199,21 +1202,19 @@ static int info_pair_cmp (const void *_a, const void *_b) void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; char ip_name[48]; - int i = 0; - int j = 0; - int first = 1; - + int i = 0, j = 0, first = 1; HASH_ITER(hh, stats, s, tmp) { i++; - printf("\t%2d\tPort %5u\t[%u IP address/%u pkts/%u bytes]\n", i, s->port, s->num_addr, s->num_pkts, s->num_bytes); + printf("\t%2d\tPort %5u\t[%u IP address(es)/%u pkts/%u bytes]\n\t\tTop IP Stats:\n", + i, s->port, s->num_addr, s->num_pkts, s->num_bytes); qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); for(j=0; jtop_ip_addrs[j].count != 0) { + if(s->top_ip_addrs[j].count != 0) { inet_ntop(AF_INET, &s->top_ip_addrs[j].addr, ip_name, sizeof(ip_name)); - printf("\t\t\t\t%s\t%s ~ %.2f%%\n", (first) ? "Top IP Stats:" : "\t", + printf("\t\t%-16s ~ %.2f%%\n", ip_name, ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); first = 0; } @@ -1331,7 +1332,7 @@ static void printResults(u_int64_t tot_usec) { float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; - if (live_capture) traffic_duration = tot_usec; + if(live_capture) traffic_duration = tot_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; @@ -1647,8 +1648,8 @@ static void pcap_process_packet(u_char *args, } /* Check if capture is live or not */ - if (!live_capture) { - if (!pcap_start.tv_sec) pcap_start.tv_sec = header->ts.tv_sec, pcap_start.tv_usec = header->ts.tv_usec; + if(!live_capture) { + if(!pcap_start.tv_sec) pcap_start.tv_sec = header->ts.tv_sec, pcap_start.tv_usec = header->ts.tv_usec; pcap_end.tv_sec = header->ts.tv_sec, pcap_end.tv_usec = header->ts.tv_usec; } -- cgit v1.2.3 From 205b82f6ba0018f2b7620a0558bfd78723fc2a2d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 21:20:43 +0200 Subject: Added new API calls - ndpi_add_string_value_to_automa - ndpi_match_string_id --- libndpi.sym | 2 ++ src/include/ndpi_api.h | 24 ++++++++++++++++++++++++ src/lib/ndpi_main.c | 27 +++++++++++++++++++++++++-- 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/libndpi.sym b/libndpi.sym index 3fb3d9c33..6eb2f7bcb 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -41,9 +41,11 @@ ndpi_set_detected_protocol ndpi_match_string_subprotocol ndpi_init_automa ndpi_free_automa +ndpi_add_string_value_to_automa ndpi_add_string_to_automa ndpi_finalize_automa ndpi_match_string +ndpi_match_string_id set_ndpi_malloc set_ndpi_free set_ndpi_debug_function diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index bcc5fe51f..b2c6b6952 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -566,6 +566,18 @@ extern "C" { * * @par The automata initialized with ndpi_init_automa(); * @par The (sub)string to search + * @par The number associated with this string + * @return 0 in case of no error, or -1 if an error occurred. + * + */ + int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num); + + + /** + * Add a string to match to an automata. Same as ndpi_add_string_value_to_automa() with num set to 1 + * + * @par The automata initialized with ndpi_init_automa(); + * @par The (sub)string to search * @return 0 in case of no error, or -1 if an error occurred. * */ @@ -592,6 +604,18 @@ extern "C" { int ndpi_match_string(void *_automa, char *string_to_match); + /** + * Add a string to match to an automata + * + * @par The automata initialized with ndpi_init_automa(); + * @par The (sub)string to search + * @par The id associated with the matched string or 0 id not found. + * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. + * + */ + int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id); + + /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); void set_ndpi_free(void (*__ndpi_free)(void *ptr)); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0c5c0f0ff..8783ef6cd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1858,18 +1858,22 @@ void* ndpi_init_automa(void) { return(ac_automata_init(ac_match_handler)); } -int ndpi_add_string_to_automa(void *_automa, char *str) { +int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num) { AC_PATTERN_t ac_pattern; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; if(automa == NULL) return(-1); ac_pattern.astring = str; - ac_pattern.rep.number = 1; /* Dummy */ + ac_pattern.rep.number = num; ac_pattern.length = strlen(ac_pattern.astring); return(ac_automata_add(automa, &ac_pattern) == ACERR_SUCCESS ? 0 : -1); } +int ndpi_add_string_to_automa(void *_automa, char *str) { + return(ndpi_add_string_value_to_automa(_automa, str, 1)); +} + void ndpi_free_automa(void *_automa) { ac_automata_release((AC_AUTOMATA_t*)_automa); } void ndpi_finalize_automa(void *_automa) { ac_automata_finalize((AC_AUTOMATA_t*)_automa); } @@ -1892,6 +1896,25 @@ int ndpi_match_string(void *_automa, char *string_to_match) { return(matching_protocol_id > 0 ? 0 : -1); } +/* ****************************************************** */ + +int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id) { + AC_TEXT_t ac_input_text; + AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; + + *id = 0; + if((automa == NULL) + || (string_to_match == NULL) + || (string_to_match[0] == '\0')) + return(-2); + + ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match); + ac_automata_search(automa, &ac_input_text, (void*)&id); + ac_automata_reset(automa); + + return(*id > 0 ? *id : -1); +} + /* *********************************************** */ static void free_ptree_data(void *data) { ; } -- cgit v1.2.3 From 5c2fa2d2e7641f8ee09a825a42c3e95554524c8d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 21:36:45 +0200 Subject: Updated results --- tests/result/BGP_Cisco_hdlc_slarp.pcap.out | 1 - tests/result/skype.pcap.out | 312 ++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 290 +++++++++++++-------------- tests/result/starcraft_battle.pcap.out | 8 +- 4 files changed, 305 insertions(+), 306 deletions(-) diff --git a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out index 8b1378917..e69de29bb 100644 --- a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out +++ b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out @@ -1 +0,0 @@ - diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 69fff20f5..e649a386c 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 381 48593 15 +Unknown 404 52712 16 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,7 +7,7 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1933 296729 245 +Skype 1910 292610 244 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,153 +144,152 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 198 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 202 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 208 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 213 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 222 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 230 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 240 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 253 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 278 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 197 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 201 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 207 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 212 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 213 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 214 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 221 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 222 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 223 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 226 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 229 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 239 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 252 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 259 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 277 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -302,10 +301,11 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 3e631832f..6f39106c4 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 216 66695 13 +Unknown 236 70600 14 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1261 185232 222 +Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,143 +128,142 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 120 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] - 121 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] - 123 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] - 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 141 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] - 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 143 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] - 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 149 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] - 150 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] - 151 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 178 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 179 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] - 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 183 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 186 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 189 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 190 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 191 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 201 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 202 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 203 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 205 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 206 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 207 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 209 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 218 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] - 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 228 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] - 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 242 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] - 243 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] - 244 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] - 245 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 250 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 252 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] - 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] + 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] + 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] + 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] + 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: @@ -275,9 +274,10 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 10 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 11 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] - 12 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] + 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] + 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index f2d26ea0a..3d096ba01 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 38 2548 11 +SSL 30 1998 9 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 236 51494 6 +Starcraft 244 52044 8 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 236 51494 6 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] -- cgit v1.2.3 From 4c6f9d5c254124097f857459447284cf924febfd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 21:39:46 +0200 Subject: Result update --- tests/result/skype.pcap.out | 314 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 2 +- tests/result/starcraft_battle.pcap.out | 8 +- 3 files changed, 162 insertions(+), 162 deletions(-) diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index e649a386c..5de0a1e9c 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,13 +1,13 @@ -Unknown 404 52712 16 +Unknown 349 43621 14 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1910 292610 244 +Skype 1973 302309 247 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,152 +144,154 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] + 155 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 159 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 170 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 195 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 197 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 198 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 199 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 203 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 206 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 209 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 211 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 212 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 213 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 214 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 215 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 216 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 223 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 225 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 227 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 228 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 231 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 238 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 239 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 241 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 242 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 243 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 247 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 248 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 249 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 251 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 252 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 253 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 254 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 255 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 256 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 260 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 269 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 274 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 279 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -301,11 +303,9 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 12 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 13 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 6f39106c4..2d9048852 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -261,7 +261,7 @@ MS_OneDrive 348 181687 1 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 3d096ba01..f2d26ea0a 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 30 1998 9 +SSL 38 2548 11 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 244 52044 8 +Starcraft 236 51494 6 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 244 52044 8 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] -- cgit v1.2.3 From 442adce51db0b3fd9fdfe9f80df9e3cb767414c1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 23:05:42 +0200 Subject: Fixed invalid ndpi_match_string_id() return code --- src/lib/ndpi_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b318ce566..1ef83dcc7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1913,17 +1913,17 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id AC_TEXT_t ac_input_text; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; - *id = 0; + *id = -1; if((automa == NULL) || (string_to_match == NULL) || (string_to_match[0] == '\0')) return(-2); ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match); - ac_automata_search(automa, &ac_input_text, (void*)&id); + ac_automata_search(automa, &ac_input_text, (void*)id); ac_automata_reset(automa); - return(*id > 0 ? *id : -1); + return(*id != -1 ? 0 : -1); } /* *********************************************** */ -- cgit v1.2.3 From 1af3d571d93c7baa8fd40322df775e98df01b402 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 2 May 2017 16:50:25 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/371 --- src/lib/third_party/src/ndpi_patricia.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index 13ed71371..b37fffa97 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -769,6 +769,7 @@ ndpi_patricia_lookup (patricia_tree_t *patricia, prefix_t *prefix) } new_node = (patricia_node_t*)ndpi_calloc(1, sizeof *new_node); + if(!new_node) return NULL; new_node->bit = prefix->bitlen; new_node->prefix = ndpi_Ref_Prefix (prefix); new_node->parent = NULL; -- cgit v1.2.3 From 21567e868642a3835491e8a5cf3650eee33b4d3c Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 8 May 2017 08:29:18 +0200 Subject: Added missing direction update with non TCP-UDP protocols --- example/ndpi_util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 1ba77eb80..f756fbaf5 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -318,6 +318,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow // non tcp/udp protocols lower_port = 0; upper_port = 0; + + *src_to_dst_direction = (iph->saddr < iph->daddr) ? 1 : 0; } flow.protocol = iph->protocol, flow.vlan_id = vlan_id; -- cgit v1.2.3 From 5c1954012b282233a7d547a697e8c5c97d1455d8 Mon Sep 17 00:00:00 2001 From: berat Date: Tue, 9 May 2017 19:32:40 +0200 Subject: Added IPv6 support to Port Stats --- example/ndpiReader.c | 102 +++++++++++++++++++++++++-------------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index ac3d75e77..de31b0ab4 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -85,12 +85,12 @@ static time_t capture_until = 0; static u_int32_t num_flows; struct info_pair{ - u_int32_t addr; + char addr[48]; int count; }; typedef struct node_a{ - u_int32_t addr; + char addr[48]; int count; struct node_a *left, *right; }addr_node; @@ -781,28 +781,28 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } /* *********************************************** */ - -int updateIpTree(const u_int32_t key, addr_node **vrootp) { +int updateIpTree(const char *key, addr_node **vrootp) { addr_node *q; addr_node **rootp = vrootp; + int r; if(rootp == (addr_node **)0) return 0; while (*rootp != (addr_node *)0) { /* Knuth's T1: */ - if(key == ((*rootp)->addr)) { /* T2: */ + if((r = strcmp(key, ((*rootp)->addr))) == 0){ /* T2: */ return ++((*rootp)->count); } - rootp = (key < ((*rootp)->addr)) ? + rootp = (r < 0) ? &(*rootp)->left : /* T3: follow left branch */ &(*rootp)->right; /* T4: follow right branch */ } q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ - if(q != (addr_node *)0) { /* make new node */ - *rootp = q; /* link new node to old */ - q->addr = key; /* initialize new node */ + if(q != (addr_node *)0) { /* make new node */ + *rootp = q; /* link new node to old */ + strncpy(q->addr, key, sizeof(q->addr)); /* initialize new node */ q->count = UPDATED_TREE; q->left = q->right = (addr_node *)0; return q->count; @@ -832,33 +832,33 @@ void freeIpTree(addr_node *root) { /* *********************************************** */ -void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int size){ +void updateTopIpAddress(const char *addr, int count, struct info_pair top[], int size){ int update = 0; + int r; int i; int min_i = 0; int min = count; + struct info_pair pair; if(count == 0) return; - struct info_pair pair; - pair.addr = addr, pair.count = count; + strncpy(pair.addr, addr, sizeof(pair.addr)); + pair.count = count; - /* if the same ip with a bigger - count just update it */ + for(i=0; iport = port, s->num_pkts = 0, s->num_bytes = 0; + s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes; s->num_addr = 1, s->cumulative_addr = 1; memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); updateTopIpAddress(addr, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); - + s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); if(!s->addr_tree) return; - s->addr_tree->addr = addr; + strncpy(s->addr_tree->addr, addr, sizeof(s->addr_tree->addr)); s->addr_tree->count = 1; s->addr_tree->left = NULL; s->addr_tree->right = NULL; HASH_ADD_INT(*stats, port, s); } + else{ + count = updateIpTree(addr, &(*s).addr_tree); + + if(count == UPDATED_TREE) s->num_addr++; + + if(count) { + s->cumulative_addr++; + updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + } - count = updateIpTree(addr, &(*s).addr_tree); - if(count == UPDATED_TREE) s->num_addr++; - - if(count) { - s->cumulative_addr++; - updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + s->num_pkts += num_pkts, s->num_bytes += num_bytes; } - - s->num_pkts += num_pkts, s->num_bytes += num_bytes; } /* *********************************************** */ @@ -934,15 +936,18 @@ static void deletePortsStats(struct port_stats *stats) { static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t sport, dport; - u_int32_t saddr, daddr; + char saddr[48]; + char daddr[48]; if(flow->src_to_dst_direction == 1) { sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); - saddr = flow->lower_ip, daddr = flow->upper_ip; + strncpy(saddr, flow->lower_name, sizeof(saddr)); + strncpy(daddr, flow->upper_name, sizeof(daddr)); } else { sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); - saddr = flow->upper_ip, daddr = flow->lower_ip; + strncpy(saddr, flow->upper_name, sizeof(saddr)); + strncpy(daddr, flow->lower_name, sizeof(daddr)); } updatePortStats(&srcStats, sport, saddr, flow->packets, flow->bytes); updatePortStats(&dstStats, dport, daddr, flow->packets, flow->bytes); @@ -1201,8 +1206,7 @@ static int info_pair_cmp (const void *_a, const void *_b) void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; - char ip_name[48]; - int i = 0, j = 0, first = 1; + int i = 0, j = 0; HASH_ITER(hh, stats, s, tmp) { i++; @@ -1213,16 +1217,12 @@ void printPortStats(struct port_stats *stats) { for(j=0; jtop_ip_addrs[j].count != 0) { - inet_ntop(AF_INET, &s->top_ip_addrs[j].addr, ip_name, sizeof(ip_name)); - printf("\t\t%-16s ~ %.2f%%\n", - ip_name, ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); - first = 0; + printf("\t\t%-36s ~ %.2f%%\n", s->top_ip_addrs[j].addr, + ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); } } printf("\n"); - first = 1; - if(i >= 10) break; } } -- cgit v1.2.3 From c2bbe79a3ef4b67bd9d2815c22aef0dd770bf7f1 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 9 May 2017 19:57:47 +0200 Subject: Results update --- tests/result/6in4tunnel.pcap.out | 4 +- tests/result/KakaoTalk_chat.pcap.out | 2 +- tests/result/Viber_session.pcap.out | 2 +- tests/result/skype.pcap.out | 268 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 6 +- tests/result/starcraft_battle.pcap.out | 2 +- tests/result/viber_mobile.pcap.out | 4 +- tests/result/wechat.pcap.out | 12 +- 8 files changed, 150 insertions(+), 150 deletions(-) diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 60ff3e343..2b05f76b9 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -7,10 +7,10 @@ Facebook 37 14726 3 1 TCP [2a03:2880:1010:6f03:face:b00c::2]:53234 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] 3 TCP [2604:a880:1:20::224:b001]:60205 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] - 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] + 4 ICMPV6 [2604:a880:1:20::224:b001]:0 <-> [2001:470:1f16:13f::2]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] - 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] + 7 ICMPV6 [2604:a880:1:20::224:b001]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][2 pkts/258 bytes] 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] 10 TCP [2604:a880:1:20::224:b001]:41538 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 4fee1d276..3cc7ef600 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -12,7 +12,7 @@ KakaoTalk 55 9990 15 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] 4 TCP 120.28.26.242:80 <-> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes] - 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] + 5 ICMP 10.24.82.188:0 <-> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes] 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 81ef39da8..b4b7ac832 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -28,7 +28,7 @@ Amazon 1 66 1 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 19 ICMP 192.168.200.222:0 <-> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 5de0a1e9c..2d5a0e796 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 349 43621 14 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,7 +7,7 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1973 302309 247 +Skype 1941 297337 246 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -166,132 +166,131 @@ MS_OneDrive 387 198090 1 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] - 155 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 159 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 170 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 195 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 196 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 197 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 198 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 199 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 203 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 206 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 209 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 211 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 212 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 213 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 214 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 215 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 216 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 223 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 225 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 227 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 228 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 231 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 238 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 239 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 241 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 242 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 243 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 247 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 248 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 249 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 251 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 252 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 253 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 254 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 255 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 256 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 259 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 260 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 268 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 269 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 274 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 279 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 208 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 213 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 234 IGMP 192.168.0.254:0 <-> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 192.168.1.1:0 <-> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 240 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 253 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 278 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -303,9 +302,10 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 12 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 13 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 2d9048852..876c1e5aa 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -92,7 +92,7 @@ MS_OneDrive 348 181687 1 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes] 80 UDP 192.168.1.34:13021 <-> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes] 81 UDP 192.168.1.34:58061 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 82 IGMP 233.89.188.1:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 82 IGMP 192.168.1.219:0 <-> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes] 83 UDP 192.168.1.34:59237 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][8 pkts/1118 bytes] 85 UDP 192.168.1.34:13021 <-> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes] @@ -230,8 +230,8 @@ MS_OneDrive 348 181687 1 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 220 IGMP 192.168.1.219:0 <-> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes] + 221 IGMP 192.168.0.254:0 <-> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes] 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index f2d26ea0a..96045ebf6 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -48,7 +48,7 @@ Starcraft 236 51494 6 36 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com] 37 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com] 38 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][3 pkts/234 bytes] - 39 IGMP 224.0.0.22:0 <-> 192.168.1.107:0 [proto: 82/IGMP][2 pkts/120 bytes] + 39 IGMP 192.168.1.107:0 <-> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes] 40 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes] 41 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes] 42 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index c311e74b3..7f588ce38 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -46,7 +46,7 @@ Amazon 8 528 1 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 34 ICMP 192.168.200.222:0 <-> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] @@ -65,7 +65,7 @@ Amazon 8 528 1 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 53 ICMP 192.168.200.222:0 <-> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index ed61d910e..d829d5a54 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -56,7 +56,7 @@ WeChat 1277 615827 51 42 TCP 192.168.1.103:35000 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] + 45 ICMPV6 [ff02::2]:0 <-> [fe80::842:a3f3:a286:6c5b]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] 46 UDP [ff02::1:3]:50440 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] @@ -99,10 +99,10 @@ WeChat 1277 615827 51 85 UDP 192.168.1.100:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] 86 UDP 192.168.1.100:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] 87 UDP 192.168.1.100:54124 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] - 88 IGMP 224.0.0.1:0 <-> 192.168.1.254:0 [proto: 82/IGMP][4 pkts/200 bytes] - 89 IGMP 224.0.0.22:0 <-> 192.168.1.100:0 [proto: 82/IGMP][15 pkts/810 bytes] - 90 IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes] - 91 IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes] + 88 IGMP 192.168.1.254:0 <-> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes] + 89 IGMP 192.168.1.100:0 <-> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes] + 90 IGMP 192.168.1.103:0 <-> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes] + 91 IGMP 192.168.1.108:0 <-> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes] 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] 93 TCP 192.168.1.103:34999 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] 94 TCP 192.168.1.103:34981 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] @@ -117,4 +117,4 @@ WeChat 1277 615827 51 Undetected flows: - 1 0 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes] + 1 0 [ff02::16]:0 <-> [fe80::842:a3f3:a286:6c5b]:0 [proto: 0/Unknown][1 pkts/110 bytes] -- cgit v1.2.3 From 8a7dc10f511462e4857e9fee31980772209e7d2a Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Wed, 10 May 2017 14:16:46 +0300 Subject: Fix out-of-bounds heap read caused by using header->len instead of header->caplen (as provided in pcap_loop) --- example/ndpi_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index f756fbaf5..b07a41e03 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -908,7 +908,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* process the packet */ return(packet_processing(workflow, time, vlan_id, iph, iph6, - ip_offset, header->len - ip_offset, header->len)); + ip_offset, header->caplen - ip_offset, header->caplen)); } /* ********************************************************** */ -- cgit v1.2.3 From cd26942edf5686455f051205e5c3454588d7409a Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 11 May 2017 15:48:12 +0200 Subject: delete check for old protocol --- src/lib/protocols/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 69f06e714..94f3ad7e3 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -358,7 +358,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) +#if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; // struct ndpi_id_struct *src=flow->src; // struct ndpi_id_struct *dst=flow->dst; -- cgit v1.2.3 From f2730f06a06541e870f6a04543b632a79ade3ebd Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Fri, 12 May 2017 14:43:28 +0200 Subject: Changlogs for the forthcoming release --- CHANGELOG.md | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ChangeLog | 16 ----------- 2 files changed, 86 insertions(+), 16 deletions(-) create mode 100644 CHANGELOG.md delete mode 100644 ChangeLog diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..9bc18769a --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,86 @@ +# CHANGELOG + +#### nDPI 2.0 (May 2017) + +## Main New Features + +* nDPI Wireshark plugin for Layer-7 protocol dissection. The plugin, available via an extcap interface, passes Wireshark the nDPI-detected protocols by adding an ethernet packet trailer that is then interpreted and displayed inside the Wireshark GUI. Readme: https://github.com/ntop/nDPI/blob/dev/wireshark/README.md + + +## New Supported Protocols and Services + +* STARTTLS +* IMAPS +* DNScrypt +* QUIC (Quick UDP Internet Connections) +* AMQP (Advanced Message Queueing Protocol) +* Ookla (SpeedTest) +* BJNP +* AFP (Apple Filing Protocol) +* SMPP (Short Message Peer-to-Peer) +* VNC +* OpenVPN +* OpenDNS +* RX protocol (used by AFS) +* CoAP and MQTT (IoT specific protocols) +* Cloudflare +* Office 365 +* OCS +* MS Lync +* Ubiquity AirControl 2 +* HEP (Extensible Encapsulation Protocol) +* WhatsApp Voice vs WhatsApp (chat, no voice) +* Viber +* Wechat +* Github +* Hotmail +* Slack +* Instagram +* Snapchat +* MPEG TS protocol +* Twitch +* KakaoTalk Voice and Chat +* Meu +* EAQ +* iQIYI media service +* Weibo +* PPStream + + +## Improvements + +* SSH client/server version dissection +* Improved SSL dissection +* SSL server certificate detection +* Added double tagging 802.1Q in dissection of vlan-tagged packets +* Improved netBIOS dissection +* Improved Skype detection +* Improved Netflix traffic detection +* Improved HTTP subprotocol matching +* Implemented DHCP host name extraction +* Updated Facebook detection by ip server ranges +* Updated Twitter networks +* Improved Microsoft detection +* Enhanced Google detection +* Improved BT-uTP protocol dissection +* Added detection of Cisco datalink layer (Cisco hDLC and Cisco SLARP) + + +#### Older releases + +#### 2014-03-21 +* improved support for eDonkey/eMule/Kademlia +* improved support for PPLive + +#### 2014-03-20 +* code optimizations +* consistency improvements +* added support for new applications: Pando Media Booster +* improved support for Steam +* added support for new web services: Wikipedia, MSN, Amazon, eBay, CNN + +#### 2014-03-19 +* added new protocols: FTP, code improvements + +#### 2014-03-17 +* added new protocols: SOCKSv4, SOCKSv5, RTMP diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 9bd7818c0..000000000 --- a/ChangeLog +++ /dev/null @@ -1,16 +0,0 @@ -2014-03-21: -- improved support for eDonkey/eMule/Kademlia -- improved support for PPLive - -2014-03-20: -- code optimizations -- consistency improvements -- added support for new applications: Pando Media Booster -- improved support for Steam -- added support for new web services: Wikipedia, MSN, Amazon, eBay, CNN - -2014-03-19: -- added new protocols: FTP, code improvements - -2014-03-17: -- added new protocols: SOCKSv4, SOCKSv5, RTMP -- cgit v1.2.3 From 0091f35e024cd55413a4b84b095828020e578120 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 17 May 2017 15:50:59 +0200 Subject: Reworked flow structure handler --- example/ndpiReader.c | 35 +++++---------- example/ndpi_util.c | 120 +++++++++++++++++++-------------------------------- example/ndpi_util.h | 5 ++- 3 files changed, 58 insertions(+), 102 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index de31b0ab4..001e60249 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -611,20 +611,13 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); - if(flow->src_to_dst_direction == 1) - fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", - (flow->ip_version == 6) ? "[" : "", - flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port), - (flow->ip_version == 6) ? "[" : "", - flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port) - ); - else - fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", - (flow->ip_version == 6) ? "[" : "", - flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port), - (flow->ip_version == 6) ? "[" : "", - flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port) - ); + fprintf(out, "%s%s%s:%u %s %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port), + flow->bidirectional ? "<->" : "->", + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port) + ); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); @@ -939,16 +932,10 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi char saddr[48]; char daddr[48]; - if(flow->src_to_dst_direction == 1) { - sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); - strncpy(saddr, flow->lower_name, sizeof(saddr)); - strncpy(daddr, flow->upper_name, sizeof(daddr)); - } - else { - sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); - strncpy(saddr, flow->upper_name, sizeof(saddr)); - strncpy(daddr, flow->lower_name, sizeof(daddr)); - } + sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); + strncpy(saddr, flow->lower_name, sizeof(saddr)); + strncpy(daddr, flow->upper_name, sizeof(daddr)); + updatePortStats(&srcStats, sport, saddr, flow->packets, flow->bytes); updatePortStats(&dstStats, dport, daddr, flow->packets, flow->bytes); } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index b07a41e03..53486229f 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -155,14 +155,36 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { struct ndpi_flow_info *fa = (struct ndpi_flow_info*)a; struct ndpi_flow_info *fb = (struct ndpi_flow_info*)b; - if(fa->vlan_id < fb->vlan_id ) return(-1); else { if(fa->vlan_id > fb->vlan_id ) return(1); } + if(fa->hashval < fb->hashval) return(-1); else if(fa->hashval > fb->hashval) return(1); + + /* Flows have the same hash */ + + if(fa->vlan_id < fb->vlan_id ) return(-1); else { if(fa->vlan_id > fb->vlan_id ) return(1); } + if(fa->protocol < fb->protocol ) return(-1); else { if(fa->protocol > fb->protocol ) return(1); } + + if( + ( + (fa->lower_ip == fb->lower_ip ) + && (fa->lower_port == fb->lower_port) + && (fa->upper_ip == fb->upper_ip ) + && (fa->upper_port == fb->upper_port) + ) + || + ( + (fa->lower_ip == fb->upper_ip ) + && (fa->lower_port == fb->upper_port) + && (fa->upper_ip == fb->lower_ip ) + && (fa->upper_port == fb->lower_port) + ) + ) + return(0); + if(fa->lower_ip < fb->lower_ip ) return(-1); else { if(fa->lower_ip > fb->lower_ip ) return(1); } if(fa->lower_port < fb->lower_port) return(-1); else { if(fa->lower_port > fb->lower_port) return(1); } if(fa->upper_ip < fb->upper_ip ) return(-1); else { if(fa->upper_ip > fb->upper_ip ) return(1); } if(fa->upper_port < fb->upper_port) return(-1); else { if(fa->upper_port > fb->upper_port) return(1); } - if(fa->protocol < fb->protocol ) return(-1); else { if(fa->protocol > fb->protocol ) return(1); } - - return(0); + + return(0); /* notreached */ } /* ***************************************************** */ @@ -202,11 +224,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow u_int8_t **payload, u_int16_t *payload_len, u_int8_t *src_to_dst_direction) { - u_int32_t idx, l4_offset; - u_int32_t lower_ip; - u_int32_t upper_ip; - u_int16_t lower_port; - u_int16_t upper_port; + u_int32_t idx, l4_offset, hashval; struct ndpi_flow_info flow; void *ret; u_int8_t *l3, *l4; @@ -246,14 +264,6 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(l4_packet_len > workflow->stats.max_packet_len) workflow->stats.max_packet_len = l4_packet_len; - if(iph->saddr < iph->daddr) { - lower_ip = iph->saddr; - upper_ip = iph->daddr; - } else { - lower_ip = iph->daddr; - upper_ip = iph->saddr; - } - *proto = iph->protocol; l4 = ((u_int8_t *) l3 + l4_offset); @@ -264,25 +274,6 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow workflow->stats.tcp_count++; *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); - - if(iph->saddr < iph->daddr) { - lower_port = (*tcph)->source, upper_port = (*tcph)->dest; - *src_to_dst_direction = 1; - } else { - lower_port = (*tcph)->dest; - upper_port = (*tcph)->source; - - *src_to_dst_direction = 0; - if(iph->saddr == iph->daddr) { - if(lower_port > upper_port) { - u_int16_t p = lower_port; - - lower_port = upper_port; - upper_port = p; - } - } - } - tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); @@ -294,42 +285,16 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); *payload = &l4[sizeof(struct ndpi_udphdr)]; *payload_len = ndpi_max(0, l4_packet_len-sizeof(struct ndpi_udphdr)); - - if(iph->saddr < iph->daddr) { - lower_port = (*udph)->source, upper_port = (*udph)->dest; - *src_to_dst_direction = 1; - } else { - lower_port = (*udph)->dest, upper_port = (*udph)->source; - - *src_to_dst_direction = 0; - - if(iph->saddr == iph->daddr) { - if(lower_port > upper_port) { - u_int16_t p = lower_port; - - lower_port = upper_port; - upper_port = p; - } - } - } - - *sport = ntohs(lower_port), *dport = ntohs(upper_port); } else { // non tcp/udp protocols - lower_port = 0; - upper_port = 0; - - *src_to_dst_direction = (iph->saddr < iph->daddr) ? 1 : 0; + *sport = *dport = 0; } flow.protocol = iph->protocol, flow.vlan_id = vlan_id; - flow.lower_ip = lower_ip, flow.upper_ip = upper_ip; - flow.lower_port = lower_port, flow.upper_port = upper_port; - - NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_DEBUG, "[NDPI] [%u][%u:%u <-> %u:%u]\n", - iph->protocol, lower_ip, ntohs(lower_port), upper_ip, ntohs(upper_port)); - - idx = (vlan_id + lower_ip + upper_ip + iph->protocol + lower_port + upper_port) % workflow->prefs.num_roots; + flow.lower_ip = iph->saddr, flow.upper_ip = iph->daddr; + flow.lower_port = htons(*sport), flow.upper_port = htons(*dport); + flow.hashval = hashval = flow.protocol + flow.vlan_id + flow.lower_ip + flow.upper_ip + flow.lower_port + flow.upper_port; + idx = hashval % workflow->prefs.num_roots; ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); if(ret == NULL) { @@ -347,15 +312,15 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } memset(newflow, 0, sizeof(struct ndpi_flow_info)); + newflow->hashval = hashval; newflow->protocol = iph->protocol, newflow->vlan_id = vlan_id; - newflow->lower_ip = lower_ip, newflow->upper_ip = upper_ip; - newflow->lower_port = lower_port, newflow->upper_port = upper_port; + newflow->lower_ip = iph->saddr, newflow->upper_ip = iph->daddr; + newflow->lower_port = htons(*sport), newflow->upper_port = htons(*dport); newflow->ip_version = version; - newflow->src_to_dst_direction = *src_to_dst_direction; if(version == IPVERSION) { - inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); - inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); + inet_ntop(AF_INET, &newflow->lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); + inet_ntop(AF_INET, &newflow->upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); } else { inet_ntop(AF_INET6, &iph6->ip6_src, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET6, &iph6->ip6_dst, newflow->upper_name, sizeof(newflow->upper_name)); @@ -394,11 +359,14 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } else { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)ret; - if(flow->lower_ip == lower_ip && flow->upper_ip == upper_ip - && flow->lower_port == lower_port && flow->upper_port == upper_port) - *src = flow->src_id, *dst = flow->dst_id; + if(flow->lower_ip == iph->saddr + && flow->upper_ip == iph->daddr + && flow->lower_port == htons(*sport) + && flow->upper_port == htons(*dport) + ) + *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; else - *src = flow->dst_id, *dst = flow->src_id; + *src = flow->dst_id, *dst = flow->src_id, *src_to_dst_direction = 0, flow->bidirectional = 1; return flow; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index ca9f20274..950f65f5a 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -43,11 +43,12 @@ // flow tracking typedef struct ndpi_flow_info { + u_int32_t hashval; u_int32_t lower_ip; u_int32_t upper_ip; u_int16_t lower_port; u_int16_t upper_port; - u_int8_t detection_completed, protocol, src_to_dst_direction; + u_int8_t detection_completed, protocol, bidirectional; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; char lower_name[48], upper_name[48]; @@ -55,7 +56,7 @@ typedef struct ndpi_flow_info { u_int64_t last_seen; u_int64_t bytes; u_int32_t packets; - + // result only, not used for flow identification ndpi_protocol detected_protocol; -- cgit v1.2.3 From 99c9f1d36ba919e7e1865db594c7a95385a644ef Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 17 May 2017 15:53:52 +0200 Subject: Updated results are ndpiReader output has been modified --- tests/result/1kxun.pcap.out | 200 +++++++-------- tests/result/6in4tunnel.pcap.out | 12 +- tests/result/BGP_redist.pcap.out | 4 +- tests/result/EAQ.pcap.out | 42 +-- tests/result/Instagram.pcap.out | 16 +- tests/result/KakaoTalk_chat.pcap.out | 10 +- tests/result/KakaoTalk_talk.pcap.out | 14 +- tests/result/NTPv2.pcap.out | 2 +- tests/result/NTPv3.pcap.out | 2 +- tests/result/NTPv4.pcap.out | 2 +- tests/result/Viber_session.pcap.out | 28 +- tests/result/bittorrent.pcap.out | 12 +- tests/result/bt_search.pcap.out | 2 +- tests/result/coap_mqtt.pcap.out | 10 +- tests/result/dropbox.pcap.out | 50 ++-- tests/result/hangout.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 22 +- tests/result/mpegts.pcap.out | 2 +- tests/result/msnms.pcap.out | 2 +- tests/result/mssql_tds.pcap.out | 18 +- tests/result/netflix.pcap.out | 38 +-- tests/result/ocs.pcap.out | 40 +-- tests/result/pps.pcap.out | 120 ++++----- tests/result/quic.pcap.out | 2 +- tests/result/skype.pcap.out | 414 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 400 ++++++++++++++--------------- tests/result/starcraft_battle.pcap.out | 18 +- tests/result/tor.pcap.out | 8 +- tests/result/ubntac2.pcap.out | 16 +- tests/result/viber_mobile.pcap.out | 52 ++-- tests/result/webex.pcap.out | 2 +- tests/result/wechat.pcap.out | 102 ++++---- tests/result/weibo.pcap.out | 24 +- tests/result/whatsapp_login_call.pcap.out | 42 +-- tests/result/whatsapp_login_chat.pcap.out | 12 +- 35 files changed, 871 insertions(+), 871 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index f0e7365a9..1f415d2f8 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -17,133 +17,133 @@ Lync 2 132 1 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][23 pkts/7434 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] - 3 UDP [ff02::1:3]:53938 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 4 UDP [ff02::1:3]:61548 <-> [fe80::9bd:81dd:2fdc:5750]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 5 UDP [ff02::1:3]:58468 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] - 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] + 3 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] + 4 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] + 5 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] + 6 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][client: 1] 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][client: 1] 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][client: 1] - 10 UDP [ff02::1:3]:64568 <-> [fe80::9bd:81dd:2fdc:5750]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 11 UDP [ff02::1:3]:61172 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] + 10 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] + 11 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] - 13 UDP [ff02::1:3]:50194 <-> [fe80::4568:efbc:40b1:1346]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] + 13 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] - 15 UDP 192.168.5.45:59461 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 16 UDP 192.168.5.45:59789 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 15 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 16 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] - 18 UDP 192.168.5.48:49701 <-> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] - 19 UDP [ff02::1:3]:57148 <-> [fe80::4568:efbc:40b1:1346]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] - 20 UDP 192.168.3.95:51451 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] - 21 UDP 192.168.5.44:51389 <-> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes] + 18 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] + 19 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] + 20 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] + 21 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes] 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: macbook-air] - 23 UDP 192.168.5.41:55593 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: kevin-pc] - 24 UDP 192.168.101.33:55485 <-> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes] - 25 UDP 192.168.3.236:56043 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] + 23 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: kevin-pc] + 24 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes] + 25 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] - 27 UDP 192.168.5.57:55809 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes] - 28 UDP 192.168.5.50:57143 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] - 29 UDP 192.168.5.37:57325 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] - 30 UDP 192.168.3.95:58779 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] - 31 UDP 192.168.5.44:59571 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] + 27 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes] + 28 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] + 29 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] + 30 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] + 31 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] - 33 UDP 192.168.5.48:59797 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: kasper-mac] - 34 UDP 192.168.5.47:60267 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes] - 35 UDP 192.168.10.110:60480 <-> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes] - 36 UDP 192.168.5.47:61603 <-> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes] - 37 UDP 192.168.3.236:62069 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] - 38 UDP 192.168.125.30:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] - 39 UDP 192.168.10.7:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] - 40 UDP [ff02::1:3]:57143 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] - 41 UDP 192.168.140.140:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes] + 33 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: kasper-mac] + 34 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes] + 35 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes] + 36 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes] + 37 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] + 38 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] + 39 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] + 40 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes] + 41 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] - 43 UDP [ff02::1:3]:61603 <-> [fe80::edf5:240a:c8c0:8312]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] - 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] + 43 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] + 44 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080] 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] - 47 UDP [ff02::1:3]:51451 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 47 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] - 49 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] - 50 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] - 51 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] - 52 UDP [ff02::1:2]:546 <-> [fe80::f65c:89ff:fe89:e607]:547 [proto: 103/DHCPV6][1 pkts/98 bytes] - 53 UDP [ff02::1:3]:58779 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] - 54 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] - 55 UDP 59.120.208.218:50151 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 56 UDP [ff02::1:3]:49735 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] + 49 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] + 50 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] + 51 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] + 52 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes] + 53 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 54 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] + 55 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] + 56 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][25 pkts/4950 bytes][Host: vv.video.qq.com] 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] - 61 UDP [ff02::c]:1900 <-> [fe80::9bd:81dd:2fdc:5750]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] + 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][client: 1] 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] - 66 UDP [ff02::1:3]:63659 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 67 UDP [ff02::1:2]:546 <-> [fe80::406:55a8:6453:25dd]:547 [proto: 103/DHCPV6][5 pkts/490 bytes] - 68 UDP 192.168.5.50:49766 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] - 69 UDP 192.168.5.50:50030 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] - 70 UDP 192.168.115.8:51458 <-> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes][Host: wpad] - 71 UDP 192.168.3.236:51714 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] - 72 UDP 192.168.5.49:51704 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] - 73 UDP 192.168.115.8:137 <-> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes] - 74 UDP 192.168.5.67:138 <-> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes] - 75 UDP 192.168.5.45:137 <-> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes] - 76 UDP 192.168.5.45:138 <-> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes] - 77 UDP 192.168.3.236:137 <-> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes] - 78 UDP 192.168.0.104:137 <-> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes] - 79 UDP 192.168.5.47:53962 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: ro_x1c] - 80 UDP 192.168.5.41:54470 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: kevin-pc] - 81 UDP 192.168.5.37:54506 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] - 82 UDP 192.168.3.95:54888 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] - 83 UDP 192.168.5.41:55312 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes] - 84 UDP 192.168.5.9:55484 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] - 85 UDP [ff02::1:3]:49766 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] - 86 UDP 192.168.5.37:56366 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] + 66 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] + 67 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes] + 68 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] + 69 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] + 70 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes][Host: wpad] + 71 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] + 72 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] + 73 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes] + 74 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes] + 75 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes] + 76 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes] + 77 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes] + 78 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes] + 79 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: ro_x1c] + 80 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: kevin-pc] + 81 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] + 82 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] + 83 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes] + 84 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] + 85 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] + 86 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] - 88 UDP 192.168.101.33:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 89 UDP 192.168.5.9:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 90 UDP 192.168.5.44:58702 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] - 91 UDP 192.168.5.44:59062 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: jason-pc] - 92 UDP [ff02::1:3]:53962 <-> [fe80::edf5:240a:c8c0:8312]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] - 93 UDP 192.168.3.236:59730 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes][Host: sonusav] - 94 UDP 192.168.3.95:59468 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] - 95 UDP 192.168.5.49:61548 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] + 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] + 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] + 90 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] + 91 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: jason-pc] + 92 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] + 93 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes][Host: sonusav] + 94 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] + 95 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] 96 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][9 pkts/4347 bytes] 97 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][10 pkts/2493 bytes] - 98 UDP 192.168.5.50:62756 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] - 99 UDP 192.168.101.33:62822 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 100 UDP 192.168.5.9:62822 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 101 UDP 192.168.5.57:64428 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] - 102 UDP 192.168.5.49:64568 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] - 103 UDP 192.168.5.50:64674 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] - 104 UDP 192.168.5.57:65150 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] - 105 UDP 192.168.3.236:65496 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] + 98 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] + 99 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] + 100 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] + 101 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] + 102 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] + 103 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] + 104 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] + 105 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][3 pkts/176 bytes] - 107 UDP 192.168.119.1:67 <-> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes] - 108 UDP 192.168.5.9:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: joanna-pc] - 109 UDP 192.168.5.41:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] - 110 UDP [ff02::1:2]:546 <-> [fe80::beee:7bff:fe0c:b3de]:547 [proto: 103/DHCPV6][4 pkts/392 bytes] - 111 UDP [ff02::1:3]:62756 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] - 112 UDP 59.120.208.212:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes] - 113 UDP 192.168.5.64:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes] - 114 TCP 192.168.5.16:53605 <-> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes] - 115 TCP 192.168.5.16:53613 <-> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes] - 116 UDP 192.168.5.16:123 <-> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes] + 107 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes] + 108 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: joanna-pc] + 109 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] + 110 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes] + 111 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] + 112 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes] + 113 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes] + 114 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes] + 115 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes] + 116 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes] 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][14 pkts/2858 bytes][Host: jp.kankan.1kxun.mobi] 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][43 pkts/31191 bytes][Host: pic.1kxun.com] - 119 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] - 120 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] - 121 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] - 122 UDP [ff02::1:3]:54888 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 119 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] + 120 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] + 121 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] + 122 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] Undetected flows: - 1 UDP 192.168.0.100:50925 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes] - 2 UDP [ff02::1]:62976 <-> [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 [proto: 0/Unknown][2 pkts/782 bytes] - 3 UDP [ff02::1]:62976 <-> [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 [proto: 0/Unknown][2 pkts/782 bytes] - 4 UDP 192.168.119.1:56861 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes] - 5 UDP [ff02::1]:5678 <-> [fe80::4e5e:cff:fe9a:ec54]:5678 [proto: 0/Unknown][1 pkts/185 bytes] - 6 UDP [ff02::1]:5678 <-> [fe80::4e5e:cff:feea:365]:5678 [proto: 0/Unknown][1 pkts/197 bytes] - 7 UDP 192.168.119.2:43786 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes] + 1 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes] + 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] + 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] + 4 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes] + 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes] + 6 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes] + 7 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 2b05f76b9..3377c823a 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,13 +4,13 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2a03:2880:1010:6f03:face:b00c::2]:53234 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2604:a880:1:20::224:b001]:60205 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] - 4 ICMPV6 [2604:a880:1:20::224:b001]:0 <-> [2001:470:1f16:13f::2]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] - 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] + 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] + 4 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] + 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] - 7 ICMPV6 [2604:a880:1:20::224:b001]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] + 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][2 pkts/258 bytes] 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] - 10 TCP [2604:a880:1:20::224:b001]:41538 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] + 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] diff --git a/tests/result/BGP_redist.pcap.out b/tests/result/BGP_redist.pcap.out index 5368c157a..a65505a52 100644 --- a/tests/result/BGP_redist.pcap.out +++ b/tests/result/BGP_redist.pcap.out @@ -1,4 +1,4 @@ BGP 2 322 2 - 1 TCP 2.2.2.2:179 <-> 4.4.4.4:63535 [proto: 13/BGP][1 pkts/163 bytes] - 2 TCP 2.2.2.2:179 <-> 5.5.5.5:49433 [proto: 13/BGP][1 pkts/159 bytes] + 1 TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][1 pkts/163 bytes] + 2 TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][1 pkts/159 bytes] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index b3afccfc0..1485ad1d6 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -2,33 +2,33 @@ Google 23 11743 2 EAQ 174 10092 29 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][14 pkts/10589 bytes][Host: www.google.com.br] - 2 UDP 10.8.0.1:34687 <-> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 3 UDP 10.8.0.1:36577 <-> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 2 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 3 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] 4 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][9 pkts/1154 bytes][Host: www.google.com] - 5 UDP 10.8.0.1:37985 <-> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 6 UDP 10.8.0.1:39221 <-> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 5 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 6 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] 7 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][10 pkts/580 bytes] 8 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][10 pkts/580 bytes] 9 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 10 UDP 10.8.0.1:48563 <-> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 10 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] 11 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 12 UDP 10.8.0.1:50175 <-> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 12 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] 13 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 14 UDP 10.8.0.1:53059 <-> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 15 UDP 10.8.0.1:59959 <-> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 16 UDP 10.8.0.1:60013 <-> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 17 UDP 10.8.0.1:33356 <-> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 18 UDP 10.8.0.1:36552 <-> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 19 UDP 10.8.0.1:40058 <-> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 20 UDP 10.8.0.1:41438 <-> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 14 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 15 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 16 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 17 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 18 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 19 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 20 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] 21 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 22 UDP 10.8.0.1:43934 <-> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 23 UDP 10.8.0.1:47346 <-> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 24 UDP 10.8.0.1:47714 <-> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 25 UDP 10.8.0.1:48666 <-> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 22 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 23 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 24 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 25 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] 26 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][10 pkts/580 bytes] 27 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 28 UDP 10.8.0.1:53354 <-> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 29 UDP 10.8.0.1:56128 <-> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 30 UDP 10.8.0.1:57004 <-> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 31 UDP 10.8.0.1:59098 <-> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 28 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 29 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] + 30 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 31 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index edd889471..7656d8080 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -6,26 +6,26 @@ Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 - 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] + 1 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] - 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] + 3 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] - 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] + 9 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] - 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] + 16 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] - 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] + 20 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] @@ -33,11 +33,11 @@ Instagram 363 255094 16 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][25 pkts/23525 bytes] 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] - 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] + 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][client: igcdn-photos-g-a.akamaihd.net] 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com] - 31 TCP 192.168.0.103:58053 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] + 31 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] Undetected flows: - 1 UDP 192.168.0.1:520 <-> 192.168.0.255:520 [proto: 0/Unknown][1 pkts/66 bytes] + 1 UDP 192.168.0.1:520 -> 192.168.0.255:520 [proto: 0/Unknown][1 pkts/66 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 3cc7ef600..4773e4504 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -11,11 +11,11 @@ KakaoTalk 55 9990 15 1 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] - 4 TCP 120.28.26.242:80 <-> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes] - 5 ICMP 10.24.82.188:0 <-> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes] + 4 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes] + 5 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes] 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] - 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] + 8 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] 10 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] 11 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] @@ -33,13 +33,13 @@ KakaoTalk 55 9990 15 23 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] + 26 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] - 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 32 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index ec1315984..c50e8821b 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -12,21 +12,21 @@ WeChat 15 1727 1 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][5 pkts/280 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] - 3 TCP 173.194.117.229:443 <-> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 3 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes] 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] 5 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] - 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] + 6 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] 7 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] - 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] + 8 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] 9 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 11 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] + 11 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][40 pkts/10538 bytes] - 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] + 13 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][1488 pkts/198510 bytes] 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] 18 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][1503 pkts/200241 bytes] - 19 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 19 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/NTPv2.pcap.out b/tests/result/NTPv2.pcap.out index 8172344ec..f056be127 100644 --- a/tests/result/NTPv2.pcap.out +++ b/tests/result/NTPv2.pcap.out @@ -1,3 +1,3 @@ NTP 1 410 1 - 1 UDP 208.104.95.10:123 <-> 78.46.76.2:80 [proto: 9/NTP][1 pkts/410 bytes] + 1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][1 pkts/410 bytes] diff --git a/tests/result/NTPv3.pcap.out b/tests/result/NTPv3.pcap.out index 54953afda..e75e80d0a 100644 --- a/tests/result/NTPv3.pcap.out +++ b/tests/result/NTPv3.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 175.144.140.29:123 <-> 78.46.76.2:80 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/NTPv4.pcap.out b/tests/result/NTPv4.pcap.out index 3794393bf..32e9c5f96 100644 --- a/tests/result/NTPv4.pcap.out +++ b/tests/result/NTPv4.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 85.22.62.120:123 <-> 78.46.76.11:123 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index b4b7ac832..3c3340283 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -12,42 +12,42 @@ Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][9 pkts/692 bytes] - 3 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][5 pkts/412 bytes] 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][23 pkts/3345 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 8 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] + 8 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] 9 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 10 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] - 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] + 12 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 15 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 19 ICMP 192.168.200.222:0 <-> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] + 19 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] - 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 25 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] 27 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] 28 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4143 pkts/390781 bytes] - 29 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 30 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] + 29 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 30 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] 31 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index a0993283b..32cab76d7 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -1,23 +1,23 @@ BitTorrent 299 305728 24 - 1 TCP 192.168.1.3:52908 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 1 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 2 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 4 TCP 192.168.1.3:52925 <-> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 4 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][4 pkts/1401 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][5 pkts/1281 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 7 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][5 pkts/1213 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 8 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][5 pkts/1212 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 9 TCP 192.168.1.3:52894 <-> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 10 TCP 192.168.1.3:52910 <-> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 9 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 10 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 11 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][8 pkts/1558 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 12 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][5 pkts/1378 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 13 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 14 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][4 pkts/614 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][7 pkts/1550 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 16 TCP 192.168.1.3:52893 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 16 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][4 pkts/612 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 18 TCP 192.168.1.3:52909 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 18 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][6 pkts/1261 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][210 pkts/285139 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][3 pkts/930 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/bt_search.pcap.out b/tests/result/bt_search.pcap.out index 5ea9fe8fb..9671edf0d 100644 --- a/tests/result/bt_search.pcap.out +++ b/tests/result/bt_search.pcap.out @@ -1,3 +1,3 @@ BitTorrent 2 322 1 - 1 UDP 192.168.0.102:6771 <-> 239.192.152.143:6771 [proto: 37/BitTorrent][2 pkts/322 bytes] + 1 UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][2 pkts/322 bytes] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 6deb36358..c17023521 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -2,16 +2,16 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 7695 668291 4 - 1 UDP [2001:620:8:35d9::10]:61043 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 2 UDP [2001:620:8:35d9::10]:61045 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 3 UDP [2001:620:8:35d9::10]:61047 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/90 bytes] + 1 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 2 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes] 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][1926 pkts/167126 bytes] 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/404 bytes] 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][6 pkts/467 bytes] - 9 UDP [2001:620:8:35d9::10]:61044 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 10 UDP [2001:620:8:35d9::10]:61046 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][1922 pkts/166928 bytes] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index cb9edfe34..ebbc87f26 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -3,7 +3,7 @@ SSDP 140 61108 22 Dropbox 1104 246122 16 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/744 bytes][Host: notify.dropbox.com] - 2 UDP 192.168.1.105:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] + 2 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][34 pkts/18026 bytes][client: client.dropbox.com] 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][8 pkts/1390 bytes][Host: log.getdropbox.com] 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][22 pkts/11392 bytes][client: notify.dropbox.com] @@ -11,33 +11,33 @@ Dropbox 1104 246122 16 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/822 bytes][Host: client.dropbox.com] 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] 9 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] - 10 UDP 192.168.1.101:1280 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 11 UDP 192.168.1.101:1346 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 12 UDP 192.168.1.101:1650 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 13 UDP 192.168.1.101:1908 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 14 UDP 192.168.1.101:2544 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 15 UDP 192.168.1.101:2604 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 16 UDP 192.168.1.101:3412 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 17 UDP 192.168.1.101:4974 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 10 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 11 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 12 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 13 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 14 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 15 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 16 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 17 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] 18 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/774 bytes][Host: client-cf.dropbox.com] - 19 UDP 192.168.1.105:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 20 UDP 192.168.1.254:50828 <-> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes] + 19 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] + 20 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes] 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] - 23 UDP 192.168.1.106:57268 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] + 23 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][20 pkts/3928 bytes][Host: log.getdropbox.com] - 26 UDP 192.168.1.101:2169 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 27 UDP 192.168.1.101:2141 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 28 UDP 192.168.1.101:2159 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 29 UDP 192.168.1.101:2873 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 30 UDP 192.168.1.101:2991 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 31 UDP 192.168.1.101:3547 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 32 UDP 192.168.1.101:3731 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 33 UDP 192.168.1.101:3777 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 34 UDP 192.168.1.101:3959 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 35 UDP 192.168.1.101:4171 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 36 UDP 192.168.1.101:4169 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 37 UDP 192.168.1.106:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes] - 38 UDP 192.168.1.101:4625 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 26 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 27 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 28 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 29 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 30 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 31 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 32 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 33 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] + 34 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 35 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 36 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] + 37 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes] + 38 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][54 pkts/27432 bytes][client: d.dropbox.com] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 1cd3ffc5a..aa75559c8 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ GoogleHangout 19 2774 1 - 1 UDP 74.125.134.127:19305 <-> 10.89.61.13:56406 [proto: 201/GoogleHangout][19 pkts/2774 bytes] + 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][19 pkts/2774 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index e3685438d..3150266e3 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,17 +5,17 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a03:b0c0:3:d0::70:1001]:37486 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] - 3 TCP [2a03:b0c0:3:d0::70:1001]:37488 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] - 4 TCP [2a03:b0c0:3:d0::70:1001]:37494 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] - 5 TCP [2a03:b0c0:3:d0::70:1001]:37506 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] - 6 TCP [2a00:1450:4006:804::200e]:40526 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] - 7 TCP [2a00:1450:4001:803::1017]:41776 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][14 pkts/2213 bytes] - 8 TCP [2a02:26f0:ad:197::236]:53132 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] - 9 TCP [2a02:26f0:ad:197::236]:53134 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] - 10 TCP [2a00:1450:4006:803::2008]:58660 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] - 11 TCP [2a00:1450:4001:803::1012]:59690 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] + 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][2 pkts/172 bytes] + 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][14 pkts/2213 bytes] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] + 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] + 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][2 pkts/172 bytes] + 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][2 pkts/172 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][2 pkts/172 bytes] - 14 UDP [2a00:1450:4001:803::1017]:45931 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] + 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][3 pkts/502 bytes] diff --git a/tests/result/mpegts.pcap.out b/tests/result/mpegts.pcap.out index bfa70fd3e..1bdb391eb 100644 --- a/tests/result/mpegts.pcap.out +++ b/tests/result/mpegts.pcap.out @@ -1,3 +1,3 @@ MPEG_TS 1 1362 1 - 1 UDP 10.1.16.48:40737 <-> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] + 1 UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] diff --git a/tests/result/msnms.pcap.out b/tests/result/msnms.pcap.out index 85a95fbf1..aed849db7 100644 --- a/tests/result/msnms.pcap.out +++ b/tests/result/msnms.pcap.out @@ -1,6 +1,6 @@ MSN 364 56503 6 - 1 TCP 192.168.1.14:1176 <-> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes] + 1 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes] 2 TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][91 pkts/16723 bytes] 3 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][16 pkts/2900 bytes] 4 TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][96 pkts/8851 bytes] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index ea994e979..bbed0e9b6 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,14 +1,14 @@ MsSQL-TDS 38 16260 12 1 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] - 2 TCP 10.111.111.111:4444 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] - 3 TCP 10.111.111.111:6666 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] - 4 TCP 10.111.111.111:8888 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] - 5 TCP 10.111.111.111:22222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] + 2 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] + 3 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] + 4 TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] + 5 TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] 6 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] - 7 TCP 10.111.111.111:3333 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] + 7 TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] 8 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] - 9 TCP 10.111.111.111:7777 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] - 10 TCP 10.111.111.111:9999 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] - 11 TCP 10.111.111.111:11111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] - 12 TCP 10.111.111.111:33333 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] + 9 TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] + 10 TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] + 11 TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] + 12 TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index df8ae9cd8..28b19becf 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -17,23 +17,23 @@ Amazon 2 126 1 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][55 pkts/47007 bytes] 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][49 pkts/32105 bytes] 13 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][53 pkts/30613 bytes] - 14 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/29233 bytes] - 15 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][60 pkts/40140 bytes] - 16 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25252 bytes] - 17 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][1307 pkts/1242780 bytes][Host: 23.246.3.140] + 14 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][1307 pkts/1242780 bytes][Host: 23.246.3.140] + 15 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/29233 bytes] + 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][60 pkts/40140 bytes] + 17 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25252 bytes] 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][1872 pkts/1858337 bytes][Host: 23.246.11.141] - 19 IGMP 192.168.1.7:0 <-> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] + 19 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][27 pkts/16505 bytes][Host: api-global.netflix.com] 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][148 pkts/73954 bytes][client: api-global.netflix.com] - 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] - 23 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] - 24 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] + 22 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] + 23 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] + 24 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][31 pkts/10934 bytes][client: ios.nccp.netflix.com] 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][22 pkts/10239 bytes][client: ios.nccp.netflix.com] 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][37 pkts/9285 bytes][client: ichnaea.netflix.com] - 29 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] - 30 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] + 29 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] + 30 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][63 pkts/47005 bytes][Host: art-2.nflximg.net] 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][21 pkts/13259 bytes][Host: art-2.nflximg.net] 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/42239 bytes][Host: art-1.nflximg.net] @@ -43,17 +43,17 @@ Amazon 2 126 1 37 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] 38 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] 39 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] - 40 UDP 192.168.1.7:53776 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] + 40 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][58 pkts/47176 bytes] 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][50 pkts/25032 bytes] - 43 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25348 bytes] - 44 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][57 pkts/28485 bytes] - 45 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][52 pkts/28063 bytes] - 46 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/28320 bytes] - 47 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] - 48 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] - 49 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] - 50 TCP 192.168.1.7:52929 <-> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] + 43 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] + 44 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25348 bytes] + 45 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][57 pkts/28485 bytes] + 46 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][52 pkts/28063 bytes] + 47 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/28320 bytes] + 48 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] + 49 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] + 50 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][28 pkts/6662 bytes][client: api-global.netflix.com] 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][20 pkts/3017 bytes][client: api-global.netflix.com] 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][40 pkts/13487 bytes][client: api-global.netflix.com] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index abb202085..16039bed8 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -5,26 +5,26 @@ SSL 20 2715 1 Google 41 5525 6 OCS 863 57552 7 - 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] - 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] - 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] - 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] - 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] - 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] - 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] - 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] - 10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] - 11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] - 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][client: ocs.labgency.ws] - 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com] - 14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] - 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] - 16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] - 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][client: mtalk.google.com] - 18 TCP 192.168.180.2:47699 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes] - 19 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] + 1 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] + 2 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] + 3 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] + 4 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] + 5 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] + 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] + 7 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] + 8 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] + 9 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] + 10 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] + 11 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] + 12 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][client: ocs.labgency.ws] + 13 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com] + 14 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] + 15 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] + 16 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] + 17 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][client: mtalk.google.com] + 18 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes] + 19 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] Undetected flows: - 1 TCP 192.168.180.2:46166 <-> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes] + 1 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 8a5eb8fd6..dc905e67f 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,36 +5,36 @@ Google 2 1093 1 UPnP 1 130 1 iQIYI 1490 1845116 56 - 1 TCP 117.79.81.135:80 <-> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes] + 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes] 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] - 5 TCP 192.168.5.15:65125 <-> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes] + 5 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes] 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/713 bytes][Host: api.magicansoft.com] - 7 TCP 192.168.115.8:50462 <-> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes] - 8 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: msg.iqiyi.com] - 9 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1294 bytes][Host: msg.iqiyi.com] - 10 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] - 11 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] - 12 TCP 192.168.115.8:50504 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] - 13 TCP 202.108.14.219:80 <-> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes] + 7 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes] + 8 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1294 bytes][Host: msg.iqiyi.com] + 9 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] + 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes] + 11 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: msg.iqiyi.com] + 12 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] + 13 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][2 pkts/1093 bytes][Host: clients1.google.com] 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] - 16 UDP 192.168.5.63:39383 <-> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] + 16 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2346 bytes][Host: meta.video.qiyi.com] - 18 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] - 19 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: static.qiyi.com] + 18 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: static.qiyi.com] + 19 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][2 pkts/691 bytes][Host: static.qiyi.com] 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/724 bytes][Host: static.qiyi.com] 22 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][529 pkts/692961 bytes][Host: preimage1.qiyipic.com] 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][542 pkts/710385 bytes][Host: preimage1.qiyipic.com] - 24 UDP 192.168.115.1:50945 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes] - 25 UDP 192.168.5.50:52529 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes] + 24 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes] + 25 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes] 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1128 bytes][Host: s1.symcb.com] - 27 UDP 192.168.5.38:58897 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] + 27 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/463 bytes][Host: msg.video.qiyi.com] - 29 UDP 192.168.5.28:60023 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] - 30 UDP 192.168.5.38:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes] + 29 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] + 30 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes] 31 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][5 pkts/4553 bytes][Host: cache.video.iqiyi.com] 32 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] 33 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][3 pkts/720 bytes][Host: iplocation.geo.qiyi.com] @@ -46,32 +46,32 @@ iQIYI 1490 1845116 56 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] - 42 TCP 202.108.14.219:80 <-> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes] + 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes] 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][4 pkts/2296 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1140 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1143 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/813 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/616 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] - 51 TCP 192.168.115.8:50487 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes][Host: msg.71.am] - 52 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] - 53 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][6 pkts/3441 bytes][Host: msg.71.am] - 54 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2092 bytes][Host: msg.71.am] - 55 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/882 bytes][Host: msg.71.am] + 46 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1143 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/813 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/616 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/882 bytes][Host: msg.71.am] + 51 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1140 bytes][Host: msg.71.am] + 52 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] + 53 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] + 54 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][6 pkts/3441 bytes][Host: msg.71.am] + 55 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2092 bytes][Host: msg.71.am] 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1118 bytes][Host: msg.71.am] 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][27 pkts/34298 bytes][Host: 223.26.106.66] 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][246 pkts/320033 bytes][Host: static.qiyi.com] 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1275 bytes][Host: static.qiyi.com] 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][8 pkts/2912 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50781 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes][Host: preimage1.qiyipic.com] - 63 UDP 192.168.5.41:50374 <-> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes] + 62 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes][Host: preimage1.qiyipic.com] + 63 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes] 64 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/893 bytes][Host: msg.video.qiyi.com] - 65 UDP 192.168.5.57:59648 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] - 66 UDP 192.168.5.63:60976 <-> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] - 67 UDP 192.168.5.48:63930 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] + 65 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] + 66 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] + 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][5 pkts/3309 bytes] 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] @@ -81,37 +81,37 @@ iQIYI 1490 1845116 56 Undetected flows: - 1 UDP 192.168.115.8:22793 <-> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes] - 2 UDP 192.168.115.8:22793 <-> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes] + 1 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes] + 2 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes] 3 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][3 pkts/257 bytes] 4 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][40 pkts/12412 bytes] - 5 UDP 192.168.115.8:22793 <-> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes] - 6 UDP 192.168.115.8:22793 <-> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes] - 7 UDP 192.168.115.8:22793 <-> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes] + 5 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes] + 6 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes] + 7 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes] 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][5 pkts/3481 bytes] - 9 UDP 192.168.115.8:22793 <-> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes] - 10 UDP 192.168.115.8:22793 <-> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes] - 11 UDP 192.168.115.8:22793 <-> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes] - 12 UDP 192.168.115.8:22793 <-> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes] - 13 UDP 192.168.115.8:22793 <-> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes] - 14 UDP 192.168.115.8:22793 <-> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes] - 15 UDP 192.168.115.8:22793 <-> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes] - 16 UDP 192.168.115.8:22793 <-> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes] + 9 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes] + 10 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes] + 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes] + 12 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes] + 13 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes] + 14 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes] + 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes] + 16 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes] 17 UDP 192.168.115.8:22793 <-> 114.42.0.158:7716 [proto: 0/Unknown][338 pkts/138754 bytes] - 18 UDP 192.168.115.8:22793 <-> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes] + 18 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes] 19 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][45 pkts/14863 bytes] - 20 UDP 192.168.115.8:22793 <-> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes] - 21 UDP 192.168.115.8:22793 <-> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes] - 22 UDP 192.168.115.8:22793 <-> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes] - 23 UDP 192.168.115.8:22793 <-> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes] - 24 UDP 192.168.115.8:22793 <-> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes] + 20 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes] + 21 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes] + 22 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes] + 23 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes] + 24 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes] 25 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][400 pkts/165246 bytes] - 26 UDP 192.168.115.8:22793 <-> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes] - 27 UDP 192.168.115.8:22793 <-> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes] - 28 UDP 192.168.115.8:22793 <-> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes] - 29 UDP 192.168.115.8:22793 <-> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes] + 26 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes] + 27 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes] + 28 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes] + 29 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes] 30 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][101 pkts/38819 bytes] - 31 UDP 192.168.115.8:22793 <-> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes] - 32 UDP 192.168.115.8:22793 <-> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes] - 33 UDP 192.168.115.8:22793 <-> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes] - 34 UDP 192.168.115.8:22793 <-> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes] + 31 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes] + 32 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes] + 33 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes] + 34 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index c1eed4b8e..7d37adadf 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -16,4 +16,4 @@ QUIC 3 364 1 Undetected flows: - 1 UDP 10.0.0.4:40134 <-> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes] + 1 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 2d5a0e796..3f63f0f28 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -14,103 +14,103 @@ Spotify 5 430 1 MS_OneDrive 387 198090 1 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1402 bytes] - 2 UDP 192.168.1.34:13021 <-> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes] - 3 UDP 192.168.1.34:13021 <-> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes] - 4 UDP 192.168.1.34:13021 <-> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes] - 5 UDP 192.168.1.34:13021 <-> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes] - 6 UDP 192.168.1.34:13021 <-> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes] - 7 UDP 192.168.1.34:13021 <-> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 8 UDP 192.168.1.34:13021 <-> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes] - 9 UDP 192.168.1.34:13021 <-> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes] - 10 UDP 192.168.1.34:13021 <-> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes] - 11 UDP 192.168.1.34:13021 <-> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes] - 12 UDP 192.168.1.34:13021 <-> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes] - 13 UDP 192.168.1.34:13021 <-> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes] - 14 UDP 192.168.1.34:13021 <-> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes] - 15 UDP 192.168.1.34:13021 <-> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes] - 16 UDP 192.168.1.34:13021 <-> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes] - 17 UDP 192.168.1.34:13021 <-> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes] - 18 UDP 192.168.1.34:13021 <-> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes] - 19 UDP 192.168.1.34:13021 <-> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes] + 2 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes] + 3 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes] + 4 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes] + 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes] + 6 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes] + 7 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 8 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes] + 9 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes] + 10 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes] + 11 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes] + 12 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes] + 13 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes] + 14 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes] + 15 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes] + 16 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes] + 17 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes] + 18 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes] + 19 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes] 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/377 bytes] 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][20 pkts/5160 bytes] - 22 UDP 192.168.1.34:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 23 UDP 192.168.1.92:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 22 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 23 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1152 bytes] 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][19 pkts/1510 bytes] - 26 UDP 192.168.1.34:13021 <-> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes] + 26 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes] 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][14 pkts/1108 bytes] 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][15 pkts/1262 bytes] 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][15 pkts/1345 bytes] 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][15 pkts/1265 bytes] 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][15 pkts/1484 bytes] - 32 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][15 pkts/1324 bytes] - 33 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1534 bytes] - 34 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][15 pkts/1306 bytes] - 35 UDP 192.168.1.34:13021 <-> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes] - 36 UDP 192.168.1.34:13021 <-> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes] - 37 UDP 192.168.1.34:13021 <-> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes] - 38 UDP 192.168.1.34:13021 <-> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 39 UDP 192.168.1.34:13021 <-> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes] - 40 UDP 192.168.1.34:13021 <-> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes] - 41 UDP 192.168.1.34:13021 <-> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes] - 42 UDP 192.168.1.34:13021 <-> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes] - 43 UDP 192.168.1.34:13021 <-> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes] - 44 UDP 192.168.1.34:13021 <-> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes] - 45 UDP 192.168.1.34:13021 <-> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes] - 46 UDP 192.168.1.34:13021 <-> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes] - 47 UDP 192.168.1.34:13021 <-> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes] - 48 UDP 192.168.1.34:13021 <-> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes] - 49 UDP 192.168.1.34:13021 <-> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes] - 50 UDP 192.168.1.34:13021 <-> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes] - 51 UDP 192.168.1.34:13021 <-> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes] - 52 UDP 192.168.1.34:13021 <-> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes] - 53 UDP 192.168.1.34:13021 <-> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes] - 54 UDP 192.168.1.34:13021 <-> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes] - 55 UDP 192.168.1.34:13021 <-> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes] - 56 UDP 192.168.1.34:13021 <-> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes] - 57 UDP 192.168.1.34:13021 <-> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes] - 58 UDP 192.168.1.34:13021 <-> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes] - 59 UDP 192.168.1.34:13021 <-> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes] - 60 UDP 192.168.1.34:13021 <-> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes] - 61 UDP 192.168.1.34:13021 <-> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes] - 62 UDP 192.168.1.34:13021 <-> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes] + 32 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1534 bytes] + 33 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][15 pkts/1306 bytes] + 34 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][15 pkts/1324 bytes] + 35 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes] + 36 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes] + 37 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes] + 38 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 39 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes] + 40 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes] + 41 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes] + 42 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes] + 43 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes] + 44 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes] + 45 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes] + 46 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes] + 47 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes] + 48 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes] + 49 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes] + 50 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes] + 51 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes] + 52 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes] + 53 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes] + 54 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes] + 55 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes] + 56 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes] + 57 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes] + 58 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes] + 59 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes] + 60 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes] + 61 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes] + 62 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes] 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][14 pkts/1132 bytes] - 64 UDP 192.168.1.34:49163 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.34:49793 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.34:49903 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] + 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 65 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 66 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.34:54343 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.34:55159 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.34:55711 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.34:55893 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.34:56387 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 74 UDP 192.168.1.34:13021 <-> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes] - 75 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes] - 76 UDP 192.168.1.34:13021 <-> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes] - 77 UDP 192.168.1.34:13021 <-> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes] - 78 UDP 192.168.1.34:13021 <-> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes] - 79 UDP 192.168.1.34:13021 <-> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] + 69 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 70 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 72 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] + 73 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 74 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes] + 75 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes] + 76 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes] + 77 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes] + 78 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes] + 79 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 UDP 192.168.1.34:63421 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 83 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 84 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.34:65045 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.34:65037 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 86 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 87 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] - 89 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] - 90 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] + 89 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] + 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes] 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][client: p05-keyvalueservice.icloud.com] 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][client: apps.skypeassets.com] 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][client: apps.skype.com] - 95 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes] + 95 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes] 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] - 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] - 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] + 97 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] + 98 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] @@ -121,55 +121,55 @@ MS_OneDrive 387 198090 1 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] + 109 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] + 110 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] + 111 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] + 112 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] + 113 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] + 114 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] + 115 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] + 116 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] + 117 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] + 118 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] + 119 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] + 120 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] + 121 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 123 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] + 124 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] + 125 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] + 127 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] + 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 154 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] @@ -177,110 +177,110 @@ MS_OneDrive 387 198090 1 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 166 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 167 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 168 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 198 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 202 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 197 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 208 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 213 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 222 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 213 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 230 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 227 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 234 IGMP 192.168.0.254:0 <-> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes] - 235 IGMP 192.168.1.1:0 <-> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 234 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 240 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 244 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 245 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 246 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 253 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 253 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] @@ -290,15 +290,15 @@ MS_OneDrive 387 198090 1 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 278 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][31 pkts/4688 bytes] 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][43 pkts/5754 bytes] 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][16 pkts/2600 bytes] - 4 UDP 192.168.1.34:49511 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 4 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 5 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] @@ -306,6 +306,6 @@ Undetected flows: 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 13 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 876c1e5aa..001ea0bb5 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -11,255 +11,255 @@ Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 - 1 UDP 192.168.1.34:13021 <-> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes] + 1 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes] 2 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1490 bytes] - 3 UDP 192.168.1.34:13021 <-> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes] - 4 UDP 192.168.1.34:13021 <-> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes] - 5 UDP 192.168.1.34:13021 <-> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes] - 6 UDP 192.168.1.34:13021 <-> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes] - 7 UDP 192.168.1.34:13021 <-> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes] - 8 UDP 192.168.1.34:13021 <-> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes] - 9 UDP 192.168.1.34:13021 <-> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes] - 10 UDP 192.168.1.34:13021 <-> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes] - 11 UDP 192.168.1.34:13021 <-> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes] - 12 UDP 192.168.1.34:13021 <-> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes] - 13 UDP 192.168.1.34:13021 <-> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes] - 14 UDP 192.168.1.34:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 15 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/423 bytes] - 16 UDP 192.168.1.92:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes] + 4 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes] + 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes] + 6 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes] + 7 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes] + 8 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes] + 9 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes] + 10 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes] + 11 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes] + 12 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes] + 13 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes] + 14 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 15 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 16 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/423 bytes] 17 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/479 bytes] 18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/1369 bytes] - 19 UDP 192.168.1.34:13021 <-> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes] + 19 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes] 20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][14 pkts/1134 bytes] 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][17 pkts/1712 bytes] 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1428 bytes] 23 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][15 pkts/1514 bytes] - 24 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][15 pkts/1520 bytes] - 25 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][15 pkts/1415 bytes] - 26 UDP 192.168.1.34:13021 <-> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes] - 27 UDP 192.168.1.34:13021 <-> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes] - 28 UDP 192.168.1.34:13021 <-> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes] - 29 UDP 192.168.1.34:13021 <-> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes] - 30 UDP 192.168.1.34:13021 <-> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes] - 31 UDP 192.168.1.34:13021 <-> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 32 UDP 192.168.1.34:13021 <-> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes] - 33 UDP 192.168.1.34:13021 <-> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes] - 34 UDP 192.168.1.34:13021 <-> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes] - 35 UDP 192.168.1.34:13021 <-> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes] - 36 UDP 192.168.1.34:13021 <-> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes] - 37 UDP 192.168.1.34:13021 <-> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes] - 38 UDP 192.168.1.34:13021 <-> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes] - 39 UDP 192.168.1.34:13021 <-> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes] - 40 UDP 192.168.1.34:13021 <-> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes] - 41 UDP 192.168.1.34:13021 <-> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes] - 42 UDP 192.168.1.34:13021 <-> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes] - 43 UDP 192.168.1.34:13021 <-> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes] - 44 UDP 192.168.1.34:13021 <-> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes] - 45 UDP 192.168.1.34:13021 <-> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes] - 46 UDP 192.168.1.34:13021 <-> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes] - 47 UDP 192.168.1.34:13021 <-> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes] - 48 UDP 192.168.1.34:13021 <-> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes] - 49 UDP 192.168.1.34:13021 <-> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes] - 50 UDP 192.168.1.34:13021 <-> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes] - 51 UDP 192.168.1.34:13021 <-> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes] - 52 UDP 192.168.1.34:13021 <-> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes] - 53 UDP 192.168.1.34:13021 <-> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes] - 54 UDP 192.168.1.34:13021 <-> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes] - 55 UDP 192.168.1.34:13021 <-> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes] - 56 UDP 192.168.1.34:13021 <-> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes] - 57 UDP 192.168.1.34:50055 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 24 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][15 pkts/1415 bytes] + 25 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][15 pkts/1520 bytes] + 26 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes] + 27 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes] + 28 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes] + 29 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes] + 30 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes] + 31 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 32 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes] + 33 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes] + 34 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes] + 35 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes] + 36 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes] + 37 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes] + 38 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes] + 39 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes] + 40 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes] + 41 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes] + 42 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes] + 43 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes] + 44 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes] + 45 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes] + 46 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes] + 47 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes] + 48 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes] + 49 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes] + 50 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes] + 51 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes] + 52 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes] + 53 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes] + 54 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes] + 55 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes] + 56 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes] + 57 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 58 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1426 bytes] 59 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][15 pkts/1197 bytes] - 60 UDP 192.168.1.34:51753 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 60 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][16 pkts/1637 bytes] 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes] - 63 UDP 192.168.1.34:13021 <-> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes] - 64 UDP 192.168.1.34:13021 <-> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes] - 65 UDP 192.168.1.34:13021 <-> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes] - 66 UDP 192.168.1.34:13021 <-> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes] - 67 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes] - 68 UDP 192.168.1.34:13021 <-> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes] - 69 UDP 192.168.1.34:13021 <-> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes] - 70 UDP 192.168.1.34:58631 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 71 UDP 192.168.1.34:59113 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 72 UDP 192.168.1.34:60413 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 73 UDP 192.168.1.34:61095 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 74 UDP 192.168.1.34:62875 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 63 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes] + 64 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes] + 65 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes] + 66 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes] + 67 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes] + 68 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes] + 69 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes] + 70 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 71 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 72 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 74 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] 75 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 76 UDP 192.168.1.34:64971 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 76 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes] 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes] - 80 UDP 192.168.1.34:13021 <-> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes] - 81 UDP 192.168.1.34:58061 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 82 IGMP 192.168.1.219:0 <-> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 83 UDP 192.168.1.34:59237 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 80 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes] + 81 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 82 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 83 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][8 pkts/1118 bytes] - 85 UDP 192.168.1.34:13021 <-> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes] - 86 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes] - 87 UDP 192.168.1.34:13021 <-> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes] + 85 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes] + 86 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes] + 87 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes] 88 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][16 pkts/1292 bytes] 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][18 pkts/1454 bytes] - 90 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes] - 91 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes] - 92 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][18 pkts/1426 bytes] - 93 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][17 pkts/1367 bytes] - 94 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][17 pkts/1329 bytes] + 90 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes] + 91 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][17 pkts/1329 bytes] + 92 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes] + 93 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][18 pkts/1426 bytes] + 94 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][17 pkts/1367 bytes] 95 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][17 pkts/1426 bytes] 96 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][13 pkts/1257 bytes] 97 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][15 pkts/1533 bytes] - 98 UDP 192.168.1.34:13021 <-> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes] - 99 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes] - 100 UDP 192.168.1.34:13021 <-> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes] - 101 UDP 192.168.1.34:13021 <-> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes] - 102 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes] - 103 UDP 192.168.1.34:13021 <-> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes] - 104 UDP 192.168.1.34:13021 <-> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes] - 105 UDP 192.168.1.34:13021 <-> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes] - 106 UDP 192.168.1.34:13021 <-> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes] - 107 UDP 192.168.1.34:13021 <-> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes] - 108 UDP 192.168.1.34:13021 <-> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes] - 109 UDP 192.168.1.34:13021 <-> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes] + 98 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes] + 99 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes] + 100 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes] + 101 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes] + 102 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes] + 103 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes] + 104 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes] + 105 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes] + 106 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes] + 107 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes] + 108 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes] + 109 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes] 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][6 pkts/377 bytes] 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][10 pkts/599 bytes] - 112 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes] 114 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes] 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 118 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 119 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 120 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 121 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 124 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 125 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 127 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 128 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 130 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 131 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 133 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 137 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 138 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 146 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 148 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 149 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 158 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 159 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 160 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 161 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 177 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 179 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 180 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 182 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 183 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 185 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 188 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 189 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 191 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 192 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 196 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 198 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 201 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 202 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 203 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 204 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 206 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 207 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 208 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 209 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 211 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 212 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 213 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 214 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 192.168.1.219:0 <-> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 192.168.0.254:0 <-> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes] - 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 220 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes] + 221 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 222 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes] 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 225 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 227 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 229 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 230 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 232 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 233 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 235 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 236 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 237 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 238 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 239 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 240 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 241 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 242 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 244 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 245 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 246 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 247 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] @@ -272,12 +272,12 @@ Undetected flows: 3 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][20 pkts/6208 bytes] 4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][18 pkts/1482 bytes] 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] - 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] - 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] + 6 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] + 7 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 13 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 14 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 96045ebf6..fc98a2b8e 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -16,7 +16,7 @@ Starcraft 236 51494 6 4 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] 5 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][13 pkts/902 bytes] - 7 UDP 192.168.1.254:38605 <-> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes] + 7 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes] 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/336 bytes][Host: nydus.battle.net] 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa] 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa] @@ -27,19 +27,19 @@ Starcraft 236 51494 6 15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net] 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] - 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] + 18 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 21 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] + 22 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] 24 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] 25 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] 26 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net] 27 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] - 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] - 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] - 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] + 28 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] + 29 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] + 30 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][179 pkts/134204 bytes][Host: llnw.blizzard.com] 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] @@ -48,7 +48,7 @@ Starcraft 236 51494 6 36 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com] 37 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com] 38 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][3 pkts/234 bytes] - 39 IGMP 192.168.1.107:0 <-> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes] + 39 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes] 40 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes] 41 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes] 42 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index f733c4f84..8c7a7738b 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -4,13 +4,13 @@ DHCPV6 6 906 1 Dropbox 10 1860 1 Tor 3676 3014362 7 - 1 UDP 192.168.1.1:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] - 2 UDP [ff02::1:2]:546 <-> [fe80::c583:1972:5728:7323]:547 [proto: 103/DHCPV6][6 pkts/906 bytes] + 1 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] + 2 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][6 pkts/906 bytes] 3 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][32 pkts/10431 bytes] 4 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][34 pkts/11142 bytes] 5 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][38 pkts/12520 bytes] - 6 TCP 192.168.1.252:51104 <-> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes] - 7 UDP 192.168.1.252:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] + 6 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes] + 7 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] 8 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][1576 pkts/1388792 bytes] 9 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][1826 pkts/1513278 bytes] 10 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][29 pkts/9661 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out index 02e7d8e59..bd404df92 100644 --- a/tests/result/ubntac2.pcap.out +++ b/tests/result/ubntac2.pcap.out @@ -1,10 +1,10 @@ UBNTAC2 8 1736 8 - 1 UDP 192.168.1.1:42838 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 2 UDP 192.168.1.1:47746 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 3 UDP 192.168.1.1:52220 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 4 UDP 192.168.1.1:59772 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 5 UDP 192.168.1.1:34085 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 6 UDP 192.168.1.1:44641 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 7 UDP 192.168.1.1:47871 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 8 UDP 192.168.1.1:55321 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 1 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 2 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 3 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 4 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 6 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 7 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 7f588ce38..d87ac24bc 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -14,10 +14,10 @@ Viber 10081 1413446 4 Amazon 8 528 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] - 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] + 2 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] @@ -26,33 +26,33 @@ Amazon 8 528 1 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 14 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 16 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 20 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 21 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] + 22 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 26 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 34 ICMP 192.168.200.222:0 <-> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 31 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 33 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 34 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] + 37 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 40 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] @@ -62,10 +62,10 @@ Amazon 8 528 1 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 50 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 53 ICMP 192.168.200.222:0 <-> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] + 53 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] @@ -73,25 +73,25 @@ Amazon 8 528 1 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 61 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 63 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] + 68 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 69 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 71 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 3d17c6a68..82968fa21 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -49,7 +49,7 @@ Amazon 3 174 1 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][3 pkts/174 bytes] - 44 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] + 44 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] 47 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index d829d5a54..390543590 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -12,19 +12,19 @@ Google 128 29925 17 LLMNR 12 944 6 WeChat 1277 615827 51 - 1 UDP 192.168.1.103:33915 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][8 pkts/469 bytes] - 3 UDP 192.168.1.103:41759 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org] - 4 UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] - 5 UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] - 6 UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] + 3 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org] + 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] + 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] - 8 UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] - 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] + 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] + 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][8 pkts/583 bytes] 11 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][7 pkts/517 bytes] 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] - 13 UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 13 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] @@ -36,40 +36,40 @@ WeChat 1277 615827 51 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][28 pkts/18041 bytes][client: web.wechat.com] 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] - 25 TCP 192.168.1.103:54106 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 25 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4735 bytes][client: web.wechat.com] 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] - 30 UDP 192.168.1.103:56367 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 30 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][26 pkts/11518 bytes][client: web.wechat.com] - 32 UDP 192.168.1.103:58165 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] - 33 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com] - 34 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com] - 35 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com] - 36 TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] - 37 UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] - 38 TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] + 32 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com] + 33 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com] + 34 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com] + 35 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] + 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] + 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] - 40 UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] - 41 TCP 192.168.1.103:34996 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 42 TCP 192.168.1.103:35000 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] - 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 45 ICMPV6 [ff02::2]:0 <-> [fe80::842:a3f3:a286:6c5b]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] - 46 UDP [ff02::1:3]:50440 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] - 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] + 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] + 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] + 44 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] + 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] + 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] - 50 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] - 51 UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] + 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] + 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] - 53 UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] - 54 UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] - 55 ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] + 53 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] + 54 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] + 55 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] 56 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][9 pkts/524 bytes] - 57 UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] - 58 UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 57 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 58 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] @@ -87,7 +87,7 @@ WeChat 1277 615827 51 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][73 pkts/44045 bytes][client: web.wechat.com] 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][36 pkts/14963 bytes][client: web.wechat.com] 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/30965 bytes][client: web.wechat.com] - 76 TCP 192.168.1.103:54183 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes] + 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes] 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/302 bytes][Host: docs.google.com] 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][17 pkts/1146 bytes] @@ -95,26 +95,26 @@ WeChat 1277 615827 51 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/354 bytes] 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/465 bytes][Host: web.wechat.com] 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] - 84 UDP 192.168.1.100:49832 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq] - 85 UDP 192.168.1.100:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] - 86 UDP 192.168.1.100:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] - 87 UDP 192.168.1.100:54124 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] - 88 IGMP 192.168.1.254:0 <-> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes] - 89 IGMP 192.168.1.100:0 <-> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes] - 90 IGMP 192.168.1.103:0 <-> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes] - 91 IGMP 192.168.1.108:0 <-> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes] + 84 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq] + 85 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] + 86 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] + 87 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] + 88 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes] + 89 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes] + 90 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes] + 91 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes] 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] - 93 TCP 192.168.1.103:34999 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 94 TCP 192.168.1.103:34981 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 95 TCP 192.168.1.103:39207 <-> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] - 96 TCP 192.168.1.103:39195 <-> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes] - 97 TCP 192.168.1.103:39231 <-> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] - 98 UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] - 99 UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] + 93 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 94 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 95 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] + 96 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes] + 97 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] + 98 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] + 99 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] - 101 UDP [ff02::1:3]:49195 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] - 102 UDP [ff02::1:3]:50577 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + 101 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] + 102 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] Undetected flows: - 1 0 [ff02::16]:0 <-> [fe80::842:a3f3:a286:6c5b]:0 [proto: 0/Unknown][1 pkts/110 bytes] + 1 0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 0114702b8..820ba9a44 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -6,12 +6,12 @@ Amazon 2 132 1 QUIC 23 4118 2 Sina(Weibo) 418 258007 15 - 1 TCP 192.168.1.105:48352 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] - 2 TCP 192.168.1.105:48356 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 1 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 2 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] 4 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 5 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] - 6 UDP 192.168.1.105:50533 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] + 6 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] 7 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][9 pkts/1944 bytes] 9 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] @@ -23,20 +23,20 @@ Sina(Weibo) 418 258007 15 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][client: g.alicdn.com] 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] - 18 TCP 192.168.1.105:52272 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] - 19 TCP 192.168.1.105:52274 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] - 20 UDP 192.168.1.105:11798 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] - 21 UDP 192.168.1.105:16804 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] - 22 TCP 192.168.1.105:47721 <-> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] - 23 TCP 192.168.1.105:47723 <-> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] - 24 TCP 192.168.1.105:48353 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 18 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 19 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 20 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] + 21 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] + 22 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] + 23 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] + 24 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] 25 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/242 bytes][Host: login.taobao.com] 26 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][9 pkts/1599 bytes][Host: weibo.com] 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 30 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] - 31 TCP 192.168.1.105:42280 <-> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes] + 31 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes] 32 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] 33 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] 34 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/186 bytes][Host: log.mmstat.com] @@ -47,6 +47,6 @@ Sina(Weibo) 418 258007 15 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][3 pkts/214 bytes] - 42 TCP 192.168.1.105:52271 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 42 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] 43 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][79 pkts/37492 bytes][Host: www.weibo.com] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index f689282ed..47461befa 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -12,20 +12,20 @@ AppleiTunes 85 28087 2 Spotify 3 258 1 WhatsAppVoice 706 91156 4 - 1 UDP [fe80::da30:62ff:fe56:1c]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 2 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes] - 3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] + 1 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 2 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes] + 3 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes] 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] + 8 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] @@ -44,28 +44,28 @@ WhatsAppVoice 706 91156 4 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] + 33 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] + 36 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] + 38 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 42 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] + 43 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 44 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 45 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 46 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 50 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 54 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 55 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index ea3c32a15..74d9e8176 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -5,12 +5,12 @@ Apple 50 23466 2 WhatsApp 32 3243 2 Spotify 1 86 1 - 1 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 2 UDP [fe80::189c:c31b:1298:224]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes] + 1 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 2 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes] 3 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][44 pkts/21371 bytes] - 5 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes][Host: lucas-imac] + 5 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes][Host: lucas-imac] 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][30 pkts/2963 bytes] - 7 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes] - 8 TCP 17.110.229.14:5223 <-> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes] - 9 UDP 192.168.2.4:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes] + 7 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes] + 8 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes] + 9 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes] -- cgit v1.2.3 From 0a2cbe49267929a9a356003a249fc1111739478b Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Wed, 17 May 2017 18:11:25 +0300 Subject: Fix buffer overflows in http.c --- src/lib/protocols/http.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 0b734fa84..44ca32cb4 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -633,7 +633,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { - if((memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { + if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -644,7 +644,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* check PPStream protocol or iQiyi service (iqiyi is delivered by ppstream) */ // substring in url - if(strstr((const char*) &packet->payload[filename_start], "iqiyi.com") != NULL) { + if(ndpi_strnstr((const char*) &packet->payload[filename_start], "iqiyi.com", (packet->payload_packet_len - filename_start)) != NULL) { if(kxun_counter == 0) { flow->l4.tcp.ppstream_stage++; iqiyi_counter++; @@ -654,7 +654,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } // additional field in http payload x = 1; - while(packet->line[x].len != 0) { + while((packet->line[x].len >= 4) && (packet->line[x+1].len >= 5) && (packet->line[x+2].len >= 10)) { if(packet->line[x].ptr && ((memcmp(packet->line[x].ptr, "qyid", 4)) == 0) && packet->line[x+1].ptr && ((memcmp(packet->line[x+1].ptr, "qypid", 5)) == 0) && packet->line[x+2].ptr && ((memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) @@ -670,7 +670,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for 1kxun packet */ int a; for (a = 0; a < packet->parsed_lines; a++) { - if((memcmp(packet->line[a].ptr, "Client-Source:", 14)) == 0) { + if(packet->line[a].len >= 14 && (memcmp(packet->line[a].ptr, "Client-Source:", 14)) == 0) { if((memcmp(packet->line[a].ptr+15, "1kxun", 5)) == 0) { kxun_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); -- cgit v1.2.3 From cef42b40509054100d23b3bd9718f2c3d62640ee Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 17 May 2017 17:11:54 +0200 Subject: Updated tests instruction --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d7c7e95c..81514f822 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ In order to compile this library do To run tests do additionally: -- make check +- ce tests; ./do.sh Please note that the pre-requisites for compilation include: - GNU tools (autogen, automake, autoconf, libtool) -- cgit v1.2.3 From a874e7869c716dd9d6e663b2ed9d61f082a91b66 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 17 May 2017 17:12:22 +0200 Subject: Typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 81514f822..d9802fc2d 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ In order to compile this library do To run tests do additionally: -- ce tests; ./do.sh +- cd tests; ./do.sh Please note that the pre-requisites for compilation include: - GNU tools (autogen, automake, autoconf, libtool) -- cgit v1.2.3 From ebb6d4499ae2ab9f474318fca08326609440e91c Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 17 May 2017 17:33:16 +0200 Subject: update Snapchat detection --- src/lib/ndpi_content_match.c.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 85cfc0ec9..8b326f6e5 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7995,6 +7995,7 @@ ndpi_protocol_match host_match[] = { { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8095,6 +8096,8 @@ ndpi_protocol_match host_match[] = { { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, @@ -8113,6 +8116,7 @@ ndpi_protocol_match host_match[] = { { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 724d1829399c6281aa7f6dd5f3b7f965d12be43b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 17 May 2017 22:33:44 +0200 Subject: Restored file selection as the wireshark bug seems to be fixed in 2.3.x wireshark series --- example/ndpiReader.c | 22 ++++----- wireshark/ndpi.lua | 131 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 89 insertions(+), 64 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 001e60249..e4f6b917f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -151,15 +151,11 @@ FILE *trace = NULL; /********************** FUNCTIONS ********************* */ - - - /** * @brief Set main components necessary to the detection */ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); - /** * @brief Print help instructions */ @@ -170,13 +166,15 @@ static void help(u_int long_help) { " [-p ][-l [-q][-d][-h][-t][-v ]\n" " [-n ] [-w ] [-j ]\n\n" "Usage:\n" - " -i | Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list)\n" + " -i | Specify a pcap file/playlist to read packets from or a\n" + " | device for live capture (comma-separated list)\n" " -f | Specify a BPF filter for filtering selected traffic\n" " -s | Maximum capture duration in seconds (live traffic capture only)\n" " -m | Split analysis duration in max seconds\n" " -p .protos | Specify a protocol file (eg. protos.txt)\n" " -l | Number of detection loops (test only)\n" - " -n | Number of threads. Default: number of interfaces in -i. Ignored with pcap files.\n" + " -n | Number of threads. Default: number of interfaces in -i.\n" + " | Ignored with pcap files.\n" " -j | Specify a file to write the content of packets in .json format\n" #ifdef linux " -g | Thread affinity mask (one core id per thread)\n" @@ -188,9 +186,12 @@ static void help(u_int long_help) { " -w | Write test output on the specified file. This is useful for\n" " | testing purposes in order to compare results across runs\n" " -h | This help\n" - " -v <1|2|3> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose, 3=port stats\n"); + " -v <1|2|3> | Verbose 'unknown protocol' packet print.\n" + " | 1 = verbose\n" + " | 2 = very verbose\n" + " | 3 = port stats\n"); - #ifndef WIN32 +#ifndef WIN32 printf("\nExcap (wireshark) options:\n" " --extcap-interfaces\n" " --extcap-version\n" @@ -202,7 +203,7 @@ static void help(u_int long_help) { " --fifo \n" " --debug\n" ); - #endif +#endif if(long_help) { printf("\n\nSupported protocols:\n"); @@ -287,11 +288,8 @@ void extcap_config() { /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); - -#if 0 printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); -#endif setupDetection(0, NULL); ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 3d35c9083..789b46f54 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -15,9 +15,65 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR local f_eth_trailer = Field.new("eth.trailer") -local ndpi_protos = {} -local ndpi_flows = {} -local compute_flows_stats = true +local ndpi_protos = {} +local ndpi_flows = {} +local num_ndpi_flows = 0 + +local lower_ndpi_flow_id = 0 +local lower_ndpi_flow_volume = 0 + +local compute_flows_stats = true +local max_num_entries = 10 +local max_num_flows = 50 + +-- ############################################### + +function round(num, idp) return tonumber(string.format("%." .. (idp or 0) .. "f", num)) end + +-- Convert bytes to human readable format +function bytesToSize(bytes) + if(bytes == nil) then + return("0") + else + precision = 2 + kilobyte = 1024; + megabyte = kilobyte * 1024; + gigabyte = megabyte * 1024; + terabyte = gigabyte * 1024; + + bytes = tonumber(bytes) + if((bytes >= 0) and (bytes < kilobyte)) then + return round(bytes, precision) .. " Bytes"; + elseif((bytes >= kilobyte) and (bytes < megabyte)) then + return round(bytes / kilobyte, precision) .. ' KB'; + elseif((bytes >= megabyte) and (bytes < gigabyte)) then + return round(bytes / megabyte, precision) .. ' MB'; + elseif((bytes >= gigabyte) and (bytes < terabyte)) then + return round(bytes / gigabyte, precision) .. ' GB'; + elseif(bytes >= terabyte) then + return round(bytes / terabyte, precision) .. ' TB'; + else + return round(bytes, precision) .. ' Bytes'; + end + end +end + +function pairsByValues(t, f) + local a = {} + for n in pairs(t) do table.insert(a, n) end + table.sort(a, function(x, y) return f(t[x], t[y]) end) + local i = 0 -- iterator variable + local iter = function () -- iterator function + i = i + 1 + if a[i] == nil then return nil + else return a[i], t[a[i]] + end + end + return iter +end + +function asc(a,b) return (a < b) end +function rev(a,b) return (a > b) end -- ############################################### @@ -80,9 +136,27 @@ function ndpi_proto.dissector(tvb, pinfo, tree) flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]" if(ndpi_flows[flowkey] == nil) then ndpi_flows[flowkey] = 0 + num_ndpi_flows = num_ndpi_flows + 1 + + if(num_ndpi_flows > max_num_flows) then + -- We need to harvest the flow with least packets beside this new one + local tot_removed = 0 + + for k,v in pairsByValues(ndpi_flows, asc) do + if(k ~= flowkey) then + table.remove(ndpi_flows, k) + tot_removed = tot_removed + 1 + if(tot_removed == max_num_entries) then + break + end + end + end + + end end ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len + end end end @@ -91,58 +165,11 @@ register_postdissector(ndpi_proto) -- ############################################### -function round(num, idp) return tonumber(string.format("%." .. (idp or 0) .. "f", num)) end - --- Convert bytes to human readable format -function bytesToSize(bytes) - if(bytes == nil) then - return("0") - else - precision = 2 - kilobyte = 1024; - megabyte = kilobyte * 1024; - gigabyte = megabyte * 1024; - terabyte = gigabyte * 1024; - - bytes = tonumber(bytes) - if((bytes >= 0) and (bytes < kilobyte)) then - return round(bytes, precision) .. " Bytes"; - elseif((bytes >= kilobyte) and (bytes < megabyte)) then - return round(bytes / kilobyte, precision) .. ' KB'; - elseif((bytes >= megabyte) and (bytes < gigabyte)) then - return round(bytes / megabyte, precision) .. ' MB'; - elseif((bytes >= gigabyte) and (bytes < terabyte)) then - return round(bytes / gigabyte, precision) .. ' GB'; - elseif(bytes >= terabyte) then - return round(bytes / terabyte, precision) .. ' TB'; - else - return round(bytes, precision) .. ' Bytes'; - end - end -end - -function pairsByValues(t, f) - local a = {} - for n in pairs(t) do table.insert(a, n) end - table.sort(a, function(x, y) return f(t[x], t[y]) end) - local i = 0 -- iterator variable - local iter = function () -- iterator function - i = i + 1 - if a[i] == nil then return nil - else return a[i], t[a[i]] - end - end - return iter -end - -function asc(a,b) return (a < b) end -function rev(a,b) return (a > b) end local function ndpi_dialog_menu() local win = TextWindow.new("nDPI Protocol Statistics"); local label = "" local i - local max_i = 10 if(ndpi_protos ~= {}) then label = "nDPI Protocol Breakdown\n" @@ -152,7 +179,7 @@ local function ndpi_dialog_menu() for k,v in pairsByValues(ndpi_protos, rev) do -- label = label .. k .. "\t".. bytesToSize(v) .. "\n" label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) - if(i == max_i) then break else i = i + 1 end + if(i == max_num_entries) then break else i = i + 1 end end -- ####### @@ -162,7 +189,7 @@ local function ndpi_dialog_menu() i = 0 for k,v in pairsByValues(ndpi_flows, rev) do label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) - if(i == max_i) then break else i = i + 1 end + if(i == max_num_entries) then break else i = i + 1 end end win:set(label) -- cgit v1.2.3 From f4bba23ba79bef30957b67ad155d424d920421bc Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 10:42:23 +0300 Subject: use correct subscripts when checking IP array in ndpi_main.c --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 1ef83dcc7..80ad78183 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4277,8 +4277,8 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(ip->ipv6.u6_addr.u6_addr32[0] != 0 || ip->ipv6.u6_addr.u6_addr32[1] != 0 || - ip->ipv6.u6_addr.u6_addr32[1] != 0 || - ip->ipv6.u6_addr.u6_addr32[1] != 0) { + ip->ipv6.u6_addr.u6_addr32[2] != 0 || + ip->ipv6.u6_addr.u6_addr32[3] != 0) { const u_int16_t *b = ip->ipv6.u6_addr.u6_addr16; snprintf(ndpi_struct->ip_string, 32, "%x:%x:%x:%x:%x:%x:%x:%x", -- cgit v1.2.3 From 167732cae40fdfb8cb9fe2766f4671363f8672e6 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 11:09:56 +0300 Subject: Check pointer for NULL before dereferencing --- src/lib/ndpi_main.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 80ad78183..040c54959 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2955,17 +2955,19 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str u_int8_t l4protocol; u_int8_t l4_result; - /* reset payload_packet_len, will be set if ipv4 tcp or udp */ - flow->packet.payload_packet_len = 0; - flow->packet.l4_packet_len = 0; - flow->packet.l3_packet_len = packetlen; - - flow->packet.tcp = NULL; - flow->packet.udp = NULL; - flow->packet.generic_l4_ptr = NULL; + if (flow) { + /* reset payload_packet_len, will be set if ipv4 tcp or udp */ + flow->packet.payload_packet_len = 0; + flow->packet.l4_packet_len = 0; + flow->packet.l3_packet_len = packetlen; + + flow->packet.tcp = NULL; + flow->packet.udp = NULL; + flow->packet.generic_l4_ptr = NULL; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6 = NULL; + flow->packet.iphv6 = NULL; #endif /* NDPI_DETECTION_SUPPORT_IPV6 */ + } if(flow) { ndpi_apply_flow_protocol_to_packet(flow, &flow->packet); -- cgit v1.2.3 From ec0e6f98d4c22f3b3a92282916e6416cf70dd173 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 13:08:45 +0300 Subject: Remove redundant check from btlib.c --- src/lib/protocols/btlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 5685eb7e9..4d44198d1 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -396,7 +396,7 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { return; } - if(cbd->buf[0] == 'e' && !cbd->buf[0]) { + if(cbd->buf[0] == 'e') { p->e_msg = s; p->e_len = cbd->v.s.l; return; -- cgit v1.2.3 From 73b3ee51d19379cc7714a3a22b2f6ca0ecb9aa8b Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 14:08:01 +0300 Subject: Remove unused variable and clarify operator precedence in ndpi_util.c --- example/ndpi_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 53486229f..d6836176a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -887,7 +887,7 @@ static uint32_t crc32_for_byte(uint32_t r) { int j; for(j = 0; j < 8; ++j) - r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + r = ((r & 1) ? 0 : ((uint32_t)0xEDB88320L) ^ r >> 1); return r ^ (uint32_t)0xFF000000L; } @@ -912,7 +912,7 @@ static void init_tables(uint32_t* table, uint32_t* wtable) { void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; size_t n_accum = n_bytes/sizeof(accum_t); - size_t i, k, j; + size_t i, j; if(!*table) init_tables(table, wtable); -- cgit v1.2.3 From 6f27a4872198569d82e49a538c5eeb26e97558c7 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 19 May 2017 23:26:02 +0200 Subject: Added -b for saving port based diagnose statistics in json --- example/ndpiReader.c | 180 +++++++++++++++++++++++++++++++++++++++++++++++++-- example/ndpi_util.h | 3 + 2 files changed, 179 insertions(+), 4 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e4f6b917f..45f2d89c6 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -59,6 +59,7 @@ static FILE *results_file = NULL; static char *results_path = NULL; static char *_bpf_filter = NULL; /**< bpf filter */ static char *_protoFilePath = NULL; /**< Protocol file path */ +static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C static char *_jsonFilePath = NULL; /**< JSON file path */ #endif @@ -69,6 +70,7 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; +static u_int8_t stats_flag = 0, file_first_time = 1; static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; @@ -86,12 +88,14 @@ static u_int32_t num_flows; struct info_pair{ char addr[48]; + char protocol[64]; /*l4 protocol*/ int count; }; typedef struct node_a{ char addr[48]; int count; + char protocol[64]; /*l4 protocol*/ struct node_a *left, *right; }addr_node; @@ -107,6 +111,20 @@ struct port_stats { struct port_stats *srcStats = NULL, *dstStats = NULL; +// struct to hold port based top statistics +struct top_stats { + u_int32_t port; /* we'll use this field as the key */ + char top_ip[48]; /*ip address that is contributed to > 95% of traffic*/ + char protocol[64]; /*application level protocol of top_ip */ + u_int32_t num_pkts; + float prcnt_pkt; /*percent of packets respect to total packets */ + u_int32_t num_addr; /*to hold number of distinct IP addresses */ + UT_hash_handle hh; /* makes this structure hashable */ +}; + +struct top_stats *topSrcStats = NULL, *topDstStats = NULL; + + struct ndpi_packet_trailer { u_int32_t magic; /* 0x19682017 */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; @@ -189,7 +207,8 @@ static void help(u_int long_help) { " -v <1|2|3> | Verbose 'unknown protocol' packet print.\n" " | 1 = verbose\n" " | 2 = very verbose\n" - " | 3 = port stats\n"); + " | 3 = port stats\n" + " -b | Specify a file to write port based diagnose statistics\n"); #ifndef WIN32 printf("\nExcap (wireshark) options:\n" @@ -360,7 +379,7 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:", longopts, &option_idx)) != EOF) { + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -375,6 +394,16 @@ static void parseOptions(int argc, char **argv) { _pcap_file[0] = optarg; break; + case 'b': +#ifndef HAVE_JSON_C + printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); +#else + _statsFilePath = optarg; + printf("FILE PATH %s\n",_statsFilePath); + stats_flag = 1; +#endif + break; + case 'm': pcap_analysis_duration = atol(optarg); break; @@ -1189,6 +1218,122 @@ static int info_pair_cmp (const void *_a, const void *_b) /* *********************************************** */ +static int top_stats_sort(void *_a, void *_b) { + struct top_stats *a = (struct top_stats*)_a; + struct top_stats *b = (struct top_stats*)_b; + + return(b->num_addr - a->num_addr); +} + +/* *********************************************** */ + +static void deleteTopStats(struct top_stats *stats) { + struct top_stats *current_port, *tmp; + + HASH_ITER(hh, stats, current_port, tmp) { + HASH_DEL(stats, current_port); + free(current_port); + } +} + +/* *********************************************** */ + +/** + * @brief Get port based top statistics + */ +static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_int64_t total_packet_count){ + struct top_stats *s; + struct port_stats *sp, *tmp; + struct info_pair inf; + float pkt_burst; + u_int64_t total_ip_addrs = 0; + + /* stats are ordered by packet number */ + HASH_ITER(hh, stats, sp, tmp){ + s = (struct top_stats *)malloc(sizeof(struct top_stats)); + memset(s, 0, sizeof(struct top_stats)); + + s->port = sp->port; + s->num_pkts = sp->num_pkts; + s->prcnt_pkt = (sp->num_pkts*100.0)/total_packet_count; + s->num_addr = sp->num_addr; + + qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); + inf = sp->top_ip_addrs[0]; + + if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT){ + strncpy(s->top_ip, inf.addr, sizeof(s->top_ip)); + strncpy(s->protocol, inf.protocol, sizeof(s->protocol)); + } + + HASH_ADD_INT(*topStats, port, s); + + total_ip_addrs += sp->num_addr; + } + + return total_ip_addrs; + +} + +/* *********************************************** */ + +/* + * @brief Save Top Stats in json format + */ +static void saveTopStats(FILE *fp, struct top_stats *stats, int direction, u_int64_t total_ip_addr){ +#ifdef HAVE_JSON_C + struct top_stats *s, *tmp; + json_object *jsMain = json_object_new_object(); + json_object *jArray_filters = json_object_new_array(); + int i = 0; + + /* stats for packet burst diagnose */ + HASH_ITER(hh, stats, s, tmp) { + + if(s->top_ip[0] != '\0'){ + json_object *jObj_topStats = json_object_new_object(); + json_object_object_add(jObj_topStats,"port",json_object_new_int(s->port)); + json_object_object_add(jObj_topStats,"packets.number",json_object_new_int64(s->num_pkts)); + json_object_object_add(jObj_topStats,"packets.percent",json_object_new_double(s->prcnt_pkt)); + json_object_object_add(jObj_topStats,"aggressive.ip",json_object_new_string(s->top_ip)); + + json_object_array_add(jArray_filters,jObj_topStats); + i++; + + if(i >= 10) break; + } + } + + json_object_object_add(jsMain, (direction == DIR_SRC) ? "top.src.pckt.stats" : "top.dst.pckt.stats", jArray_filters); + + /*sort top stats by ip addr count*/ + HASH_SORT(stats, top_stats_sort); + + jArray_filters = json_object_new_array(); + i=0; + + /* stats for ip burst diagnose */ + HASH_ITER(hh, stats, s, tmp) { + + json_object *jObj_topStats = json_object_new_object(); + json_object_object_add(jObj_topStats,"port",json_object_new_int(s->port)); + json_object_object_add(jObj_topStats,"ip.total",json_object_new_int64(s->num_addr)); + json_object_object_add(jObj_topStats,"ip.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); + + json_object_array_add(jArray_filters,jObj_topStats); + i++; + + if(i >= 10) break; + } + + json_object_object_add(jsMain, (direction == DIR_SRC) ? "top.src.ip.stats" : "top.dst.ip.stats", jArray_filters); + + fprintf(fp,"%s\n",json_object_to_json_string(jsMain)); +#endif +} + +/* *********************************************** */ + void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; int i = 0, j = 0; @@ -1226,6 +1371,7 @@ static void printResults(u_int64_t tot_usec) { char buf[32]; #ifdef HAVE_JSON_C FILE *json_fp = NULL; + FILE *stats_fp = NULL; json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; @@ -1239,10 +1385,10 @@ static void printResults(u_int64_t tot_usec) { for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); - if(verbose == 3) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); } - if(verbose == 3) { + if(verbose == 3 || stats_flag) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); } @@ -1475,6 +1621,32 @@ static void printResults(u_int64_t tot_usec) { #endif } + + if(stats_flag) { +#ifdef HAVE_JSON_C + u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats, cumulative_stats.ip_packet_count); + u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats, cumulative_stats.ip_packet_count); + + if(file_first_time && (stats_fp = fopen(_statsFilePath,"w")) == NULL || + !file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL) { + printf("Error creating file %s\n", _statsFilePath); + stats_flag = 0; + } + else { + file_first_time = 0; + + saveTopStats(stats_fp, topSrcStats, DIR_SRC, total_src_addr); + saveTopStats(stats_fp, topDstStats, DIR_DST, total_dst_addr); + + fclose(stats_fp); + + deleteTopStats(topSrcStats), deleteTopStats(topDstStats); + topSrcStats = NULL, topDstStats = NULL; + } +#endif + } + + if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 950f65f5a..e8d301acb 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -40,6 +40,9 @@ #define TICK_RESOLUTION 1000 #define MAX_NUM_IP_ADDRESS 5 /* len of ip address array */ #define UPDATED_TREE 1 +#define AGGRESSIVE_PERCENT 95.00 +#define DIR_SRC 10 +#define DIR_DST 20 // flow tracking typedef struct ndpi_flow_info { -- cgit v1.2.3 From 867acf717a91d1ef4f722b38d43e11340dcbb9cc Mon Sep 17 00:00:00 2001 From: David Manouchehri Date: Fri, 19 May 2017 19:34:52 -0400 Subject: Added HEAD for homebrew. --- packages/homebrew/ndpi.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/homebrew/ndpi.rb b/packages/homebrew/ndpi.rb index a3ea00458..9fdc6db8e 100644 --- a/packages/homebrew/ndpi.rb +++ b/packages/homebrew/ndpi.rb @@ -18,6 +18,8 @@ class Ndpi < Formula depends_on "libtool" => :build depends_on "json-c" + head "https://github.com/ntop/nDPI.git", :branch => "dev" + def install system "./autogen.sh" system "./configure", "--prefix=#{prefix}" -- cgit v1.2.3 From b89a2dce6f9a750219babe42276480396a78546b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 22 May 2017 01:16:38 +0200 Subject: Removed warning --- example/ndpiReader.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 45f2d89c6..20b423166 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1627,8 +1627,9 @@ static void printResults(u_int64_t tot_usec) { u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats, cumulative_stats.ip_packet_count); u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats, cumulative_stats.ip_packet_count); - if(file_first_time && (stats_fp = fopen(_statsFilePath,"w")) == NULL || - !file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL) { + if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) + || + (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { printf("Error creating file %s\n", _statsFilePath); stats_flag = 0; } -- cgit v1.2.3 From cb6aabbf19cbde51b70a4c734f9584b3d2fb3431 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 22 May 2017 14:14:45 +0200 Subject: Fixed JSON format when -v 3 and -b is used --- configure.ac | 1 + example/ndpiReader.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index c970cbe5b..959ee76de 100644 --- a/configure.ac +++ b/configure.ac @@ -67,6 +67,7 @@ else fi fi +dnl> https://github.com/json-c/json-c AC_ARG_ENABLE([json-c], AS_HELP_STRING([--disable-json-c], [Disable json-c support])) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 20b423166..2b683bf53 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -399,7 +399,6 @@ static void parseOptions(int argc, char **argv) { printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); #else _statsFilePath = optarg; - printf("FILE PATH %s\n",_statsFilePath); stats_flag = 1; #endif break; @@ -1636,9 +1635,12 @@ static void printResults(u_int64_t tot_usec) { else { file_first_time = 0; + fprintf(stats_fp,"[\n"); saveTopStats(stats_fp, topSrcStats, DIR_SRC, total_src_addr); + fprintf(stats_fp,",\n"); saveTopStats(stats_fp, topDstStats, DIR_DST, total_dst_addr); - + fprintf(stats_fp,"]\n"); + fclose(stats_fp); deleteTopStats(topSrcStats), deleteTopStats(topDstStats); -- cgit v1.2.3 From b39eb67836047299b89d50eb4162e4d7f79bd8af Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 22 May 2017 14:44:31 +0200 Subject: Moved to 2.1.0 Updated test results --- configure.ac | 5 +- tests/result/skype.pcap.out | 268 ++++++++++++++++++++++---------------------- 2 files changed, 136 insertions(+), 137 deletions(-) diff --git a/configure.ac b/configure.ac index 959ee76de..825c7b56e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([libndpi], [1.8.0]) +AC_INIT([libndpi], [2.1.0]) AC_CONFIG_MACRO_DIR([m4]) @@ -18,8 +18,7 @@ if test -d ".git"; then : # # GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` - GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_BRANCH}-${GIT_NUM}-${GIT_TAG}" + GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" else GIT_RELEASE="${PACKAGE_VERSION}" GIT_DATE=`date` diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 3f63f0f28..ee2d81a69 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 381 48593 15 +Unknown 349 43621 14 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,7 +7,7 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1941 297337 246 +Skype 1973 302309 247 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -166,131 +166,132 @@ MS_OneDrive 387 198090 1 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 157 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 166 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 167 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 168 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 174 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 175 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 197 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 198 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 200 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 201 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 202 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 208 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 213 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 217 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 218 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 219 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 221 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 222 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 229 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 230 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 234 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes] - 235 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 238 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 244 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 245 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 246 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 247 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 253 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 254 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 255 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 256 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 257 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 259 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 268 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] + 155 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 157 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 158 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 159 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 167 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 168 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 169 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 170 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 175 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 176 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 195 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 197 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 198 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 199 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 200 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 201 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 202 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 203 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 206 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 209 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 211 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 212 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 213 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 214 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 215 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 216 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 217 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 218 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 219 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 221 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 222 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 223 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 225 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 226 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 227 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 228 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 229 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 230 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 231 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 235 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes] + 236 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 238 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 239 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 245 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 246 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 247 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 248 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 249 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 251 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 252 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 253 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 254 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 255 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 256 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 257 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 258 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 259 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 260 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 268 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 269 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 274 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 279 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -302,10 +303,9 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 13 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 12 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 13 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] -- cgit v1.2.3 From 601f7f59ff2ae016970a796c6314f55423ed7fe9 Mon Sep 17 00:00:00 2001 From: cardigliano Date: Mon, 22 May 2017 16:55:48 +0200 Subject: forcing quiet mode in extcap mode --- example/ndpiReader.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2b683bf53..a1fa6f318 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -514,7 +514,10 @@ static void parseOptions(int argc, char **argv) { } } - if(do_capture) extcap_capture(); + if(do_capture) { + quiet_mode = 1; + extcap_capture(); + } // check parameters if(_pcap_file[0] == NULL || strcmp(_pcap_file[0], "") == 0) { -- cgit v1.2.3 From 26bd42a71c249575837021d5d8a6ae4c5bfa57b6 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Tue, 23 May 2017 18:02:53 +0200 Subject: crc32 fix --- example/ndpiReader.c | 7 +++---- example/ndpi_util.c | 34 +++++++++++++++++----------------- example/ndpi_util.h | 2 +- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a1fa6f318..6aed8ec88 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1788,7 +1788,6 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi return pcap_handle; } - /** * @brief Check pcap packet */ @@ -1868,9 +1867,9 @@ static void pcap_process_packet(u_char *args, trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)]; - *crc = 0; - ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer), crc); - h.caplen += delta, h.len += delta; + *crc = ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer)); + h.caplen += delta; + h.len += delta; #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Dumping %u bytes packet\n", h.caplen); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d6836176a..1e7e498d0 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -884,10 +884,8 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - int j; - - for(j = 0; j < 8; ++j) - r = ((r & 1) ? 0 : ((uint32_t)0xEDB88320L) ^ r >> 1); + for(int j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; return r ^ (uint32_t)0xFF000000L; } @@ -897,31 +895,33 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - size_t i, k, w, j; - - for(i = 0; i < 0x100; ++i) + for(size_t i = 0; i < 0x100; ++i) table[i] = crc32_for_byte(i); - for(k = 0; k < sizeof(accum_t); ++k) - for(i = 0; i < 0x100; ++i) { - for(j = w = 0; j < sizeof(accum_t); ++j) + for(size_t k = 0; k < sizeof(accum_t); ++k) + for(size_t w, i = 0; i < 0x100; ++i) { + for(size_t j = w = 0; j < sizeof(accum_t); ++j) w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); } } -void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { +static void __crc32(const void* data, size_t n_bytes, uint32_t* crc) { static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; size_t n_accum = n_bytes/sizeof(accum_t); - size_t i, j; - if(!*table) init_tables(table, wtable); - for(i = 0; i < n_accum; ++i) { + for(size_t i = 0; i < n_accum; ++i) { accum_t a = *crc ^ ((accum_t*)data)[i]; - for(j = *crc = 0; j < sizeof(accum_t); ++j) + for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; } - - for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } + +u_int32_t ethernet_crc32(const void* data, size_t n_bytes) { + u_int32_t crc = 0; + __crc32(data, n_bytes, &crc); + return crc; +} + diff --git a/example/ndpi_util.h b/example/ndpi_util.h index e8d301acb..d7fdd9928 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -165,6 +165,6 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * /* compare two nodes in workflow */ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); -void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); +u_int32_t ethernet_crc32(const void* data, size_t n_bytes); void ndpi_flow_info_freer(void *node); #endif -- cgit v1.2.3 From 1a20029c8254f53e00850667c1cb531347c1690f Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Tue, 23 May 2017 18:56:43 +0200 Subject: compilation fixes --- example/ndpi_util.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 1e7e498d0..e90400b8f 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -884,7 +884,8 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - for(int j = 0; j < 8; ++j) + int j; + for(j = 0; j < 8; ++j) r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; return r ^ (uint32_t)0xFF000000L; } @@ -895,11 +896,12 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - for(size_t i = 0; i < 0x100; ++i) + size_t i, j, k, w; + for(i = 0; i < 0x100; ++i) table[i] = crc32_for_byte(i); - for(size_t k = 0; k < sizeof(accum_t); ++k) - for(size_t w, i = 0; i < 0x100; ++i) { - for(size_t j = w = 0; j < sizeof(accum_t); ++j) + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); } @@ -908,14 +910,15 @@ static void init_tables(uint32_t* table, uint32_t* wtable) { static void __crc32(const void* data, size_t n_bytes, uint32_t* crc) { static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, j; if(!*table) init_tables(table, wtable); - for(size_t i = 0; i < n_accum; ++i) { + for(i = 0; i < n_accum; ++i) { accum_t a = *crc ^ ((accum_t*)data)[i]; - for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + for(j = *crc = 0; j < sizeof(accum_t); ++j) *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; } - for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } -- cgit v1.2.3 From c723f7e668b78894896d7afbfb4f9ec894e8c485 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 23 May 2017 23:31:43 +0200 Subject: Added VLAN / ARP stats --- wireshark/ndpi.lua | 397 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 340 insertions(+), 57 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 789b46f54..1a7c400a8 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -11,7 +11,7 @@ local fds = ndpi_proto.fields fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) -fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) +fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) local f_eth_trailer = Field.new("eth.trailer") @@ -19,6 +19,10 @@ local ndpi_protos = {} local ndpi_flows = {} local num_ndpi_flows = 0 +local arp_stats = {} +local vlan_stats = {} +local vlan_found = false + local lower_ndpi_flow_id = 0 local lower_ndpi_flow_volume = 0 @@ -26,9 +30,53 @@ local compute_flows_stats = true local max_num_entries = 10 local max_num_flows = 50 +local num_pkts = 0 +local last_processed_packet_number = 0 + +local debug = false + +-- ############################################## + +function string.contains(String,Start) + if type(String) ~= 'string' or type(Start) ~= 'string' then + return false + end + return(string.find(String,Start,1) ~= nil) +end + +-- ############################################## + +function string.starts(String,Start) + if type(String) ~= 'string' or type(Start) ~= 'string' then + return false + end + return string.sub(String,1,string.len(Start))==Start +end + +-- ############################################## + +function string.ends(String,End) + if type(String) ~= 'string' or type(End) ~= 'string' then + return false + end + return End=='' or string.sub(String,-string.len(End))==End +end + -- ############################################### -function round(num, idp) return tonumber(string.format("%." .. (idp or 0) .. "f", num)) end +function round(num, idp) + return tonumber(string.format("%." .. (idp or 0) .. "f", num)) +end + +function formatPctg(p) + local p = round(p, 1) + + if(p < 1) then return("< 1 %") end + + return p.." %" +end + +-- ############################################### -- Convert bytes to human readable format function bytesToSize(bytes) @@ -44,13 +92,13 @@ function bytesToSize(bytes) bytes = tonumber(bytes) if((bytes >= 0) and (bytes < kilobyte)) then return round(bytes, precision) .. " Bytes"; - elseif((bytes >= kilobyte) and (bytes < megabyte)) then + elseif((bytes >= kilobyte) and (bytes < megabyte)) then return round(bytes / kilobyte, precision) .. ' KB'; - elseif((bytes >= megabyte) and (bytes < gigabyte)) then + elseif((bytes >= megabyte) and (bytes < gigabyte)) then return round(bytes / megabyte, precision) .. ' MB'; - elseif((bytes >= gigabyte) and (bytes < terabyte)) then + elseif((bytes >= gigabyte) and (bytes < terabyte)) then return round(bytes / gigabyte, precision) .. ' GB'; - elseif(bytes >= terabyte) then + elseif(bytes >= terabyte) then return round(bytes / terabyte, precision) .. ' TB'; else return round(bytes, precision) .. ' Bytes'; @@ -58,6 +106,8 @@ function bytesToSize(bytes) end end +-- ############################################### + function pairsByValues(t, f) local a = {} for n in pairs(t) do table.insert(a, n) end @@ -72,21 +122,68 @@ function pairsByValues(t, f) return iter end +-- ############################################### + function asc(a,b) return (a < b) end function rev(a,b) return (a > b) end -- ############################################### +local function BitOR(a,b)--Bitwise or + local p,c=1,0 + while a+b>0 do + local ra,rb=a%2,b%2 + if ra+rb>0 then c=c+p end + a,b,p=(a-ra)/2,(b-rb)/2,p*2 + end + return c +end + +local function BitNOT(n) + local p,c=1,0 + while n>0 do + local r=n%2 + if r<1 then c=c+p end + n,p=(n-r)/2,p*2 + end + return c +end + +local function BitAND(a,b)--Bitwise and (portable edition) + local p,c=1,0 + while a>0 and b>0 do + local ra,rb=a%2,b%2 + if ra+rb>1 then c=c+p end + a,b,p=(a-ra)/2,(b-rb)/2,p*2 + end + return c +end + +-- ############################################### + function ndpi_proto.init() - ndpi_protos = {} - ndpi_flows = {} + ndpi_protos = { } + ndpi_flows = { } + + num_ndpi_flows = 0 + lower_ndpi_flow_id = 0 + lower_ndpi_flow_volume = 0 + num_pkts = 0 + last_processed_packet_number = 0 + + -- ARP + arp_stats = { } + + -- VLAN + vlan_stats = { } + vlan_found = false end function slen(str) local i = 1 local len = 0 local zero = string.char(0) - + for i = 1, 16 do local c = str:sub(i,i) @@ -94,69 +191,213 @@ function slen(str) len = len + 1 else break - end + end end return(str:sub(1, len)) end +-- Print contents of `tbl`, with indentation. +-- You can call it as tprint(mytable) +-- The other two parameters should not be set +function tprint(s, l, i) + l = (l) or 1000; i = i or "";-- default item limit, indent string + if (l<1) then io.write("ERROR: Item limit reached.\n"); return l-1 end; + local ts = type(s); + if (ts ~= "table") then io.write(i..' '..ts..' '..tostring(s)..'\n'); return l-1 end + io.write(i..' '..ts..'\n'); + for k,v in pairs(s) do + local indent = "" + + if(i ~= "") then + indent = i .. "." + end + indent = indent .. tostring(k) + + l = tprint(v, l, indent); + if (l < 0) then break end + end + + return l +end + +-- ############################################### + +local function getstring(finfo) + local ok, val = pcall(tostring, finfo) + if not ok then val = "(unknown)" end + return val +end + +local function getval(finfo) + local ok, val = pcall(tostring, finfo) + if not ok then val = nil end + return val +end + +function dump_pinfo(pinfo) + local fields = { all_field_infos() } + for ix, finfo in ipairs(fields) do + -- output = output .. "\t[" .. ix .. "] " .. finfo.name .. " = " .. getstring(finfo) .. "\n" + --print(finfo.name .. "\n") + print("\t[" .. ix .. "] " .. finfo.name .. " = " .. getstring(finfo) .. "\n") + end +end + +-- ############################################### + + +function initARPEntry(mac) + if(arp_stats[mac] == nil) then + arp_stats[mac] = { request_sent=0, request_rcvd=0, response_sent=0, response_rcvd=0 } + end +end + +function dissectARP(isRequest, src_mac, dst_mac) + local mac + + -- print(num_pkts) + if(isRequest == 1) then + -- ARP Request + initARPEntry(src_mac) + arp_stats[src_mac].request_sent = arp_stats[src_mac].request_sent + 1 + + initARPEntry(dst_mac) + arp_stats[dst_mac].request_rcvd = arp_stats[dst_mac].request_rcvd + 1 + else + -- ARP Response + initARPEntry(src_mac) + arp_stats[src_mac].response_sent = arp_stats[src_mac].response_sent + 1 + + initARPEntry(dst_mac) + arp_stats[dst_mac].response_rcvd = arp_stats[dst_mac].response_rcvd + 1 + end +end + +-- ############################################### + -- the dissector function callback function ndpi_proto.dissector(tvb, pinfo, tree) - local pktlen = tvb:len() - local eth_trailer = f_eth_trailer() - local magic = tostring(tvb(pktlen-28,4)) - - if(magic == "19680924") then - local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") - local network_protocol = tvb(pktlen-24,2) - local application_protocol = tvb(pktlen-22,2) - local name = tvb(pktlen-20,16) - local name_str = name:string(ENC_ASCII) - local ndpikey, srckey, dstkey, flowkey - - ndpi_subtree:add(fds.network_protocol, network_protocol) - ndpi_subtree:add(fds.application_protocol, application_protocol) - ndpi_subtree:add(fds.name, name) - - local pname = ""..application_protocol - if(pname ~= "0000") then - -- Set protocol name in the wireshark protocol column (if not Unknown) - pinfo.cols.protocol = name_str + -- Wireshark dissects the packet twice. We ignore the first + -- run as on that step the packet is still undecoded + -- The trick below avoids to process the packet twice + + if(pinfo.visited == false) then return end + + num_pkts = num_pkts + 1 + if((num_pkts > 1) and (pinfo.number == 1)) then return end + + if(last_processed_packet_number < pinfo.number) then + last_processed_packet_number = pinfo.number + end + + -- print(num_pkts .. " / " .. pinfo.number .. " / " .. last_processed_packet_number) + + -- ############# ARP / VLAN ############# + local offset = 12 + local eth_proto = tostring(tvb(offset,2)) + + if(eth_proto == "8100") then + local vlan_id = BitAND(tonumber(tostring(tvb(offset+2,2))), 0xFFF) + + if(vlan_stats[vlan_id] == nil) then vlan_stats[vlan_id] = 0 end + vlan_stats[vlan_id] = vlan_stats[vlan_id] + 1 + vlan_found = true + end + + while(eth_proto == "8100") do + offset = offset + 4 + eth_proto = tostring(tvb(offset,2)) + end + + if(eth_proto == "0806") then + -- ARP + local isRequest = tonumber(tvb(21,1)) + --print(eth_proto.." ["..tostring(pinfo.dl_src).." / ".. tostring(pinfo.dl_dst) .."] [" .. tostring(pinfo.src).." -> "..tostring(pinfo.dst).."]") + dissectARP(isRequest, tostring(pinfo.dl_src), tostring(pinfo.dl_dst)) + else + -- ############# 2 nDPI Dissection ############# + + if(false) then + local srckey = tostring(pinfo.src) + local dstkey = tostring(pinfo.dst) + print("Processing packet "..pinfo.number .. "["..srckey.." / "..dstkey.."]") end - if(compute_flows_stats) then - ndpikey = tostring(slen(name_str)) - - if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end - ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len - - srckey = tostring(pinfo.src) - dstkey = tostring(pinfo.dst) - - flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]" - if(ndpi_flows[flowkey] == nil) then - ndpi_flows[flowkey] = 0 - num_ndpi_flows = num_ndpi_flows + 1 - - if(num_ndpi_flows > max_num_flows) then - -- We need to harvest the flow with least packets beside this new one - local tot_removed = 0 - - for k,v in pairsByValues(ndpi_flows, asc) do - if(k ~= flowkey) then - table.remove(ndpi_flows, k) - tot_removed = tot_removed + 1 - if(tot_removed == max_num_entries) then - break + local pktlen = tvb:len() + local eth_trailer = f_eth_trailer() + local magic = tostring(tvb(pktlen-28,4)) + + if(magic == "19680924") then + local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") + local network_protocol = tvb(pktlen-24,2) + local application_protocol = tvb(pktlen-22,2) + local name = tvb(pktlen-20,16) + local name_str = name:string(ENC_ASCII) + local ndpikey, srckey, dstkey, flowkey + + ndpi_subtree:add(fds.network_protocol, network_protocol) + ndpi_subtree:add(fds.application_protocol, application_protocol) + ndpi_subtree:add(fds.name, name) + + local pname = ""..application_protocol + if(pname ~= "0000") then + -- Set protocol name in the wireshark protocol column (if not Unknown) + pinfo.cols.protocol = name_str + end + + if(compute_flows_stats) then + ndpikey = tostring(slen(name_str)) + + if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end + ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len + + srckey = tostring(pinfo.src) + dstkey = tostring(pinfo.dst) + + flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]" + if(ndpi_flows[flowkey] == nil) then + ndpi_flows[flowkey] = 0 + num_ndpi_flows = num_ndpi_flows + 1 + + if(num_ndpi_flows > max_num_flows) then + -- We need to harvest the flow with least packets beside this new one + local tot_removed = 0 + + for k,v in pairsByValues(ndpi_flows, asc) do + if(k ~= flowkey) then + table.remove(ndpi_flows, k) + tot_removed = tot_removed + 1 + if(tot_removed == max_num_entries) then + break + end end end - end + end end + + ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len end + end -- nDPI + + if(debug) then + local fields = { } + local _fields = { all_field_infos() } + + fields['pinfo.number'] = pinfo.number - ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len + for k,v in pairs(_fields) do + local value = getstring(v) + if(value ~= nil) then + fields[v.name] = value + end + end + + for k,v in pairs(fields) do + print(k.." = "..v) + end end end end @@ -165,7 +406,6 @@ register_postdissector(ndpi_proto) -- ############################################### - local function ndpi_dialog_menu() local win = TextWindow.new("nDPI Protocol Statistics"); local label = "" @@ -196,6 +436,49 @@ local function ndpi_dialog_menu() end end +-- ############################################### + if(compute_flows_stats) then register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) end + +-- ############################################### + +local function arp_dialog_menu() + local win = TextWindow.new("ARP Statistics"); + local label + local _stats + local found = false + + _stats = {} + for k,v in pairs(arp_stats) do + if(k ~= "Broadcast") then + _stats[k] = v.request_sent + v.request_rcvd + v.response_sent + v.response_rcvd + found = true + end + end + + if(not found) then + label = "No ARP Traffic detected" + else + label = "Top ARP Senders/Receivers\n\nMAC Address\tTot Pkts\tPctg\tARP Breakdown\n" + for k,v in pairsByValues(_stats, rev) do + local s = arp_stats[k] + local pctg = formatPctg((v * 100) / last_processed_packet_number) + local str = k .. "\t" .. v .. "\t" .. pctg .. "\t" .. "[sent: ".. (s.request_sent + s.response_sent) .. "][rcvd: ".. (s.request_rcvd + s.response_rcvd) .. "]\n" + label = label .. str + end + end + + if(vlan_found) then + label = label .. "\n\nVLAN\tPackets\n" + for k,v in pairsByValues(vlan_stats, rev) do + local pctg = formatPctg((v * 100) / last_processed_packet_number) + label = label .. k .. "\t" .. v .. " pkts [".. pctg .." %]\n" + end + end + + win:set(label) +end + +register_menu("ARP / VLAN", arp_dialog_menu, MENU_STAT_UNSORTED) -- cgit v1.2.3 From 50e26ca400f8b6473fdf4487383aebc22d8b9373 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 24 May 2017 00:51:21 +0200 Subject: Implemented MAC stats --- wireshark/ndpi.lua | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 1a7c400a8..a2a740a0e 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -20,6 +20,7 @@ local ndpi_flows = {} local num_ndpi_flows = 0 local arp_stats = {} +local mac_stats = {} local vlan_stats = {} local vlan_found = false @@ -174,6 +175,9 @@ function ndpi_proto.init() -- ARP arp_stats = { } + -- MAC + mac_stats = { } + -- VLAN vlan_stats = { } vlan_found = false @@ -324,6 +328,11 @@ function ndpi_proto.dissector(tvb, pinfo, tree) print("Processing packet "..pinfo.number .. "["..srckey.." / "..dstkey.."]") end + local src_mac = tostring(pinfo.dl_src) + local src_ip = tostring(pinfo.src) + if(mac_stats[src_mac] == nil) then mac_stats[src_mac] = {} end + mac_stats[src_mac][src_ip] = 1 + local pktlen = tvb:len() local eth_trailer = f_eth_trailer() local magic = tostring(tvb(pktlen-28,4)) @@ -470,15 +479,53 @@ local function arp_dialog_menu() end end + win:set(label) +end + +-- ############################################### + +local function mac_vlan_dialog_menu() + local win = TextWindow.new("MAC / VLAN Statistics"); + local label + local _macs + local num_hosts = 0 + if(vlan_found) then - label = label .. "\n\nVLAN\tPackets\n" + label = "VLAN\tPackets\n" for k,v in pairsByValues(vlan_stats, rev) do local pctg = formatPctg((v * 100) / last_processed_packet_number) - label = label .. k .. "\t" .. v .. " pkts [".. pctg .." %]\n" + label = label .. k .. "\t" .. v .. " pkts [".. pctg .."]\n" end + else + label = "No VLAN traffic found" end + -- ############################## + + _macs = {} + for mac,v in pairs(mac_stats) do + local num = 0 + + for a,b in pairs(v) do + num = num +1 + end + + _macs[mac] = num + num_hosts = num_hosts + num + end + + if(num_hosts > 0) then + label = label .. "\n\nMAC\t\t# Hosts\tPercentage\n" + for k,v in pairsByValues(_macs, rev) do + local pctg = formatPctg((v * 100) / num_hosts) + label = label .. k .. "\t" .. v .. "\t".. pctg .."\n" + end + end + win:set(label) end -register_menu("ARP / VLAN", arp_dialog_menu, MENU_STAT_UNSORTED) +-- ############################################### + +register_menu("ARP", arp_dialog_menu, MENU_STAT_UNSORTED) +register_menu("MAC / VLAN", mac_vlan_dialog_menu, MENU_STAT_UNSORTED) -- cgit v1.2.3 From 904210e87cc792d48b610356647995f506c15e4e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 24 May 2017 16:06:23 +0200 Subject: Split src2dst / dst2src traffic --- example/Makefile.am | 2 +- example/ndpiReader.c | 35 ++++++++++++++++++++--------------- example/ndpi_util.c | 11 ++++++++--- example/ndpi_util.h | 4 ++-- 4 files changed, 31 insertions(+), 21 deletions(-) diff --git a/example/Makefile.am b/example/Makefile.am index 1a0570b1f..1a2bf453d 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -3,7 +3,7 @@ bin_PROGRAMS = ndpiReader AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage -LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ +LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm AM_LDFLAGS = -static @DL_LIB@ ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6aed8ec88..6346dca01 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -42,6 +42,7 @@ #include #include #include +#include #include "../config.h" #include "ndpi_api.h" #include "uthash.h" @@ -662,8 +663,10 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->detected_protocol.app_protocol, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); - fprintf(out, "[%u pkts/%llu bytes]", - flow->packets, (long long unsigned int) flow->bytes); + fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes); + fprintf(out, "%s %u pkts/%llu bytes]", + (flow->dst2src_packets > 0) ? "<->" : "->", + flow->dst2src_packets, (long long unsigned int) flow->dst2src_bytes); if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); @@ -702,8 +705,8 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { json_object_new_string(ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol))); - json_object_object_add(jObj,"packets",json_object_new_int(flow->packets)); - json_object_object_add(jObj,"bytes",json_object_new_int(flow->bytes)); + json_object_object_add(jObj,"packets",json_object_new_int(flow->src2dst_packets + flow->dst2src_packets)); + json_object_object_add(jObj,"bytes",json_object_new_int(flow->src2dst_bytes + flow->dst2src_bytes)); if(flow->host_server_name[0] != '\0') json_object_object_add(jObj,"host.server.name",json_object_new_string(flow->host_server_name)); @@ -796,8 +799,8 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); - ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->packets; - ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->bytes; + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->src2dst_packets + flow->dst2src_packets; + ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; } } @@ -898,17 +901,20 @@ void updateTopIpAddress(const char *addr, int count, struct info_pair top[], int } /* *********************************************** */ -static void updatePortStats(struct port_stats **stats, u_int32_t port, const char *addr, u_int32_t num_pkts, u_int32_t num_bytes) { + +static void updatePortStats(struct port_stats **stats, u_int32_t port, + const char *addr, u_int32_t num_pkts, + u_int32_t num_bytes) { struct port_stats *s; - int count=0; + int count = 0; HASH_FIND_INT(*stats, &port, s); if(s == NULL) { s = (struct port_stats*)malloc(sizeof(struct port_stats)); if(!s) return; - s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes; - s->num_addr = 1, s->cumulative_addr = 1; + s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes, + s->num_addr = 1, s->cumulative_addr = 1; memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); updateTopIpAddress(addr, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); @@ -958,15 +964,14 @@ static void deletePortsStats(struct port_stats *stats) { static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t sport, dport; - char saddr[48]; - char daddr[48]; + char saddr[48], daddr[48]; sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); strncpy(saddr, flow->lower_name, sizeof(saddr)); strncpy(daddr, flow->upper_name, sizeof(daddr)); - updatePortStats(&srcStats, sport, saddr, flow->packets, flow->bytes); - updatePortStats(&dstStats, dport, daddr, flow->packets, flow->bytes); + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes); + if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes); } /* *********************************************** */ @@ -1257,7 +1262,7 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ s->port = sp->port; s->num_pkts = sp->num_pkts; - s->prcnt_pkt = (sp->num_pkts*100.0)/total_packet_count; + s->prcnt_pkt = (sp->num_pkts*100.0)/total_packet_count; s->num_addr = sp->num_addr; qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index e90400b8f..ef4353e81 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -511,7 +511,12 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */, workflow->stats.total_ip_bytes += rawsize; ndpi_flow = flow->ndpi_flow; - flow->packets++, flow->bytes += rawsize; + + if(src_to_dst_direction) + flow->src2dst_packets++, flow->src2dst_bytes += rawsize; + else + flow->dst2src_packets++, flow->dst2src_bytes += rawsize; + flow->last_seen = time; } else { // flow is NULL workflow->stats.total_discarded_bytes++; @@ -526,8 +531,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ipsize, time, src, dst); if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) - || ((proto == IPPROTO_UDP) && (flow->packets > 8)) - || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { + || ((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > 8)) + || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) { /* New protocol detected or give up */ flow->detection_completed = 1; diff --git a/example/ndpi_util.h b/example/ndpi_util.h index d7fdd9928..f1807e56a 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -57,8 +57,8 @@ typedef struct ndpi_flow_info { char lower_name[48], upper_name[48]; u_int8_t ip_version; u_int64_t last_seen; - u_int64_t bytes; - u_int32_t packets; + u_int64_t src2dst_bytes, dst2src_bytes; + u_int32_t src2dst_packets, dst2src_packets; // result only, not used for flow identification ndpi_protocol detected_protocol; -- cgit v1.2.3 From 993605d4f38e6e63a9ca6fee14a60688ae9df0de Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 24 May 2017 18:53:51 +0200 Subject: Fixed bug that was forcing the reader to pass several times the same flow renamed some variables --- example/ndpiReader.c | 43 +++++++++++++++++++++++-------------------- example/ndpi_util.c | 52 ++++++++++++++++++++++++++-------------------------- example/ndpi_util.h | 10 +++++----- 3 files changed, 54 insertions(+), 51 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6346dca01..6184ea380 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -643,10 +643,10 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { fprintf(out, "%s%s%s:%u %s %s%s%s:%u ", (flow->ip_version == 6) ? "[" : "", - flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port), + flow->src_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->src_port), flow->bidirectional ? "<->" : "->", (flow->ip_version == 6) ? "[" : "", - flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port) + flow->dst_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->dst_port) ); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); @@ -681,10 +681,10 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { jObj = json_object_new_object(); json_object_object_add(jObj,"protocol",json_object_new_string(ipProto2Name(flow->protocol))); - json_object_object_add(jObj,"host_a.name",json_object_new_string(flow->lower_name)); - json_object_object_add(jObj,"host_a.port",json_object_new_int(ntohs(flow->lower_port))); - json_object_object_add(jObj,"host_b.name",json_object_new_string(flow->upper_name)); - json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->upper_port))); + json_object_object_add(jObj,"host_a.name",json_object_new_string(flow->src_name)); + json_object_object_add(jObj,"host_a.port",json_object_new_int(ntohs(flow->src_port))); + json_object_object_add(jObj,"host_b.name",json_object_new_string(flow->dst_name)); + json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->dst_port))); if(flow->detected_protocol.master_protocol) json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol)); @@ -768,10 +768,10 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->protocol, - ntohl(flow->lower_ip), - ntohs(flow->lower_port), - ntohl(flow->upper_ip), - ntohs(flow->upper_port)); + ntohl(flow->src_ip), + ntohs(flow->src_port), + ntohl(flow->dst_ip), + ntohs(flow->dst_port)); // printf("Guess state: %u\n", flow->detected_protocol); if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++; @@ -806,6 +806,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } /* *********************************************** */ + int updateIpTree(const char *key, addr_node **vrootp) { addr_node *q; addr_node **rootp = vrootp; @@ -962,16 +963,18 @@ static void deletePortsStats(struct port_stats *stats) { * @brief Ports stats */ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; - u_int16_t sport, dport; - char saddr[48], daddr[48]; - - sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); - strncpy(saddr, flow->lower_name, sizeof(saddr)); - strncpy(daddr, flow->upper_name, sizeof(daddr)); - - updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes); - if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes); + if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ + struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; + u_int16_t sport, dport; + char saddr[48], daddr[48]; + + sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); + strncpy(saddr, flow->src_name, sizeof(saddr)); + strncpy(daddr, flow->dst_name, sizeof(daddr)); + + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes); + if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes); + } } /* *********************************************** */ diff --git a/example/ndpi_util.c b/example/ndpi_util.c index ef4353e81..75bab6319 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -164,25 +164,25 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { if( ( - (fa->lower_ip == fb->lower_ip ) - && (fa->lower_port == fb->lower_port) - && (fa->upper_ip == fb->upper_ip ) - && (fa->upper_port == fb->upper_port) + (fa->src_ip == fb->src_ip ) + && (fa->src_port == fb->src_port) + && (fa->dst_ip == fb->dst_ip ) + && (fa->dst_port == fb->dst_port) ) || ( - (fa->lower_ip == fb->upper_ip ) - && (fa->lower_port == fb->upper_port) - && (fa->upper_ip == fb->lower_ip ) - && (fa->upper_port == fb->lower_port) + (fa->src_ip == fb->dst_ip ) + && (fa->src_port == fb->dst_port) + && (fa->dst_ip == fb->src_ip ) + && (fa->dst_port == fb->src_port) ) ) return(0); - if(fa->lower_ip < fb->lower_ip ) return(-1); else { if(fa->lower_ip > fb->lower_ip ) return(1); } - if(fa->lower_port < fb->lower_port) return(-1); else { if(fa->lower_port > fb->lower_port) return(1); } - if(fa->upper_ip < fb->upper_ip ) return(-1); else { if(fa->upper_ip > fb->upper_ip ) return(1); } - if(fa->upper_port < fb->upper_port) return(-1); else { if(fa->upper_port > fb->upper_port) return(1); } + if(fa->src_ip < fb->src_ip ) return(-1); else { if(fa->src_ip > fb->src_ip ) return(1); } + if(fa->src_port < fb->src_port) return(-1); else { if(fa->src_port > fb->src_port) return(1); } + if(fa->dst_ip < fb->dst_ip ) return(-1); else { if(fa->dst_ip > fb->dst_ip ) return(1); } + if(fa->dst_port < fb->dst_port) return(-1); else { if(fa->dst_port > fb->dst_port) return(1); } return(0); /* notreached */ } @@ -291,9 +291,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } flow.protocol = iph->protocol, flow.vlan_id = vlan_id; - flow.lower_ip = iph->saddr, flow.upper_ip = iph->daddr; - flow.lower_port = htons(*sport), flow.upper_port = htons(*dport); - flow.hashval = hashval = flow.protocol + flow.vlan_id + flow.lower_ip + flow.upper_ip + flow.lower_port + flow.upper_port; + flow.src_ip = iph->saddr, flow.dst_ip = iph->daddr; + flow.src_port = htons(*sport), flow.dst_port = htons(*dport); + flow.hashval = hashval = flow.protocol + flow.vlan_id + flow.src_ip + flow.dst_ip + flow.src_port + flow.dst_port; idx = hashval % workflow->prefs.num_roots; ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); @@ -314,18 +314,18 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow memset(newflow, 0, sizeof(struct ndpi_flow_info)); newflow->hashval = hashval; newflow->protocol = iph->protocol, newflow->vlan_id = vlan_id; - newflow->lower_ip = iph->saddr, newflow->upper_ip = iph->daddr; - newflow->lower_port = htons(*sport), newflow->upper_port = htons(*dport); + newflow->src_ip = iph->saddr, newflow->dst_ip = iph->daddr; + newflow->src_port = htons(*sport), newflow->dst_port = htons(*dport); newflow->ip_version = version; if(version == IPVERSION) { - inet_ntop(AF_INET, &newflow->lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); - inet_ntop(AF_INET, &newflow->upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); + inet_ntop(AF_INET, &newflow->src_ip, newflow->src_name, sizeof(newflow->src_name)); + inet_ntop(AF_INET, &newflow->dst_ip, newflow->dst_name, sizeof(newflow->dst_name)); } else { - inet_ntop(AF_INET6, &iph6->ip6_src, newflow->lower_name, sizeof(newflow->lower_name)); - inet_ntop(AF_INET6, &iph6->ip6_dst, newflow->upper_name, sizeof(newflow->upper_name)); + inet_ntop(AF_INET6, &iph6->ip6_src, newflow->src_name, sizeof(newflow->src_name)); + inet_ntop(AF_INET6, &iph6->ip6_dst, newflow->dst_name, sizeof(newflow->dst_name)); /* For consistency across platforms replace :0: with :: */ - patchIPv6Address(newflow->lower_name), patchIPv6Address(newflow->upper_name); + patchIPv6Address(newflow->src_name), patchIPv6Address(newflow->dst_name); } if((newflow->ndpi_flow = ndpi_flow_malloc(SIZEOF_FLOW_STRUCT)) == NULL) { @@ -359,10 +359,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } else { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)ret; - if(flow->lower_ip == iph->saddr - && flow->upper_ip == iph->daddr - && flow->lower_port == htons(*sport) - && flow->upper_port == htons(*dport) + if(flow->src_ip == iph->saddr + && flow->dst_ip == iph->daddr + && flow->src_port == htons(*sport) + && flow->dst_port == htons(*dport) ) *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; else diff --git a/example/ndpi_util.h b/example/ndpi_util.h index f1807e56a..6bed00854 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -47,14 +47,14 @@ // flow tracking typedef struct ndpi_flow_info { u_int32_t hashval; - u_int32_t lower_ip; - u_int32_t upper_ip; - u_int16_t lower_port; - u_int16_t upper_port; + u_int32_t src_ip; + u_int32_t dst_ip; + u_int16_t src_port; + u_int16_t dst_port; u_int8_t detection_completed, protocol, bidirectional; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; - char lower_name[48], upper_name[48]; + char src_name[48], dst_name[48]; u_int8_t ip_version; u_int64_t last_seen; u_int64_t src2dst_bytes, dst2src_bytes; -- cgit v1.2.3 From e1efee8594ac0a2f18e3888dba4423bcdcbab085 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 24 May 2017 10:11:04 -0700 Subject: Added check for searching JSON-C in home directory if not installed Fixed type --- configure.ac | 10 +++++++++- example/ndpiReader.c | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 825c7b56e..1507cc43b 100644 --- a/configure.ac +++ b/configure.ac @@ -79,7 +79,15 @@ AS_IF([test "x$enable_json_c" != "xno"], [ LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) ], - []) + [ + JSONC_HOME="$HOME/json-c" + if test -d "$JSONC_HOME"; then : + CFLAGS="$CFLAGS -I $JSONC_HOME" + LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" + AC_MSG_RESULT([Found json-c in $JSONC_HOME]) + AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) + fi + ]) ]) AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6184ea380..c00d630f0 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1314,7 +1314,7 @@ static void saveTopStats(FILE *fp, struct top_stats *stats, int direction, u_int } } - json_object_object_add(jsMain, (direction == DIR_SRC) ? "top.src.pckt.stats" : "top.dst.pckt.stats", jArray_filters); + json_object_object_add(jsMain, (direction == DIR_SRC) ? "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_filters); /*sort top stats by ip addr count*/ HASH_SORT(stats, top_stats_sort); -- cgit v1.2.3 From 98dcfd8393fd2df3d95732b90deb018873017049 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 25 May 2017 10:55:41 +0200 Subject: Reworked MAC stats --- wireshark/ndpi.lua | 75 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 8 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index a2a740a0e..6ac9546bb 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -79,6 +79,34 @@ end -- ############################################### +string.split = function(s, p) + local temp = {} + local index = 0 + local last_index = string.len(s) + + while true do + local i, e = string.find(s, p, index) + + if i and e then + local next_index = e + 1 + local word_bound = i - 1 + table.insert(temp, string.sub(s, index, word_bound)) + index = next_index + else + if index > 0 and index <= last_index then + table.insert(temp, string.sub(s, index, last_index)) + elseif index == 0 then + temp = nil + end + break + end + end + + return temp +end + +-- ############################################### + -- Convert bytes to human readable format function bytesToSize(bytes) if(bytes == nil) then @@ -455,7 +483,7 @@ end local function arp_dialog_menu() local win = TextWindow.new("ARP Statistics"); - local label + local label = "" local _stats local found = false @@ -471,11 +499,13 @@ local function arp_dialog_menu() label = "No ARP Traffic detected" else label = "Top ARP Senders/Receivers\n\nMAC Address\tTot Pkts\tPctg\tARP Breakdown\n" + i = 0 for k,v in pairsByValues(_stats, rev) do local s = arp_stats[k] local pctg = formatPctg((v * 100) / last_processed_packet_number) local str = k .. "\t" .. v .. "\t" .. pctg .. "\t" .. "[sent: ".. (s.request_sent + s.response_sent) .. "][rcvd: ".. (s.request_rcvd + s.response_rcvd) .. "]\n" label = label .. str + if(i == max_num_entries) then break else i = i + 1 end end end @@ -484,42 +514,70 @@ end -- ############################################### -local function mac_vlan_dialog_menu() - local win = TextWindow.new("MAC / VLAN Statistics"); - local label +local function vlan_dialog_menu() + local win = TextWindow.new("VLAN Statistics"); + local label = "" local _macs local num_hosts = 0 if(vlan_found) then + i = 0 label = "VLAN\tPackets\n" for k,v in pairsByValues(vlan_stats, rev) do local pctg = formatPctg((v * 100) / last_processed_packet_number) label = label .. k .. "\t" .. v .. " pkts [".. pctg .."]\n" + if(i == max_num_entries) then break else i = i + 1 end end else label = "No VLAN traffic found" end - -- ############################## + win:set(label) +end + +-- ############################################### + +local function ip_mac_dialog_menu() + local win = TextWindow.new("IP-MAC Statistics"); + local label = "" + local _macs, _manufacturers + local num_hosts = 0 _macs = {} + _manufacturers = {} for mac,v in pairs(mac_stats) do local num = 0 - + local m = string.split(mac, "_") + for a,b in pairs(v) do num = num +1 end _macs[mac] = num + if(_manufacturers[m[1]] == nil) then _manufacturers[m[1]] = 0 end + _manufacturers[m[1]] = _manufacturers[m[1]] + 1 num_hosts = num_hosts + num end if(num_hosts > 0) then - label = label .. "\n\nMAC\t\t# Hosts\tPercentage\n" + i = 0 + label = label .. "MAC\t\t# Hosts\tPercentage\n" for k,v in pairsByValues(_macs, rev) do local pctg = formatPctg((v * 100) / num_hosts) label = label .. k .. "\t" .. v .. "\t".. pctg .."\n" + if(i == max_num_entries) then break else i = i + 1 end end + + + i = 0 + label = label .. "\n\nManufacturer\t# Hosts\tPercentage\n" + for k,v in pairsByValues(_manufacturers, rev) do + local pctg = formatPctg((v * 100) / num_hosts) + label = label .. k .. "\t\t" .. v .. "\t".. pctg .."\n" + if(i == max_num_entries) then break else i = i + 1 end + end + else + label = label .. "\nIP-MAC traffic found" end win:set(label) @@ -528,4 +586,5 @@ end -- ############################################### register_menu("ARP", arp_dialog_menu, MENU_STAT_UNSORTED) -register_menu("MAC / VLAN", mac_vlan_dialog_menu, MENU_STAT_UNSORTED) +register_menu("VLAN", vlan_dialog_menu, MENU_STAT_UNSORTED) +register_menu("IP-MAC", ip_mac_dialog_menu, MENU_STAT_UNSORTED) -- cgit v1.2.3 From 07b1a930263a9c423e5fd50c75e7b1a1f9da0e1a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 25 May 2017 16:44:48 +0200 Subject: Latency calculation (work in progress) --- wireshark/ndpi.lua | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 64 insertions(+), 4 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 6ac9546bb..04c367ca4 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -24,6 +24,8 @@ local mac_stats = {} local vlan_stats = {} local vlan_found = false +local syn = {} +local synack = {} local lower_ndpi_flow_id = 0 local lower_ndpi_flow_volume = 0 @@ -209,6 +211,10 @@ function ndpi_proto.init() -- VLAN vlan_stats = { } vlan_found = false + + -- TCP + syn = {} + synack = {} end function slen(str) @@ -308,6 +314,22 @@ end -- ############################################### +function abstime_diff(a, b) + local secs1, frac1 = math.modf(a) + local secs2, frac2 = math.modf(b) + local diff + local diff_sec = secs1 - secs2 + local diff_res = frac1 - frac2 + + if(diff_res < 0) then diff_sec = diff_sec + 1 end + + return(diff_sec + diff_res) +end + +-- ############################################### + +local field_tcp_flags = Field.new('tcp.flags') + -- the dissector function callback function ndpi_proto.dissector(tvb, pinfo, tree) -- Wireshark dissects the packet twice. We ignore the first @@ -418,15 +440,53 @@ function ndpi_proto.dissector(tvb, pinfo, tree) end end -- nDPI + + local _tcp_flags = field_tcp_flags() + + if(_tcp_flags ~= nil) then + local key + local tcp_flags = field_tcp_flags().value + local secs, frac = math.modf(pinfo.abs_ts) + + local age = os.difftime(os.clock(), pinfo.abs_ts) + + tcp_flags = tonumber(tcp_flags) + + if(tcp_flags == 2) then + -- SYN + key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + syn[key] = pinfo.abs_ts + -- print("SYN @ ".. pinfo.abs_ts.." "..key) + + elseif(tcp_flags == 18) then + -- SYN|ACK + key = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) + -- print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) + synack[key] = pinfo.abs_ts + print("Client RTT --> ".. abstime_diff(synack[key], syn[key]) .. " sec") + table.remove(syn, key) + elseif(tcp_flags == 16) then + -- ACK + key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + -- print("ACK @ ".. pinfo.abs_ts.." "..key) + + if(synack[key] ~= nil) then + print("Server RTT --> ".. abstime_diff(pinfo.abs_ts, synack[key]) .. " sec") + table.remove(synack, key) + end + + end + end + if(debug) then local fields = { } local _fields = { all_field_infos() } - - fields['pinfo.number'] = pinfo.number - + + -- fields['pinfo.number'] = pinfo.number + for k,v in pairs(_fields) do local value = getstring(v) - + if(value ~= nil) then fields[v.name] = value end -- cgit v1.2.3 From d17ea73273eacf4044759fe4e563e96a8195ffdd Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 25 May 2017 17:13:43 +0200 Subject: update --- src/lib/ndpi_content_match.c.inc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 8b326f6e5..e5a5d68fb 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8148,6 +8148,11 @@ ndpi_protocol_match host_match[] = { { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From b1ecc45e4f81833c05127880df01a1faeabeef92 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 26 May 2017 02:44:54 +0200 Subject: Added timestamp, flow count and app. level protocol to (-b) diagnose statistics --- example/ndpiReader.c | 147 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 56 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index c00d630f0..92bebc0d2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -63,9 +63,11 @@ static char *_protoFilePath = NULL; /**< Protocol file path */ static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C static char *_jsonFilePath = NULL; /**< JSON file path */ +static FILE *stats_fp = NULL; /**< for Top Stats JSON file */ #endif #ifdef HAVE_JSON_C static json_object *jArray_known_flows, *jArray_unknown_flows; +static json_object *jArray_topStats; #endif static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; @@ -89,20 +91,21 @@ static u_int32_t num_flows; struct info_pair{ char addr[48]; - char protocol[64]; /*l4 protocol*/ + char proto[48]; /*l4 protocol*/ int count; }; typedef struct node_a{ char addr[48]; int count; - char protocol[64]; /*l4 protocol*/ + char proto[48]; /*l4 protocol*/ struct node_a *left, *right; }addr_node; struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; + u_int32_t num_flows; u_int32_t num_addr; /*to hold number of distinct IP addresses */ u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses */ addr_node *addr_tree; /* to hold distinct IP addresses */ @@ -116,10 +119,11 @@ struct port_stats *srcStats = NULL, *dstStats = NULL; struct top_stats { u_int32_t port; /* we'll use this field as the key */ char top_ip[48]; /*ip address that is contributed to > 95% of traffic*/ - char protocol[64]; /*application level protocol of top_ip */ + char proto[64]; /*application level protocol of top_ip */ u_int32_t num_pkts; float prcnt_pkt; /*percent of packets respect to total packets */ u_int32_t num_addr; /*to hold number of distinct IP addresses */ + u_int32_t num_flows; UT_hash_handle hh; /* makes this structure hashable */ }; @@ -807,7 +811,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -int updateIpTree(const char *key, addr_node **vrootp) { +int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { addr_node *q; addr_node **rootp = vrootp; int r; @@ -829,6 +833,7 @@ int updateIpTree(const char *key, addr_node **vrootp) { if(q != (addr_node *)0) { /* make new node */ *rootp = q; /* link new node to old */ strncpy(q->addr, key, sizeof(q->addr)); /* initialize new node */ + strncpy(q->proto, proto, sizeof(q->proto)); q->count = UPDATED_TREE; q->left = q->right = (addr_node *)0; return q->count; @@ -858,7 +863,7 @@ void freeIpTree(addr_node *root) { /* *********************************************** */ -void updateTopIpAddress(const char *addr, int count, struct info_pair top[], int size){ +void updateTopIpAddress(const char *addr, const char *proto, int count, struct info_pair top[], int size){ int update = 0; int r; int i; @@ -869,6 +874,7 @@ void updateTopIpAddress(const char *addr, int count, struct info_pair top[], int if(count == 0) return; strncpy(pair.addr, addr, sizeof(pair.addr)); + strncpy(pair.proto, proto, sizeof(pair.proto)); pair.count = count; @@ -905,7 +911,7 @@ void updateTopIpAddress(const char *addr, int count, struct info_pair top[], int static void updatePortStats(struct port_stats **stats, u_int32_t port, const char *addr, u_int32_t num_pkts, - u_int32_t num_bytes) { + u_int32_t num_bytes, const char *proto) { struct port_stats *s; int count = 0; @@ -915,15 +921,16 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, if(!s) return; s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes, - s->num_addr = 1, s->cumulative_addr = 1; + s->num_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); - updateTopIpAddress(addr, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + updateTopIpAddress(addr, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); if(!s->addr_tree) return; strncpy(s->addr_tree->addr, addr, sizeof(s->addr_tree->addr)); + strncpy(s->addr_tree->proto, proto, sizeof(s->addr_tree->proto)); s->addr_tree->count = 1; s->addr_tree->left = NULL; s->addr_tree->right = NULL; @@ -931,16 +938,16 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, HASH_ADD_INT(*stats, port, s); } else{ - count = updateIpTree(addr, &(*s).addr_tree); + count = updateIpTree(addr, &(*s).addr_tree, proto); if(count == UPDATED_TREE) s->num_addr++; if(count) { s->cumulative_addr++; - updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); } - s->num_pkts += num_pkts, s->num_bytes += num_bytes; + s->num_pkts += num_pkts, s->num_bytes += num_bytes, s->num_flows++; } } @@ -967,13 +974,23 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t sport, dport; char saddr[48], daddr[48]; + char proto[48]; + u_int16_t thread_id = *(int *)user_data; sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); strncpy(saddr, flow->src_name, sizeof(saddr)); strncpy(daddr, flow->dst_name, sizeof(daddr)); + + /* get app level protocol */ + if(flow->detected_protocol.master_protocol) + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol, proto, sizeof(proto)); + else + strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.app_protocol),sizeof(proto)); - updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes); - if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes); + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); + if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); } } @@ -1178,6 +1195,22 @@ char* formatPackets(float numPkts, char *buf) { static void json_init() { jArray_known_flows = json_object_new_array(); jArray_unknown_flows = json_object_new_array(); + jArray_topStats = json_object_new_array(); +} + +static void json_open_stats_file() { + if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) + || + (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { + printf("Error creating/opening file %s\n", _statsFilePath); + stats_flag = 0; + } + else file_first_time = 0; +} + +static void json_close_stats_file() { + fprintf(stats_fp,"%s\n",json_object_to_json_string(jArray_topStats)); + fclose(stats_fp); } #endif @@ -1267,13 +1300,14 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ s->num_pkts = sp->num_pkts; s->prcnt_pkt = (sp->num_pkts*100.0)/total_packet_count; s->num_addr = sp->num_addr; + s->num_flows = sp->num_flows; qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); inf = sp->top_ip_addrs[0]; if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT){ strncpy(s->top_ip, inf.addr, sizeof(s->top_ip)); - strncpy(s->protocol, inf.protocol, sizeof(s->protocol)); + strncpy(s->proto, inf.proto, sizeof(s->proto)); } HASH_ADD_INT(*topStats, port, s); @@ -1290,55 +1324,56 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ /* * @brief Save Top Stats in json format */ -static void saveTopStats(FILE *fp, struct top_stats *stats, int direction, u_int64_t total_ip_addr){ +static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int direction, u_int64_t total_ip_addr){ #ifdef HAVE_JSON_C struct top_stats *s, *tmp; - json_object *jsMain = json_object_new_object(); - json_object *jArray_filters = json_object_new_array(); + json_object *jArray_stats = json_object_new_array(); int i = 0; /* stats for packet burst diagnose */ HASH_ITER(hh, stats, s, tmp) { if(s->top_ip[0] != '\0'){ - json_object *jObj_topStats = json_object_new_object(); - json_object_object_add(jObj_topStats,"port",json_object_new_int(s->port)); - json_object_object_add(jObj_topStats,"packets.number",json_object_new_int64(s->num_pkts)); - json_object_object_add(jObj_topStats,"packets.percent",json_object_new_double(s->prcnt_pkt)); - json_object_object_add(jObj_topStats,"aggressive.ip",json_object_new_string(s->top_ip)); + json_object *jObj_stat = json_object_new_object(); + json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); + json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); + json_object_object_add(jObj_stat,"packets.percent",json_object_new_double(s->prcnt_pkt)); + json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); + json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); + json_object_object_add(jObj_stat,"protocol",json_object_new_string(s->proto)); - json_object_array_add(jArray_filters,jObj_topStats); + json_object_array_add(jArray_stats, jObj_stat); i++; if(i >= 10) break; } } - json_object_object_add(jsMain, (direction == DIR_SRC) ? "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_filters); + json_object_object_add(*jObj_group, (direction == DIR_SRC) ? + "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_stats); + + jArray_stats = json_object_new_array(); + i=0; /*sort top stats by ip addr count*/ HASH_SORT(stats, top_stats_sort); - jArray_filters = json_object_new_array(); - i=0; - /* stats for ip burst diagnose */ HASH_ITER(hh, stats, s, tmp) { - json_object *jObj_topStats = json_object_new_object(); - json_object_object_add(jObj_topStats,"port",json_object_new_int(s->port)); - json_object_object_add(jObj_topStats,"ip.total",json_object_new_int64(s->num_addr)); - json_object_object_add(jObj_topStats,"ip.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); + json_object *jObj_stat = json_object_new_object(); + json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); + json_object_object_add(jObj_stat,"ip.total",json_object_new_int64(s->num_addr)); + json_object_object_add(jObj_stat,"ip.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); - json_object_array_add(jArray_filters,jObj_topStats); + json_object_array_add(jArray_stats,jObj_stat); i++; if(i >= 10) break; } - json_object_object_add(jsMain, (direction == DIR_SRC) ? "top.src.ip.stats" : "top.dst.ip.stats", jArray_filters); - - fprintf(fp,"%s\n",json_object_to_json_string(jsMain)); + json_object_object_add(*jObj_group, (direction == DIR_SRC) ? + "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); #endif } @@ -1350,8 +1385,8 @@ void printPortStats(struct port_stats *stats) { HASH_ITER(hh, stats, s, tmp) { i++; - printf("\t%2d\tPort %5u\t[%u IP address(es)/%u pkts/%u bytes]\n\t\tTop IP Stats:\n", - i, s->port, s->num_addr, s->num_pkts, s->num_bytes); + printf("\t%2d\tPort %5u\t[%u IP address(es)/%u flows/%u pkts/%u bytes]\n\t\tTop IP Stats:\n", + i, s->port, s->num_addr, s->num_flows, s->num_pkts, s->num_bytes); qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); @@ -1381,7 +1416,6 @@ static void printResults(u_int64_t tot_usec) { char buf[32]; #ifdef HAVE_JSON_C FILE *json_fp = NULL; - FILE *stats_fp = NULL; json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; @@ -1637,26 +1671,19 @@ static void printResults(u_int64_t tot_usec) { u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats, cumulative_stats.ip_packet_count); u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats, cumulative_stats.ip_packet_count); - if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) - || - (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { - printf("Error creating file %s\n", _statsFilePath); - stats_flag = 0; - } - else { - file_first_time = 0; + json_object *jObj_stats = json_object_new_object(); + char timestamp[64]; - fprintf(stats_fp,"[\n"); - saveTopStats(stats_fp, topSrcStats, DIR_SRC, total_src_addr); - fprintf(stats_fp,",\n"); - saveTopStats(stats_fp, topDstStats, DIR_DST, total_dst_addr); - fprintf(stats_fp,"]\n"); - - fclose(stats_fp); + strftime(timestamp, sizeof(timestamp), "%FT%TZ", localtime(&pcap_start.tv_sec)); + json_object_object_add(jObj_stats, "time", json_object_new_string(timestamp)); - deleteTopStats(topSrcStats), deleteTopStats(topDstStats); - topSrcStats = NULL, topDstStats = NULL; - } + saveTopStats(&jObj_stats, topSrcStats, DIR_SRC, total_src_addr); + saveTopStats(&jObj_stats, topDstStats, DIR_DST, total_dst_addr); + + json_object_array_add(jArray_topStats, jObj_stats); + + deleteTopStats(topSrcStats), deleteTopStats(topDstStats); + topSrcStats = NULL, topDstStats = NULL; #endif } @@ -1901,6 +1928,7 @@ static void pcap_process_packet(u_char *args, tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); printResults(tot_usec); + for(i=0; iprefs.num_roots; i++) { ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); @@ -1975,6 +2003,7 @@ void test_lib() { #ifdef HAVE_JSON_C json_init(); + if(stats_flag) json_open_stats_file(); #endif #ifdef DEBUG_TRACE @@ -2026,6 +2055,12 @@ void test_lib() { /* Printing cumulative results */ printResults(tot_usec); +if(stats_flag){ +#ifdef HAVE_JSON_C + json_close_stats_file(); +#endif +} + for(thread_id = 0; thread_id < num_threads; thread_id++) { if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) pcap_close(ndpi_thread_info[thread_id].workflow->pcap_handle); -- cgit v1.2.3 From 4829222e738edddd8331cbfbb17b0ec2a763df5e Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 26 May 2017 11:26:22 +0200 Subject: update results after modifications --- tests/result/1kxun.pcap.out | 258 +++++----- tests/result/6in4tunnel.pcap.out | 20 +- tests/result/BGP_redist.pcap.out | 4 +- tests/result/EAQ.pcap.out | 62 +-- tests/result/Instagram.pcap.out | 64 +-- tests/result/KakaoTalk_chat.pcap.out | 76 +-- tests/result/KakaoTalk_talk.pcap.out | 40 +- tests/result/NTPv2.pcap.out | 2 +- tests/result/NTPv3.pcap.out | 2 +- tests/result/NTPv4.pcap.out | 2 +- tests/result/Oscar.pcap.out | 2 +- tests/result/Viber_session.pcap.out | 76 +-- tests/result/amqp.pcap.out | 6 +- tests/result/bittorrent.pcap.out | 48 +- tests/result/bittorrent_ip.pcap.out | 4 +- tests/result/bittorrent_utp.pcap.out | 2 +- tests/result/bt_search.pcap.out | 2 +- tests/result/coap_mqtt.pcap.out | 32 +- tests/result/dnscrypt.pcap.out | 8 +- tests/result/drda_db2.pcap.out | 2 +- tests/result/dropbox.pcap.out | 78 +-- tests/result/facebook.pcap.out | 4 +- tests/result/git.pcap.out | 2 +- tests/result/google_ssl.pcap.out | 2 +- tests/result/hangout.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 30 +- tests/result/mpeg.pcap.out | 2 +- tests/result/mpegts.pcap.out | 2 +- tests/result/msnms.pcap.out | 12 +- tests/result/mssql_tds.pcap.out | 24 +- tests/result/netflix.pcap.out | 122 ++--- tests/result/ocs.pcap.out | 40 +- tests/result/ookla.pcap.out | 4 +- tests/result/openvpn.pcap.out | 6 +- tests/result/pps.pcap.out | 214 ++++---- tests/result/quic.pcap.out | 20 +- tests/result/quickplay.pcap.out | 42 +- tests/result/rx.pcap.out | 10 +- tests/result/skype.pcap.out | 590 +++++++++++------------ tests/result/skype_no_unknown.pcap.out | 534 ++++++++++---------- tests/result/smpp_in_general.pcap.out | 2 +- tests/result/snapchat.pcap.out | 6 +- tests/result/starcraft_battle.pcap.out | 104 ++-- tests/result/teredo.pcap.out | 10 +- tests/result/tor.pcap.out | 22 +- tests/result/ubntac2.pcap.out | 16 +- tests/result/viber_mobile.pcap.out | 158 +++--- tests/result/vnc.pcap.out | 4 +- tests/result/waze.pcap.out | 66 +-- tests/result/webex.pcap.out | 114 ++--- tests/result/wechat.pcap.out | 206 ++++---- tests/result/weibo.pcap.out | 88 ++-- tests/result/whatsapp_login_call.pcap.out | 114 ++--- tests/result/whatsapp_login_chat.pcap.out | 18 +- tests/result/whatsapp_voice_and_message.pcap.out | 26 +- tests/result/youtube_quic.pcap.out | 6 +- 56 files changed, 1706 insertions(+), 1706 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 1f415d2f8..1860121c9 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -15,135 +15,135 @@ LLMNR 89 6799 47 Lync 2 132 1 1kxun 967 535718 28 - 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][23 pkts/7434 bytes] - 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] - 3 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 4 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 5 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] - 6 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][client: 1] - 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][client: 1] - 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][client: 1] - 10 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 11 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] - 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] - 13 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] - 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] - 15 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 16 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] - 18 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] - 19 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] - 20 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] - 21 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes] - 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: macbook-air] - 23 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: kevin-pc] - 24 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes] - 25 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] - 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] - 27 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes] - 28 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] - 29 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] - 30 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] - 31 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] - 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] - 33 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: kasper-mac] - 34 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes] - 35 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes] - 36 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes] - 37 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] - 38 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] - 39 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] - 40 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes] - 41 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] - 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] - 43 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] - 44 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] - 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080] - 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] - 47 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] - 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] - 49 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] - 50 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] - 51 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] - 52 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes] - 53 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] - 54 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] - 55 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 56 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] - 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] - 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] - 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][25 pkts/4950 bytes][Host: vv.video.qq.com] - 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] - 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] - 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] - 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][client: 1] - 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] - 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] - 66 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 67 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes] - 68 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] - 69 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] - 70 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes][Host: wpad] - 71 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] - 72 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] - 73 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes] - 74 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes] - 75 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes] - 76 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes] - 77 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes] - 78 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes] - 79 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: ro_x1c] - 80 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: kevin-pc] - 81 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] - 82 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] - 83 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes] - 84 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] - 85 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] - 86 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] - 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] - 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 90 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] - 91 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: jason-pc] - 92 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] - 93 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes][Host: sonusav] - 94 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] - 95 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] - 96 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][9 pkts/4347 bytes] - 97 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][10 pkts/2493 bytes] - 98 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] - 99 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 100 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] - 101 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] - 102 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] - 103 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes] - 104 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: usher-pc] - 105 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] - 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][3 pkts/176 bytes] - 107 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes] - 108 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: joanna-pc] - 109 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] - 110 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes] - 111 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] - 112 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes] - 113 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes] - 114 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes] - 115 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes] - 116 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes] - 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][14 pkts/2858 bytes][Host: jp.kankan.1kxun.mobi] - 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][43 pkts/31191 bytes][Host: pic.1kxun.com] - 119 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] - 120 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] - 121 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] - 122 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] + 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] + 3 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 4 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 5 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 6 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes -> 0 pkts/0 bytes] + 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] + 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] + 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] + 10 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 11 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] + 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] + 13 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] + 15 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] + 18 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] + 19 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 20 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 21 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] + 23 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 24 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] + 27 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 29 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 31 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] + 33 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] + 34 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes -> 0 pkts/0 bytes] + 36 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 38 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes -> 0 pkts/0 bytes] + 40 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes -> 0 pkts/0 bytes] + 41 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] + 43 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 44 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] + 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] + 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] + 47 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] + 49 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] + 50 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] + 51 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] + 52 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] + 53 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 54 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] + 55 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes -> 0 pkts/0 bytes] + 56 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] + 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] + 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] + 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] + 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] + 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] + 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] + 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] + 66 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 67 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 69 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 70 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] + 71 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 72 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 73 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] + 74 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] + 75 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] + 76 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] + 77 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] + 79 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 80 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 81 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 82 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 83 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] + 84 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 85 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 86 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 90 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 91 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 92 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 93 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] + 94 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 95 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 96 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] + 97 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] + 98 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 99 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 100 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 101 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 102 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 103 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 104 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 105 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 107 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 109 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 110 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] + 111 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 112 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] + 114 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] + 115 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] + 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] + 119 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] + 120 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] + 121 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] + 122 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] Undetected flows: - 1 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes] - 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] - 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] - 4 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes] - 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes] - 6 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes] - 7 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes] + 1 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] + 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] + 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] + 6 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 3377c823a..187ee661a 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,13 +4,13 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] - 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] - 4 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] - 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] - 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] - 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] - 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][2 pkts/258 bytes] - 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] - 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com] + 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com] + 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][client: mail.tomasu.net][server: mail.tomasu.net] + 4 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes -> 0 pkts/0 bytes] + 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes -> 0 pkts/0 bytes] + 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] + 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][23 pkts/3174 bytes <-> 23 pkts/3174 bytes] + 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] + 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com] + 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net] diff --git a/tests/result/BGP_redist.pcap.out b/tests/result/BGP_redist.pcap.out index a65505a52..2d43ab525 100644 --- a/tests/result/BGP_redist.pcap.out +++ b/tests/result/BGP_redist.pcap.out @@ -1,4 +1,4 @@ BGP 2 322 2 - 1 TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][1 pkts/163 bytes] - 2 TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][1 pkts/159 bytes] + 1 TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][1 pkts/163 bytes -> 0 pkts/0 bytes] + 2 TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][1 pkts/159 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 1485ad1d6..663b6a9b5 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -1,34 +1,34 @@ Google 23 11743 2 EAQ 174 10092 29 - 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][14 pkts/10589 bytes][Host: www.google.com.br] - 2 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 3 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 4 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][9 pkts/1154 bytes][Host: www.google.com] - 5 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 6 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 7 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 8 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 9 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 10 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 11 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 12 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 13 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 14 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 15 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 16 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 17 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 18 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 19 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 20 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 21 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 22 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 23 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 24 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 25 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 26 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 27 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][10 pkts/580 bytes] - 28 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 29 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes] - 30 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes] - 31 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes] + 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br] + 2 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 3 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 4 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com] + 5 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 6 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 7 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 8 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 9 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 10 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 11 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 12 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 13 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 14 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 15 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 16 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 17 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 18 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 19 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 20 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 22 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 23 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 24 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 25 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 26 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 27 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 28 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 29 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 30 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 31 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 7656d8080..2122cff4a 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -6,38 +6,38 @@ Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 - 1 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] - 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] - 3 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] - 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] - 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] - 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] - 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] - 9 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] - 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] - 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] - 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] - 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] - 16 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] - 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] - 20 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] - 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] - 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] - 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] - 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][client: igcdn-photos-h-a.akamaihd.net] - 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][25 pkts/23525 bytes] - 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] - 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] - 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][client: igcdn-photos-g-a.akamaihd.net] - 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com] - 31 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] + 1 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net] + 3 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes -> 0 pkts/0 bytes][Host: photos-b.ak.instagram.com] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 6 pkts/4118 bytes] + 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 5 pkts/4020 bytes] + 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][25 pkts/37100 bytes <-> 24 pkts/1584 bytes] + 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com] + 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][14 pkts/924 bytes <-> 20 pkts/28115 bytes] + 9 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com] + 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net] + 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] + 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com] + 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com] + 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][client: telegraph-ash.instagram.com] + 16 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][34 pkts/5555 bytes <-> 34 pkts/40133 bytes] + 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][6 pkts/4699 bytes <-> 6 pkts/1345 bytes] + 20 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes -> 0 pkts/0 bytes] + 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] + 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net] + 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net] + 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net] + 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][16 pkts/22931 bytes <-> 9 pkts/594 bytes] + 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com] + 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes] + 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net] + 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com] + 31 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] Undetected flows: - 1 UDP 192.168.0.1:520 -> 192.168.0.255:520 [proto: 0/Unknown][1 pkts/66 bytes] + 1 UDP 192.168.0.1:520 -> 192.168.0.255:520 [proto: 0/Unknown][1 pkts/66 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 4773e4504..616f59fb2 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -8,41 +8,41 @@ HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 - 1 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] - 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] - 4 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes] - 5 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes] - 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] - 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] - 8 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] - 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 10 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] - 11 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 12 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 13 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] - 14 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] - 15 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 16 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 17 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 18 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] - 21 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 22 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] - 23 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] - 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 26 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] - 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] - 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] - 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] - 32 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] - 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] - 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] - 37 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] - 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] + 1 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] + 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/78 bytes <-> 1 pkts/166 bytes][Host: katalk.kakao.com] + 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] + 4 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes -> 0 pkts/0 bytes] + 5 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes -> 0 pkts/0 bytes] + 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/85 bytes <-> 1 pkts/144 bytes][Host: developers.facebook.com] + 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] + 8 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes -> 0 pkts/0 bytes] + 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][17 pkts/2231 bytes <-> 9 pkts/1695 bytes] + 10 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com] + 11 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com] + 12 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] + 13 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com] + 14 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com] + 15 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com] + 16 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com] + 17 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com] + 18 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] + 19 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] + 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com] + 21 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] + 22 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][server: *.facebook.com] + 23 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][server: *.facebook.com] + 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][9 pkts/1737 bytes <-> 9 pkts/672 bytes] + 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com] + 26 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] + 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][1 pkts/87 bytes <-> 1 pkts/130 bytes][Host: 2.97.252.173.in-addr.arpa] + 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/80 bytes <-> 1 pkts/138 bytes][Host: graph.facebook.com] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][7 pkts/392 bytes <-> 7 pkts/392 bytes] + 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com] + 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][2 pkts/112 bytes <-> 3 pkts/168 bytes] + 32 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] + 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] + 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com] + 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com] + 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com] + 37 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com] + 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][2 pkts/139 bytes <-> 2 pkts/112 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index c50e8821b..61611d734 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -10,23 +10,23 @@ Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 WeChat 15 1727 1 - 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][5 pkts/280 bytes] - 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] - 3 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes] - 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 5 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] - 6 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] - 7 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] - 8 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] - 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 11 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] - 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][40 pkts/10538 bytes] - 13 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] - 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] - 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][1488 pkts/198510 bytes] - 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] - 18 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][1503 pkts/200241 bytes] - 19 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes] + 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes] + 3 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] + 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][6 pkts/543 bytes <-> 5 pkts/945 bytes] + 5 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/79 bytes <-> 1 pkts/118 bytes][Host: mqtt.facebook.com] + 6 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes -> 0 pkts/0 bytes] + 7 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][15 pkts/2932 bytes <-> 14 pkts/1092 bytes] + 8 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes -> 0 pkts/0 bytes] + 9 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][23 pkts/4380 bytes <-> 22 pkts/5728 bytes] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][3 pkts/1044 bytes <-> 2 pkts/154 bytes] + 11 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] + 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][22 pkts/5326 bytes <-> 18 pkts/5212 bytes] + 13 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] + 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] + 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][746 pkts/93906 bytes <-> 742 pkts/104604 bytes] + 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] + 18 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][757 pkts/106335 bytes <-> 746 pkts/93906 bytes] + 19 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] + 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/NTPv2.pcap.out b/tests/result/NTPv2.pcap.out index f056be127..aa06c06ad 100644 --- a/tests/result/NTPv2.pcap.out +++ b/tests/result/NTPv2.pcap.out @@ -1,3 +1,3 @@ NTP 1 410 1 - 1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][1 pkts/410 bytes] + 1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][1 pkts/410 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/NTPv3.pcap.out b/tests/result/NTPv3.pcap.out index e75e80d0a..13c38b183 100644 --- a/tests/result/NTPv3.pcap.out +++ b/tests/result/NTPv3.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/NTPv4.pcap.out b/tests/result/NTPv4.pcap.out index 32e9c5f96..884355b99 100644 --- a/tests/result/NTPv4.pcap.out +++ b/tests/result/NTPv4.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index 1f9e194a9..4aad6d5cc 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -1,3 +1,3 @@ Oscar 71 9386 1 - 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][71 pkts/9386 bytes] + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][38 pkts/3580 bytes <-> 33 pkts/5806 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 3c3340283..11b958080 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -10,44 +10,44 @@ Google 50 4084 5 Viber 4163 392492 4 Amazon 1 66 1 - 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] - 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][9 pkts/692 bytes] - 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][5 pkts/412 bytes] - 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][23 pkts/3345 bytes] - 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 8 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] - 9 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 10 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] - 12 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] - 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] - 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 15 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 19 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] - 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] - 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] - 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] - 25 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] - 27 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 28 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4143 pkts/390781 bytes] - 29 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 30 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] - 31 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] + 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/389 bytes <-> 5 pkts/368 bytes] + 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/428 bytes <-> 4 pkts/264 bytes] + 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][2 pkts/157 bytes <-> 3 pkts/255 bytes] + 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][14 pkts/1058 bytes <-> 9 pkts/2287 bytes] + 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 8 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes -> 0 pkts/0 bytes] + 9 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 10 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][3 pkts/250 bytes <-> 3 pkts/349 bytes] + 12 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][15 pkts/1329 bytes <-> 9 pkts/750 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][4 pkts/254 bytes <-> 3 pkts/182 bytes] + 15 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 19 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] + 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][2 pkts/195 bytes <-> 3 pkts/229 bytes] + 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][21 pkts/2257 bytes <-> 13 pkts/1884 bytes] + 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][11 pkts/1043 bytes <-> 4 pkts/441 bytes][client: e.crashlytics.com] + 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][7 pkts/689 bytes <-> 5 pkts/472 bytes] + 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][15 pkts/1318 bytes <-> 6 pkts/573 bytes][client: mail.google.com] + 25 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][12 pkts/1116 bytes <-> 12 pkts/1732 bytes] + 27 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 28 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][2835 pkts/280455 bytes <-> 1308 pkts/110326 bytes] + 29 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 30 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][12 pkts/1116 bytes <-> 4 pkts/303 bytes][client: settings.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] + 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index 27b64d3d0..cccaab9df 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -1,5 +1,5 @@ AMQP 160 23514 3 - 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][108 pkts/14423 bytes] - 2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][22 pkts/5026 bytes] - 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][30 pkts/4065 bytes] + 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][54 pkts/10859 bytes <-> 54 pkts/3564 bytes] + 2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][13 pkts/4327 bytes <-> 9 pkts/699 bytes] + 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][15 pkts/3075 bytes <-> 15 pkts/990 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 32cab76d7..99ffd9a8b 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -1,26 +1,26 @@ BitTorrent 299 305728 24 - 1 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 2 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 4 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][4 pkts/1401 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][5 pkts/1281 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 7 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][5 pkts/1213 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 8 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][5 pkts/1212 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 9 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 10 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 11 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][8 pkts/1558 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 12 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][5 pkts/1378 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 13 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 14 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][4 pkts/614 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][7 pkts/1550 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 16 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][4 pkts/612 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 18 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][6 pkts/1261 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][210 pkts/285139 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][3 pkts/930 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 22 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][2 pkts/758 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 23 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][5 pkts/1201 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 24 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][5 pkts/1226 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 1 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 2 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][3 pkts/409 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 4 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][2 pkts/583 bytes <-> 2 pkts/818 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][3 pkts/510 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 7 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][3 pkts/442 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 8 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][3 pkts/440 bytes <-> 2 pkts/772 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 9 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 10 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 11 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][4 pkts/583 bytes <-> 4 pkts/975 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 12 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][3 pkts/582 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 13 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 14 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][4 pkts/640 bytes <-> 3 pkts/910 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 16 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 18 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][3 pkts/410 bytes <-> 3 pkts/851 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 22 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 23 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/430 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 24 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/bittorrent_ip.pcap.out b/tests/result/bittorrent_ip.pcap.out index 93ae22bff..ab6280fb7 100644 --- a/tests/result/bittorrent_ip.pcap.out +++ b/tests/result/bittorrent_ip.pcap.out @@ -1,4 +1,4 @@ BitTorrent 479 508018 2 - 1 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][48 pkts/37932 bytes] - 2 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][431 pkts/470086 bytes] + 1 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][25 pkts/36414 bytes <-> 23 pkts/1518 bytes] + 2 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][305 pkts/461770 bytes <-> 126 pkts/8316 bytes] diff --git a/tests/result/bittorrent_utp.pcap.out b/tests/result/bittorrent_utp.pcap.out index 2b64008b0..7816e5b8d 100644 --- a/tests/result/bittorrent_utp.pcap.out +++ b/tests/result/bittorrent_utp.pcap.out @@ -1,3 +1,3 @@ BitTorrent 86 41489 1 - 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][86 pkts/41489 bytes] + 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][47 pkts/36653 bytes <-> 39 pkts/4836 bytes] diff --git a/tests/result/bt_search.pcap.out b/tests/result/bt_search.pcap.out index 9671edf0d..2ea84befd 100644 --- a/tests/result/bt_search.pcap.out +++ b/tests/result/bt_search.pcap.out @@ -1,3 +1,3 @@ BitTorrent 2 322 1 - 1 UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][2 pkts/322 bytes] + 1 UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][2 pkts/322 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index c17023521..b95d26565 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -2,19 +2,19 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 7695 668291 4 - 1 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 2 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes] - 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] - 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] - 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][1926 pkts/167126 bytes] - 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/404 bytes] - 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][6 pkts/467 bytes] - 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes] - 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] - 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] - 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][1922 pkts/166928 bytes] - 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][1928 pkts/167509 bytes] - 15 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][1919 pkts/166728 bytes] - 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/309 bytes] + 1 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 2 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][918 pkts/76692 bytes <-> 1008 pkts/90434 bytes] + 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/147 bytes <-> 2 pkts/257 bytes] + 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][3 pkts/262 bytes <-> 3 pkts/205 bytes] + 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][921 pkts/76872 bytes <-> 1001 pkts/90056 bytes] + 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][924 pkts/77180 bytes <-> 1004 pkts/90329 bytes] + 15 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][1005 pkts/90274 bytes <-> 914 pkts/76454 bytes] + 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/158 bytes <-> 2 pkts/151 bytes] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index 618d7ef28..4ff120315 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -1,6 +1,6 @@ DNScrypt 111 44676 4 - 1 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] - 2 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] - 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] - 4 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] + 1 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] + 2 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][client: simplednscrypt.org] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] + 4 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][client: simplednscrypt.org] diff --git a/tests/result/drda_db2.pcap.out b/tests/result/drda_db2.pcap.out index ee222fcd6..8cbcdaebd 100644 --- a/tests/result/drda_db2.pcap.out +++ b/tests/result/drda_db2.pcap.out @@ -1,3 +1,3 @@ DRDA 38 6691 1 - 1 TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][38 pkts/6691 bytes] + 1 TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][20 pkts/3169 bytes <-> 18 pkts/3522 bytes] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index ebbc87f26..81353f45f 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -2,42 +2,42 @@ MDNS 16 1648 1 SSDP 140 61108 22 Dropbox 1104 246122 16 - 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/744 bytes][Host: notify.dropbox.com] - 2 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][34 pkts/18026 bytes][client: client.dropbox.com] - 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][8 pkts/1390 bytes][Host: log.getdropbox.com] - 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][22 pkts/11392 bytes][client: notify.dropbox.com] - 6 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/792 bytes][Host: d.dropbox.com] - 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/822 bytes][Host: client.dropbox.com] - 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] - 9 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] - 10 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 11 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 12 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 13 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 14 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 15 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 16 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 17 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 18 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/774 bytes][Host: client-cf.dropbox.com] - 19 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 20 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes] - 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] - 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] - 23 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] - 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] - 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][20 pkts/3928 bytes][Host: log.getdropbox.com] - 26 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 27 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 28 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 29 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 30 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 31 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 32 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 33 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] - 34 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 35 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 36 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 37 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes] - 38 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][54 pkts/27432 bytes][client: d.dropbox.com] + 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com] + 2 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com] + 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] + 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com] + 6 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] + 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] + 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 9 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 10 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com] + 19 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 23 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes -> 0 pkts/0 bytes] + 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com] + 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] + 26 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 36 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][28 pkts/12486 bytes <-> 26 pkts/14946 bytes][client: d.dropbox.com] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index a8a362735..231b9d4c4 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -1,4 +1,4 @@ Facebook 60 30511 2 - 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][19 pkts/5745 bytes][client: facebook.com] - 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][41 pkts/24766 bytes][client: www.facebook.com] + 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com] + 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][client: www.facebook.com] diff --git a/tests/result/git.pcap.out b/tests/result/git.pcap.out index 77e226d41..be4da7c08 100644 --- a/tests/result/git.pcap.out +++ b/tests/result/git.pcap.out @@ -1,3 +1,3 @@ Git 90 74005 1 - 1 TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][90 pkts/74005 bytes] + 1 TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][41 pkts/3319 bytes <-> 49 pkts/70686 bytes] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 515659d48..627a88e74 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -1,3 +1,3 @@ Google 28 9108 1 - 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] + 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/SSL.Google][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][server: www.google.com] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index aa75559c8..57f91ab62 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ GoogleHangout 19 2774 1 - 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][19 pkts/2774 bytes] + 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][19 pkts/2774 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 3150266e3..4c3856606 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -4,18 +4,18 @@ Google 62 15977 1 QUIC 3 502 1 ntop 80 36401 4 - 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] - 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][2 pkts/172 bytes] - 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][14 pkts/2213 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] - 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][2 pkts/172 bytes] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][2 pkts/172 bytes] - 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] - 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][2 pkts/172 bytes] - 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] - 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][3 pkts/502 bytes] + 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] + 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com] + 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] + 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][2 pkts/359 bytes <-> 1 pkts/143 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 57c8325b0..7e8dbf91c 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.229/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.229/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/mpegts.pcap.out b/tests/result/mpegts.pcap.out index 1bdb391eb..f5c664aa8 100644 --- a/tests/result/mpegts.pcap.out +++ b/tests/result/mpegts.pcap.out @@ -1,3 +1,3 @@ MPEG_TS 1 1362 1 - 1 UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] + 1 UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/msnms.pcap.out b/tests/result/msnms.pcap.out index aed849db7..6cb0cd5fa 100644 --- a/tests/result/msnms.pcap.out +++ b/tests/result/msnms.pcap.out @@ -1,8 +1,8 @@ MSN 364 56503 6 - 1 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes] - 2 TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][91 pkts/16723 bytes] - 3 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][16 pkts/2900 bytes] - 4 TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][96 pkts/8851 bytes] - 5 TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][65 pkts/11416 bytes] - 6 TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][83 pkts/14411 bytes] + 1 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes -> 0 pkts/0 bytes] + 2 TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][43 pkts/7166 bytes <-> 48 pkts/9557 bytes] + 3 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][2 pkts/163 bytes <-> 14 pkts/2737 bytes] + 4 TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][41 pkts/2425 bytes <-> 55 pkts/6426 bytes] + 5 TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][46 pkts/7655 bytes <-> 19 pkts/3761 bytes] + 6 TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][43 pkts/7062 bytes <-> 40 pkts/7349 bytes] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index bbed0e9b6..01e00c815 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,14 +1,14 @@ MsSQL-TDS 38 16260 12 - 1 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] - 2 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] - 3 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] - 4 TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] - 5 TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] - 6 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] - 7 TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] - 8 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] - 9 TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] - 10 TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] - 11 TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] - 12 TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] + 1 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/98 bytes <-> 1 pkts/71 bytes] + 2 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes -> 0 pkts/0 bytes] + 3 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes -> 0 pkts/0 bytes] + 4 TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes -> 0 pkts/0 bytes] + 5 TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes -> 0 pkts/0 bytes] + 6 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/614 bytes <-> 2 pkts/524 bytes] + 7 TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes -> 0 pkts/0 bytes] + 8 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][10 pkts/1552 bytes <-> 7 pkts/1521 bytes] + 9 TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes -> 0 pkts/0 bytes] + 10 TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes -> 0 pkts/0 bytes] + 11 TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes -> 0 pkts/0 bytes] + 12 TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 28b19becf..03983bcb4 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -4,64 +4,64 @@ IGMP 1 60 1 NetFlix 6976 6151821 56 Amazon 2 126 1 - 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][126 pkts/128603 bytes][Host: art-2.nflximg.net] - 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][637 pkts/745904 bytes][Host: tp.akam.nflximg.com] - 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/34971 bytes][Host: art-1.nflximg.net] - 4 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] - 5 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] - 6 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] - 7 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] - 8 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] - 9 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] - 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][53 pkts/45005 bytes] - 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][55 pkts/47007 bytes] - 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][49 pkts/32105 bytes] - 13 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][53 pkts/30613 bytes] - 14 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][1307 pkts/1242780 bytes][Host: 23.246.3.140] - 15 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/29233 bytes] - 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][60 pkts/40140 bytes] - 17 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25252 bytes] - 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][1872 pkts/1858337 bytes][Host: 23.246.11.141] - 19 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] - 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][27 pkts/16505 bytes][Host: api-global.netflix.com] - 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][148 pkts/73954 bytes][client: api-global.netflix.com] - 22 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] - 23 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] - 24 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] - 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][31 pkts/10934 bytes][client: ios.nccp.netflix.com] - 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][22 pkts/10239 bytes][client: ios.nccp.netflix.com] - 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] - 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][37 pkts/9285 bytes][client: ichnaea.netflix.com] - 29 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] - 30 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] - 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][63 pkts/47005 bytes][Host: art-2.nflximg.net] - 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][21 pkts/13259 bytes][Host: art-2.nflximg.net] - 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/42239 bytes][Host: art-1.nflximg.net] - 34 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] - 35 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] - 36 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] - 37 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] - 38 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] - 39 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] - 40 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] - 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][58 pkts/47176 bytes] - 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][50 pkts/25032 bytes] - 43 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] - 44 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25348 bytes] - 45 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][57 pkts/28485 bytes] - 46 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][52 pkts/28063 bytes] - 47 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/28320 bytes] - 48 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] - 49 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] - 50 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] - 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][28 pkts/6662 bytes][client: api-global.netflix.com] - 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][20 pkts/3017 bytes][client: api-global.netflix.com] - 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][40 pkts/13487 bytes][client: api-global.netflix.com] - 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][25 pkts/8201 bytes][client: api-global.netflix.com] - 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][41 pkts/33170 bytes][Host: appboot.netflix.com] - 56 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] - 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][25 pkts/8228 bytes][client: ios.nccp.netflix.com] - 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][34 pkts/12728 bytes][client: ichnaea.netflix.com] - 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][31 pkts/14720 bytes][client: ios.nccp.netflix.com] - 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][38 pkts/18536 bytes][client: ios.nccp.netflix.com] - 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][230 pkts/209948 bytes][client: art-s.nflximg.net] + 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net] + 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com] + 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net] + 4 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] + 5 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] + 6 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] + 7 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com] + 8 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/81 bytes <-> 1 pkts/113 bytes][Host: a1907.dscg.akamai.net] + 9 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/85 bytes <-> 1 pkts/137 bytes][Host: sha2.san.akam.nflximg.net] + 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][21 pkts/1826 bytes <-> 32 pkts/43179 bytes] + 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][21 pkts/1868 bytes <-> 34 pkts/45139 bytes] + 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][24 pkts/2041 bytes <-> 25 pkts/30064 bytes] + 13 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2571 bytes <-> 22 pkts/28042 bytes] + 14 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140] + 15 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][32 pkts/2572 bytes <-> 23 pkts/26661 bytes] + 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2596 bytes <-> 29 pkts/37544 bytes] + 17 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][34 pkts/2879 bytes <-> 20 pkts/22373 bytes] + 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141] + 19 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com] + 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com] + 22 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com] + 23 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com] + 24 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com] + 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com] + 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com] + 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][client: api-global.netflix.com] + 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com] + 29 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com] + 30 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com] + 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net] + 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net] + 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net] + 34 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] + 35 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/80 bytes <-> 1 pkts/112 bytes][Host: a803.dscg.akamai.net] + 36 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/96 bytes <-> 1 pkts/224 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] + 37 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/79 bytes <-> 1 pkts/192 bytes][Host: appboot.netflix.com] + 38 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/84 bytes <-> 1 pkts/148 bytes][Host: artwork.akam.nflximg.net] + 39 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/83 bytes <-> 1 pkts/248 bytes][Host: ichnaea.geo.netflix.com] + 40 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes -> 0 pkts/0 bytes] + 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][24 pkts/2040 bytes <-> 34 pkts/45136 bytes] + 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][30 pkts/2610 bytes <-> 20 pkts/22422 bytes] + 43 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133] + 44 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][35 pkts/2920 bytes <-> 19 pkts/22428 bytes] + 45 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][36 pkts/3030 bytes <-> 21 pkts/25455 bytes] + 46 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][30 pkts/2553 bytes <-> 22 pkts/25510 bytes] + 47 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][34 pkts/2864 bytes <-> 21 pkts/25456 bytes] + 48 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][33 pkts/2732 bytes <-> 25 pkts/30064 bytes] + 49 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141] + 50 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes -> 0 pkts/0 bytes] + 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com] + 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com] + 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com] + 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][client: api-global.netflix.com] + 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com] + 56 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com] + 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com] + 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com] + 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com] + 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com] + 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 16039bed8..6281738ec 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -5,26 +5,26 @@ SSL 20 2715 1 Google 41 5525 6 OCS 863 57552 7 - 1 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] - 2 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] - 3 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] - 4 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] - 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] - 7 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] - 8 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] - 9 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] - 10 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] - 11 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] - 12 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][client: ocs.labgency.ws] - 13 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com] - 14 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] - 15 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] - 16 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] - 17 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][client: mtalk.google.com] - 18 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes] - 19 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] + 1 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] + 2 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] + 3 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] + 5 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] + 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] + 7 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 9 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] + 10 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com] + 11 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] + 12 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] + 13 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 14 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] + 15 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] + 16 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] + 17 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] + 18 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes -> 0 pkts/0 bytes] + 19 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] Undetected flows: - 1 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes] + 1 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 8064e5dfb..2d7c07ea9 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -1,4 +1,4 @@ Ookla 5086 4689745 2 - 1 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][20 pkts/4320 bytes] - 2 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][5066 pkts/4685425 bytes] + 1 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][12 pkts/2238 bytes <-> 8 pkts/2082 bytes] + 2 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 81d959dc1..9234d3845 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -1,5 +1,5 @@ OpenVPN 298 57111 3 - 1 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][83 pkts/13559 bytes] - 2 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][120 pkts/28172 bytes] - 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][95 pkts/15380 bytes] + 1 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][49 pkts/7860 bytes <-> 34 pkts/5699 bytes] + 2 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][62 pkts/11508 bytes <-> 58 pkts/16664 bytes] + 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][44 pkts/7514 bytes <-> 51 pkts/7866 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index dc905e67f..bee502be8 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,113 +5,113 @@ Google 2 1093 1 UPnP 1 130 1 iQIYI 1490 1845116 56 - 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes] - 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] - 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] - 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] - 5 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes] - 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/713 bytes][Host: api.magicansoft.com] - 7 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes] - 8 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1294 bytes][Host: msg.iqiyi.com] - 9 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] - 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes] - 11 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: msg.iqiyi.com] - 12 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][2 pkts/1093 bytes][Host: clients1.google.com] - 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] - 16 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] - 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2346 bytes][Host: meta.video.qiyi.com] - 18 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/618 bytes][Host: static.qiyi.com] - 19 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1330 bytes][Host: 223.26.106.66] - 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][2 pkts/691 bytes][Host: static.qiyi.com] - 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/724 bytes][Host: static.qiyi.com] - 22 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][529 pkts/692961 bytes][Host: preimage1.qiyipic.com] - 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][542 pkts/710385 bytes][Host: preimage1.qiyipic.com] - 24 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes] - 25 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes] - 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1128 bytes][Host: s1.symcb.com] - 27 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] - 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/463 bytes][Host: msg.video.qiyi.com] - 29 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] - 30 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes] - 31 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][5 pkts/4553 bytes][Host: cache.video.iqiyi.com] - 32 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] - 33 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][3 pkts/720 bytes][Host: iplocation.geo.qiyi.com] - 34 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1296 bytes][Host: msg.iqiyi.com] - 35 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1380 bytes][Host: msg.iqiyi.com] - 36 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1632 bytes][Host: msg.iqiyi.com] - 37 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/683 bytes][Host: pdata.video.qiyi.com] - 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1451 bytes][Host: click.hm.baidu.com] - 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] - 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] - 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] - 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes] - 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] - 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] - 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][4 pkts/2296 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1143 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/813 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/616 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/882 bytes][Host: msg.71.am] - 51 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1140 bytes][Host: msg.71.am] - 52 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] - 53 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] - 54 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][6 pkts/3441 bytes][Host: msg.71.am] - 55 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2092 bytes][Host: msg.71.am] - 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1145 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1118 bytes][Host: msg.71.am] - 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][27 pkts/34298 bytes][Host: 223.26.106.66] - 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][246 pkts/320033 bytes][Host: static.qiyi.com] - 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1275 bytes][Host: static.qiyi.com] - 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][8 pkts/2912 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes][Host: preimage1.qiyipic.com] - 63 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes] - 64 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][2 pkts/893 bytes][Host: msg.video.qiyi.com] - 65 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] - 66 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] - 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] - 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][5 pkts/3309 bytes] - 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] - 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] - 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/895 bytes][Host: api.cupid.iqiyi.com] - 72 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] - 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/588 bytes][Host: msg.iqiyi.com] + 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes -> 0 pkts/0 bytes] + 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] + 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 5 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 7 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 9 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 12 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 13 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] + 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 16 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes -> 0 pkts/0 bytes] + 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] + 18 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] + 19 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] + 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] + 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] + 22 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] + 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] + 24 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 27 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 29 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] + 32 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 33 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] + 34 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] + 35 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 36 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 37 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes -> 0 pkts/0 bytes] + 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] + 46 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 51 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 52 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 53 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 54 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] + 55 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66] + 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com] + 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] + 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] + 62 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] + 63 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes -> 0 pkts/0 bytes] + 64 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 65 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes -> 0 pkts/0 bytes] + 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] + 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] + 72 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] + 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] Undetected flows: - 1 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes] - 2 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes] - 3 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][3 pkts/257 bytes] - 4 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][40 pkts/12412 bytes] - 5 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes] - 6 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes] - 7 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes] - 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][5 pkts/3481 bytes] - 9 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes] - 10 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes] - 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes] - 12 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes] - 13 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes] - 14 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes] - 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes] - 16 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes] - 17 UDP 192.168.115.8:22793 <-> 114.42.0.158:7716 [proto: 0/Unknown][338 pkts/138754 bytes] - 18 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes] - 19 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][45 pkts/14863 bytes] - 20 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes] - 21 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes] - 22 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes] - 23 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes] - 24 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes] - 25 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][400 pkts/165246 bytes] - 26 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes] - 27 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes] - 28 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes] - 29 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes] - 30 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][101 pkts/38819 bytes] - 31 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes] - 32 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes] - 33 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes] - 34 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes] + 1 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 3 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] + 4 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] + 5 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] + 9 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 <-> 114.42.0.158:7716 [proto: 0/Unknown][229 pkts/18091 bytes <-> 109 pkts/120663 bytes] + 18 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] + 20 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][130 pkts/143912 bytes <-> 270 pkts/21334 bytes] + 26 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] + 31 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 7d37adadf..011be0b35 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -4,16 +4,16 @@ YouTube 85 76193 5 Google 11 10063 2 QUIC 3 364 1 - 1 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][3 pkts/2863 bytes][Host: i.ytimg.com] - 2 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][2 pkts/2784 bytes][Host: yt3.ggpht.com] - 3 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][413 pkts/254874 bytes][Host: mail.google.com] - 4 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][3 pkts/364 bytes] - 5 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][5 pkts/4334 bytes][Host: www.google.com] - 6 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][7 pkts/6545 bytes][Host: www.youtube.com] - 7 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][69 pkts/58433 bytes][Host: www.youtube.com] - 8 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][6 pkts/5729 bytes][Host: fonts.gstatic.com] - 9 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][4 pkts/5568 bytes][Host: s.ytimg.com] + 1 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Host: i.ytimg.com] + 2 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Host: yt3.ggpht.com] + 3 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Host: mail.google.com] + 4 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][2 pkts/241 bytes <-> 1 pkts/123 bytes] + 5 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Host: www.google.com] + 6 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Host: www.youtube.com] + 7 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Host: www.youtube.com] + 8 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Host: fonts.gstatic.com] + 9 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Host: s.ytimg.com] Undetected flows: - 1 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes] + 1 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index d54b359fc..71aca873f 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -4,24 +4,24 @@ Amazon 2 1469 1 QuickPlay 133 96179 11 WeChat 12 4781 5 - 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] - 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] - 3 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] - 4 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] - 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] - 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] - 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] - 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] - 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] - 14 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] - 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] - 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] - 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] - 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] + 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com] + 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com] + 3 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com] + 4 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com] + 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com] + 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com] + 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com] + 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] + 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] + 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com] + 13 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com] + 14 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com] + 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com] + 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com] + 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com] + 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] + 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index 42f9ebf1a..78c605549 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -1,7 +1,7 @@ RX 132 26475 5 - 1 UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][3 pkts/519 bytes] - 2 UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][3 pkts/519 bytes] - 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][27 pkts/9919 bytes] - 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][79 pkts/12376 bytes] - 5 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][20 pkts/3142 bytes] + 1 UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][2 pkts/441 bytes <-> 1 pkts/78 bytes] + 2 UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][2 pkts/441 bytes <-> 1 pkts/78 bytes] + 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][18 pkts/1833 bytes <-> 9 pkts/8086 bytes] + 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][48 pkts/6808 bytes <-> 31 pkts/5568 bytes] + 5 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][10 pkts/2085 bytes <-> 10 pkts/1057 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index ee2d81a69..5e5052e66 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 349 43621 14 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,305 +7,305 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1973 302309 247 +Skype 1941 297337 246 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 - 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1402 bytes] - 2 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes] - 3 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes] - 4 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes] - 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes] - 6 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes] - 7 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 8 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes] - 9 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes] - 10 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes] - 11 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes] - 12 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes] - 13 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes] - 14 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes] - 15 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes] - 16 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes] - 17 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes] - 18 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes] - 19 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes] - 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][20 pkts/5160 bytes] - 22 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 23 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1152 bytes] - 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][19 pkts/1510 bytes] - 26 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes] - 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][14 pkts/1108 bytes] - 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][15 pkts/1262 bytes] - 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][15 pkts/1345 bytes] - 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][15 pkts/1265 bytes] - 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][15 pkts/1484 bytes] - 32 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1534 bytes] - 33 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][15 pkts/1306 bytes] - 34 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][15 pkts/1324 bytes] - 35 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes] - 36 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes] - 37 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes] - 38 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 39 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes] - 40 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes] - 41 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes] - 42 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes] - 43 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes] - 44 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes] - 45 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes] - 46 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes] - 47 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes] - 48 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes] - 49 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes] - 50 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes] - 51 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes] - 52 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes] - 53 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes] - 54 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes] - 55 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes] - 56 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes] - 57 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes] - 58 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes] - 59 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes] - 60 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes] - 61 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes] - 62 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes] - 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][14 pkts/1132 bytes] - 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] - 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] - 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 74 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes] - 75 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes] - 76 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes] - 77 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes] - 78 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes] - 79 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] - 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] - 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 83 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] - 89 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] - 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] - 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes] - 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][client: p05-keyvalueservice.icloud.com] - 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][client: apps.skypeassets.com] - 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][client: apps.skype.com] - 95 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes] - 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] - 97 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] - 98 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] - 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] - 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] - 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] - 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] - 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] - 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] - 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] - 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] - 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] - 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 109 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 110 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 111 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 112 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 113 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 114 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 115 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 116 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 117 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 118 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 119 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 120 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 121 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 123 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 124 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 125 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] - 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] - 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] - 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 136 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 137 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 138 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 140 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 141 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] - 155 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 157 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 158 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 159 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 168 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 169 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 170 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 174 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 175 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 176 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 195 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 196 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 197 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 198 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 199 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 200 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 201 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 202 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 203 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 206 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 209 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 211 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 212 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 213 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 214 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 215 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 216 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 217 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 218 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 219 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 221 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 222 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 223 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 225 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 226 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 227 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 228 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 229 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 230 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 231 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 235 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes] - 236 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 238 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 239 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 246 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 247 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 248 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 249 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 251 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 252 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 253 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 254 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 255 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 256 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 257 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 259 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 260 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 268 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 269 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 274 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 279 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] + 2 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] + 22 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] + 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] + 26 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] + 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] + 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] + 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] + 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] + 32 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] + 33 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 34 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] + 35 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 36 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 40 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 41 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 42 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 45 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 47 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 49 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 50 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 52 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 53 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 55 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 56 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 57 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 58 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 59 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 60 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] + 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 65 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 66 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] + 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 69 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 70 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 72 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 73 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 74 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 75 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 76 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 77 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 79 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] + 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 83 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 84 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 86 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 87 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] + 89 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] + 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] + 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] + 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] + 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] + 95 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 97 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] + 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] + 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] + 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] + 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] + 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] + 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] + 109 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] + 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] + 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 154 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 166 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] + 167 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 168 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 197 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 208 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 213 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 234 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] + 235 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 236 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 237 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 244 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 245 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 246 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 253 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][31 pkts/4688 bytes] - 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][43 pkts/5754 bytes] - 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][16 pkts/2600 bytes] - 4 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 5 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] - 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] - 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 12 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 13 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] + 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] + 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] + 4 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] + 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] + 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] + 13 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] + 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 001ea0bb5..302fe5cae 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -11,273 +11,273 @@ Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 - 1 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes] - 2 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1490 bytes] - 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes] - 4 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes] - 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes] - 6 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes] - 7 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes] - 8 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes] - 9 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes] - 10 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes] - 11 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes] - 12 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes] - 13 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes] - 14 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 15 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 16 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/423 bytes] - 17 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/479 bytes] - 18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/1369 bytes] - 19 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes] - 20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][14 pkts/1134 bytes] - 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][17 pkts/1712 bytes] - 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1428 bytes] - 23 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][15 pkts/1514 bytes] - 24 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][15 pkts/1415 bytes] - 25 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][15 pkts/1520 bytes] - 26 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes] - 27 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes] - 28 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes] - 29 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes] - 30 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes] - 31 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 32 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes] - 33 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes] - 34 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes] - 35 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes] - 36 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes] - 37 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes] - 38 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes] - 39 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes] - 40 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes] - 41 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes] - 42 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes] - 43 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes] - 44 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes] - 45 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes] - 46 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes] - 47 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes] - 48 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes] - 49 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes] - 50 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes] - 51 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes] - 52 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes] - 53 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes] - 54 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes] - 55 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes] - 56 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes] - 57 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 58 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1426 bytes] - 59 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][15 pkts/1197 bytes] - 60 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][16 pkts/1637 bytes] - 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes] - 63 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes] - 64 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes] - 65 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes] - 66 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes] - 67 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes] - 68 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes] - 69 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes] - 70 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 71 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 72 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 74 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 75 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 76 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] - 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes] - 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes] - 80 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes] - 81 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 82 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 83 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][8 pkts/1118 bytes] - 85 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes] - 86 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes] - 87 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes] - 88 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][16 pkts/1292 bytes] - 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][18 pkts/1454 bytes] - 90 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes] - 91 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][17 pkts/1329 bytes] - 92 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes] - 93 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][18 pkts/1426 bytes] - 94 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][17 pkts/1367 bytes] - 95 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][17 pkts/1426 bytes] - 96 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][13 pkts/1257 bytes] - 97 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][15 pkts/1533 bytes] - 98 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes] - 99 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes] - 100 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes] - 101 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes] - 102 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes] - 103 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes] - 104 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes] - 105 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes] - 106 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes] - 107 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes] - 108 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes] - 109 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes] - 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][6 pkts/377 bytes] - 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][10 pkts/599 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes] - 114 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes] - 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] - 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] - 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 212 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 213 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 222 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 1 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 2 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] + 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 16 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] + 17 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] + 18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] + 19 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] + 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] + 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] + 23 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] + 24 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 25 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] + 26 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 36 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 40 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 41 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 42 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 45 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 47 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 49 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 50 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 52 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 53 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 55 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 56 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 57 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 58 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] + 59 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] + 60 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] + 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] + 63 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 64 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 65 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 71 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 72 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 74 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 75 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 76 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] + 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] + 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] + 80 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 81 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 82 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 83 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 85 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 86 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 87 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 88 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] + 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] + 90 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] + 91 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] + 92 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] + 93 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] + 94 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] + 95 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] + 96 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 97 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] + 98 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 99 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 101 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 102 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 103 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 104 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 105 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 106 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 114 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes] + 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] + 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] + 118 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] + 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 137 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] + 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 146 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 179 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 183 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 185 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 188 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 189 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 191 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 201 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 202 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 203 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 206 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 207 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 208 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 209 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] + 211 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] + 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] + 220 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 221 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 222 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 225 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 227 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] + 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 229 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 230 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 233 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] Undetected flows: - 1 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][33 pkts/5097 bytes] - 2 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 0/Unknown][26 pkts/17499 bytes] - 3 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][20 pkts/6208 bytes] - 4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][18 pkts/1482 bytes] - 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] - 6 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] - 7 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 1 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][19 pkts/2794 bytes <-> 14 pkts/2303 bytes] + 2 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 0/Unknown][19 pkts/16968 bytes <-> 7 pkts/531 bytes] + 3 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][12 pkts/5655 bytes <-> 8 pkts/553 bytes] + 4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] + 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] + 6 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] + 7 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] + 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] + 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] + 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] + 13 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 14 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out index e7c0293d6..97af3fad7 100644 --- a/tests/result/smpp_in_general.pcap.out +++ b/tests/result/smpp_in_general.pcap.out @@ -1,3 +1,3 @@ SMPP 17 1144 1 - 1 TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][17 pkts/1144 bytes] + 1 TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][10 pkts/670 bytes <-> 7 pkts/474 bytes] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index c82660708..f0abbba84 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -1,6 +1,6 @@ SSL_No_Cert 22 2879 1 Snapchat 34 7320 2 - 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][client: feelinsonice-hrd.appspot.com] - 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][client: feelinsonice-hrd.appspot.com] - 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][22 pkts/2879 bytes] + 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][client: feelinsonice-hrd.appspot.com] + 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][client: feelinsonice-hrd.appspot.com] + 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][11 pkts/1910 bytes <-> 11 pkts/969 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index fc98a2b8e..237cdc40c 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -10,55 +10,55 @@ QUIC 6 475 1 Github 3 234 1 Starcraft 236 51494 6 - 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] - 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] - 3 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net] - 4 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] - 5 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] - 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][13 pkts/902 bytes] - 7 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes] - 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/336 bytes][Host: nydus.battle.net] - 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa] - 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa] - 11 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][3 pkts/168 bytes] - 12 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][4 pkts/228 bytes] - 13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][2 pkts/104 bytes] - 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][2 pkts/121 bytes] - 15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net] - 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] - 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] - 18 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 21 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 22 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] - 24 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] - 25 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] - 26 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net] - 27 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] - 28 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] - 29 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] - 30 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] - 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][179 pkts/134204 bytes][Host: llnw.blizzard.com] - 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] - 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] - 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] - 35 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa] - 36 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com] - 37 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com] - 38 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][3 pkts/234 bytes] - 39 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes] - 40 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes] - 41 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes] - 42 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes] - 43 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net] - 44 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] - 45 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] - 46 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] - 47 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 48 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 49 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 50 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 51 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] - 52 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][2 pkts/104 bytes] + 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net] + 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net] + 3 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net] + 4 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net] + 5 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net] + 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][6 pkts/376 bytes <-> 7 pkts/526 bytes] + 7 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net] + 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa] + 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa] + 11 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 12 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes] + 13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] + 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 18 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 20 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 21 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 22 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] + 24 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net] + 25 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] + 26 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net] + 27 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net] + 28 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 29 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 30 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com] + 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][3 pkts/243 bytes <-> 3 pkts/232 bytes] + 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net] + 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa] + 35 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa] + 36 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com] + 37 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com] + 38 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes] + 39 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][126 pkts/9157 bytes <-> 89 pkts/41021 bytes] + 41 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 42 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 43 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net] + 44 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 45 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 46 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 47 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 48 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 49 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 50 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 51 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com] + 52 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index d73d8c080..82128ae62 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -1,7 +1,7 @@ Teredo 24 2574 5 - 1 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][4 pkts/508 bytes] - 2 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] - 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][14 pkts/1304 bytes] - 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] - 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] + 1 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/206 bytes <-> 2 pkts/302 bytes] + 2 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][10 pkts/930 bytes <-> 4 pkts/374 bytes] + 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 8c7a7738b..4dd9a3974 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -4,14 +4,14 @@ DHCPV6 6 906 1 Dropbox 10 1860 1 Tor 3676 3014362 7 - 1 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] - 2 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][6 pkts/906 bytes] - 3 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][32 pkts/10431 bytes] - 4 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][34 pkts/11142 bytes] - 5 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][38 pkts/12520 bytes] - 6 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes] - 7 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] - 8 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][1576 pkts/1388792 bytes] - 9 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][1826 pkts/1513278 bytes] - 10 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][29 pkts/9661 bytes] - 11 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][141 pkts/68538 bytes] + 1 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes -> 0 pkts/0 bytes] + 2 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][6 pkts/906 bytes -> 0 pkts/0 bytes] + 3 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][16 pkts/3691 bytes <-> 16 pkts/6740 bytes] + 4 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][16 pkts/4858 bytes <-> 18 pkts/6284 bytes] + 5 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][17 pkts/5489 bytes <-> 21 pkts/7031 bytes] + 6 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes] + 9 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes] + 10 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][15 pkts/3634 bytes <-> 14 pkts/6027 bytes] + 11 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][62 pkts/22715 bytes <-> 79 pkts/45823 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out index bd404df92..c4103cdf1 100644 --- a/tests/result/ubntac2.pcap.out +++ b/tests/result/ubntac2.pcap.out @@ -1,10 +1,10 @@ UBNTAC2 8 1736 8 - 1 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 2 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 3 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 4 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 5 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 6 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 7 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 1 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 2 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 3 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 4 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 6 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 7 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index d87ac24bc..e761e520c 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -13,85 +13,85 @@ WhatsApp 31 6224 2 Viber 10081 1413446 4 Amazon 8 528 1 - 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] - 2 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] - 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] - 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] - 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] - 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] - 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] - 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] - 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 14 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] - 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 16 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] - 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 20 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 21 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 26 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 31 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 33 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 34 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] - 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 37 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] - 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] - 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] - 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] - 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] - 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 50 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] - 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] - 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 53 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes] - 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 61 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] - 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 63 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] - 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] - 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 68 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 69 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 71 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] + 2 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] + 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] + 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][1 pkts/75 bytes <-> 1 pkts/166 bytes][Host: mail.google.com] + 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] + 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/357 bytes] + 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/325 bytes] + 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 14 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 16 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes -> 0 pkts/0 bytes] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com] + 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 20 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes -> 0 pkts/0 bytes] + 22 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] + 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 26 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][4 pkts/328 bytes <-> 7 pkts/745 bytes] + 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes <-> 1 pkts/166 bytes][Host: s.jpush.cn] + 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/272 bytes][Host: e.crashlytics.com] + 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 31 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes -> 0 pkts/0 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][4 pkts/996 bytes <-> 4 pkts/996 bytes] + 33 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/141 bytes][Host: easytomessage.com] + 34 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][17 pkts/2087 bytes <-> 14 pkts/5520 bytes][client: googleads.g.doubleclick.net] + 37 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][5 pkts/520 bytes <-> 4 pkts/563 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 40 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/84 bytes <-> 1 pkts/282 bytes][Host: settings.crashlytics.com] + 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][2 pkts/498 bytes <-> 2 pkts/498 bytes] + 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/107 bytes <-> 1 pkts/139 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/334 bytes] + 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/120 bytes][Host: sis.jpush.io] + 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 50 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/136 bytes][Host: graph.facebook.com] + 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 53 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/87 bytes <-> 1 pkts/176 bytes][Host: googleads.g.doubleclick.net] + 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] + 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][22 pkts/3437 bytes <-> 14 pkts/2437 bytes] + 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][1 pkts/75 bytes <-> 1 pkts/203 bytes][Host: e9.whatsapp.net] + 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][12 pkts/2322 bytes <-> 10 pkts/6919 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][8 pkts/1187 bytes <-> 8 pkts/856 bytes] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][17 pkts/3286 bytes <-> 16 pkts/11246 bytes][client: mail.google.com] + 61 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/144 bytes <-> 2 pkts/192 bytes][Host: sis.jpush.io] + 63 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][13 pkts/1401 bytes <-> 16 pkts/4545 bytes] + 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] + 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4192 pkts/515224 bytes <-> 5865 pkts/895629 bytes] + 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 68 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 71 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes -> 0 pkts/0 bytes] + 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][15 pkts/2237 bytes <-> 11 pkts/7820 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] + 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index 03faca104..d469a61ac 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -1,4 +1,4 @@ VNC 4551 329158 2 - 1 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][1008 pkts/72613 bytes] - 2 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][3543 pkts/256545 bytes] + 1 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][684 pkts/54893 bytes <-> 324 pkts/17720 bytes] + 2 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index f73d020a8..76335c434 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -7,39 +7,39 @@ SSL 8 432 2 Waze 484 289335 19 WhatsApp 15 1341 1 - 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][15 pkts/1341 bytes] - 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][server: *.world.waze.com] - 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][server: *.world.waze.com] - 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][server: *.world.waze.com] - 5 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] - 6 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][4 pkts/228 bytes] - 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][server: *.waze.com] - 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][4 pkts/216 bytes] - 9 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] - 10 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] - 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][server: *.world.waze.com] - 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][server: *.world.waze.com] - 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][server: *.world.waze.com] - 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][server: *.world.waze.com] - 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][15 pkts/1365 bytes][Host: cres.waze.com] - 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1326 bytes][Host: cres.waze.com] - 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1286 bytes][Host: roadshields.waze.com] - 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com] - 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com] - 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com] - 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] - 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] - 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][4 pkts/216 bytes] - 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] - 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][server: *.waze.com] - 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes] - 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] - 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/216 bytes] - 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][4 pkts/216 bytes] - 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][server: *.world.waze.com] - 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][server: *.world.waze.com] - 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][17 pkts/4015 bytes][Host: roadshields.waze.com] + 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][8 pkts/673 bytes <-> 7 pkts/668 bytes] + 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][server: *.world.waze.com] + 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][server: *.world.waze.com] + 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][server: *.world.waze.com] + 5 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 6 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][server: *.waze.com] + 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 9 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 10 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com] + 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][server: *.world.waze.com] + 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][server: *.world.waze.com] + 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][server: *.world.waze.com] + 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] + 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] + 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net] + 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][7 pkts/1137 bytes <-> 6 pkts/1005 bytes] + 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][server: *.waze.com] + 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][server: *.waze.com] + 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][server: *.world.waze.com] + 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][server: *.world.waze.com] + 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com] Undetected flows: - 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][10 pkts/786 bytes] + 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][8 pkts/678 bytes <-> 2 pkts/108 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 82968fa21..7f5f06d7c 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -6,60 +6,60 @@ Google 17 6375 1 Webex 1380 818407 43 Amazon 3 174 1 - 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][513 pkts/344086 bytes][server: *.webex.com] - 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][5 pkts/353 bytes] - 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][16 pkts/7099 bytes][server: *.webex.com] - 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][8 pkts/639 bytes] - 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][8 pkts/639 bytes] - 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][50 pkts/10360 bytes][server: *.webex.com] - 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][3 pkts/182 bytes] - 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][server: *.webex.com] - 12 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][16 pkts/1171 bytes] - 13 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] - 14 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][3 pkts/174 bytes] - 15 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] - 18 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] - 19 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][server: *.webex.com] - 20 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 21 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][8 pkts/668 bytes] - 22 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][21 pkts/2530 bytes] - 23 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][20 pkts/2475 bytes] - 24 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][13 pkts/1733 bytes] - 25 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][client: radcom.webex.com] - 26 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][server: *.webex.com] - 28 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 29 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][server: *.webex.com] - 30 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][11 pkts/717 bytes] - 31 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][server: *.webex.com] - 32 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] - 33 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][8 pkts/515 bytes] - 34 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] - 35 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] - 36 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][server: *.webex.com] - 37 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][12 pkts/1791 bytes][Host: cp.pushwoosh.com] - 38 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][server: *.webex.com] - 39 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] - 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] - 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] - 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][3 pkts/174 bytes] - 44 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] - 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] - 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] - 47 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] - 48 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][server: www.webex.com] - 49 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][client: radcom.webex.com] - 50 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][client: radcom.webex.com] - 51 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][client: radcom.webex.com] - 52 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][server: *.webex.com] - 53 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] - 54 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] - 55 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com][server: *.crittercism.com] - 57 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] + 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] + 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes] + 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] + 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] + 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] + 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] + 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes] + 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] + 12 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] + 13 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] + 14 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 15 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 19 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] + 20 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 21 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes] + 22 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] + 23 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] + 24 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][7 pkts/1280 bytes <-> 6 pkts/453 bytes] + 25 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] + 26 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] + 28 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 29 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] + 30 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] + 31 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] + 32 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 33 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][4 pkts/299 bytes <-> 4 pkts/216 bytes] + 34 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 35 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 36 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] + 37 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com] + 38 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] + 39 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] + 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com] + 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 44 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes -> 0 pkts/0 bytes] + 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes] + 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] + 47 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] + 48 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] + 49 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com] + 50 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] + 51 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] + 52 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] + 53 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] + 54 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] + 55 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] + 57 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 390543590..1f80e3df1 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -12,109 +12,109 @@ Google 128 29925 17 LLMNR 12 944 6 WeChat 1277 615827 51 - 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] - 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][8 pkts/469 bytes] - 3 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org] - 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] - 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] - 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] - 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] - 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] - 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][8 pkts/583 bytes] - 11 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][7 pkts/517 bytes] - 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] - 13 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] - 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] - 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] - 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] - 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com] - 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com] - 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] - 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/15082 bytes][client: web.wechat.com] - 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][27 pkts/10532 bytes][client: web.wechat.com] - 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][28 pkts/18041 bytes][client: web.wechat.com] - 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] - 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] - 25 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] - 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] - 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] - 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4735 bytes][client: web.wechat.com] - 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] - 30 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] - 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][26 pkts/11518 bytes][client: web.wechat.com] - 32 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com] - 33 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com] - 34 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com] - 35 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] - 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] - 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] - 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] - 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] - 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] - 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] - 44 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] - 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] - 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] - 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] - 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] - 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] - 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] - 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] - 53 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] - 54 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] - 55 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] - 56 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][9 pkts/524 bytes] - 57 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] - 58 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] - 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] - 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] - 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] - 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes] - 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com] - 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4537 bytes][client: web.wechat.com] - 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] - 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][39 pkts/25723 bytes][client: web.wechat.com] - 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][44 pkts/19995 bytes][client: web.wechat.com] - 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][54 pkts/36453 bytes][client: web.wechat.com] - 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][86 pkts/65999 bytes][client: web.wechat.com] - 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][96 pkts/63642 bytes][client: web.wechat.com] - 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] - 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/9761 bytes][client: web.wechat.com] - 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][73 pkts/44045 bytes][client: web.wechat.com] - 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][36 pkts/14963 bytes][client: web.wechat.com] - 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/30965 bytes][client: web.wechat.com] - 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes] - 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/302 bytes][Host: docs.google.com] - 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] - 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][17 pkts/1146 bytes] - 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] - 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/354 bytes] - 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/465 bytes][Host: web.wechat.com] - 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] - 84 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq] - 85 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] - 86 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] - 87 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] - 88 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes] - 89 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes] - 90 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes] - 91 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes] - 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] - 93 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 94 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] - 95 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] - 96 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes] - 97 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] - 98 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] - 99 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] - 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] - 101 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] - 102 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] + 3 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] + 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] + 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com] + 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] + 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes -> 0 pkts/0 bytes] + 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] + 11 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 4 pkts/319 bytes] + 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] + 13 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][3 pkts/802 bytes <-> 3 pkts/198 bytes] + 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] + 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com] + 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com] + 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com] + 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com] + 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com] + 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com] + 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com] + 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 25 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com] + 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] + 30 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com] + 32 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com] + 33 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com] + 34 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com] + 35 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] + 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] + 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes -> 0 pkts/0 bytes] + 44 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] + 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] + 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] + 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] + 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com] + 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] + 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 53 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] + 54 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan] + 55 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] + 56 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][5 pkts/290 bytes <-> 4 pkts/234 bytes] + 57 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 58 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] + 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] + 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com] + 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com] + 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com] + 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com] + 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com] + 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com] + 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com] + 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com] + 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com] + 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com] + 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com] + 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] + 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] + 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] + 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] + 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] + 84 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] + 85 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes -> 0 pkts/0 bytes] + 86 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes -> 0 pkts/0 bytes] + 87 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] + 88 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] + 89 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes -> 0 pkts/0 bytes] + 90 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] + 91 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes -> 0 pkts/0 bytes] + 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][10 pkts/660 bytes <-> 10 pkts/660 bytes] + 93 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 94 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 95 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 96 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] + 97 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes -> 0 pkts/0 bytes] + 99 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] + 101 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] + 102 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] Undetected flows: - 1 0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes] + 1 0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 820ba9a44..85674141e 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -6,47 +6,47 @@ Amazon 2 132 1 QUIC 23 4118 2 Sina(Weibo) 418 258007 15 - 1 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] - 2 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] - 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] - 4 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 5 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] - 6 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] - 7 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] - 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][9 pkts/1944 bytes] - 9 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 10 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] - 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][106 pkts/76903 bytes][Host: img.t.sinajs.cn] - 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][41 pkts/23245 bytes][Host: img.t.sinajs.cn] - 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] - 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][35 pkts/22361 bytes][Host: img.t.sinajs.cn] - 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] - 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][client: g.alicdn.com] - 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] - 18 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] - 19 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] - 20 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] - 21 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] - 22 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] - 23 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] - 24 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] - 25 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/242 bytes][Host: login.taobao.com] - 26 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][9 pkts/1599 bytes][Host: weibo.com] - 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] - 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 30 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] - 31 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes] - 32 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] - 33 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] - 34 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/186 bytes][Host: log.mmstat.com] - 35 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/154 bytes][Host: weibo.com] - 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][14 pkts/2174 bytes] - 37 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][2 pkts/132 bytes] - 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] - 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] - 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][3 pkts/214 bytes] - 42 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] - 43 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] - 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][79 pkts/37492 bytes][Host: www.weibo.com] + 1 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 2 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 4 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 5 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn] + 6 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] + 7 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn] + 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][5 pkts/963 bytes <-> 4 pkts/981 bytes] + 9 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 10 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com] + 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn] + 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn] + 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn] + 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn] + 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn] + 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com] + 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 18 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 19 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com] + 21 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] + 22 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 23 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 24 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/76 bytes <-> 1 pkts/166 bytes][Host: login.taobao.com] + 26 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com] + 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 30 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn] + 31 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com] + 33 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com] + 34 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com] + 35 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com] + 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][8 pkts/1301 bytes <-> 6 pkts/873 bytes] + 37 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn] + 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn] + 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes] + 42 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/81 bytes <-> 1 pkts/159 bytes][Host: u1.img.mobile.sina.cn] + 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 47461befa..d044c712f 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -12,60 +12,60 @@ AppleiTunes 85 28087 2 Spotify 3 258 1 WhatsAppVoice 706 91156 4 - 1 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 2 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes] - 3 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] - 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes] - 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] - 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] - 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] - 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] - 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] - 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 33 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] - 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] - 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 36 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 38 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] - 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 43 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 44 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 45 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 46 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 50 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] - 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] - 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 54 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 55 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 1 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes -> 0 pkts/0 bytes] + 3 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] + 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] + 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 8 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes -> 0 pkts/0 bytes] + 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 14 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] + 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] + 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 33 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] + 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] + 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][100 pkts/14711 bytes <-> 80 pkts/10163 bytes] + 36 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net] + 38 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 42 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com] + 43 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 44 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 45 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 46 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 47 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 50 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] + 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes] + 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] + 54 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] + 55 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] + 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] + 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 74d9e8176..14bacb23f 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -5,12 +5,12 @@ Apple 50 23466 2 WhatsApp 32 3243 2 Spotify 1 86 1 - 1 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 2 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes] - 3 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] - 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][44 pkts/21371 bytes] - 5 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes][Host: lucas-imac] - 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][30 pkts/2963 bytes] - 7 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes] - 8 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes] - 9 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes] + 1 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 2 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net] + 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] + 5 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] + 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] + 7 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes -> 0 pkts/0 bytes] + 8 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index d9f0484aa..d417addc0 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -1,16 +1,16 @@ Facebook 44 5916 8 WhatsApp 217 22139 5 - 1 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 2 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 3 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 4 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][9 pkts/1184 bytes] - 5 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 7 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][62 pkts/5609 bytes] - 8 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][46 pkts/4990 bytes] - 9 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][30 pkts/4709 bytes] - 10 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][27 pkts/2220 bytes] - 11 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][52 pkts/4611 bytes] - 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 1 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 2 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 3 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 4 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 5 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 7 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][30 pkts/2539 bytes <-> 32 pkts/3070 bytes] + 8 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][24 pkts/3029 bytes <-> 22 pkts/1961 bytes] + 9 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] + 10 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] + 11 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] + 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] diff --git a/tests/result/youtube_quic.pcap.out b/tests/result/youtube_quic.pcap.out index 0ca9427bb..7c0bc9e80 100644 --- a/tests/result/youtube_quic.pcap.out +++ b/tests/result/youtube_quic.pcap.out @@ -1,6 +1,6 @@ YouTube 258 178495 1 Google 31 13144 2 - 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][18 pkts/8665 bytes][Host: googleads.g.doubleclick.net] - 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][13 pkts/4479 bytes][Host: pagead2.googlesyndication.com] - 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][258 pkts/178495 bytes][Host: yt3.ggpht.com] + 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Host: googleads.g.doubleclick.net] + 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Host: pagead2.googlesyndication.com] + 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Host: yt3.ggpht.com] -- cgit v1.2.3 From d67d3eed3cbe658bb580f5d2017a188cb75f707e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 26 May 2017 12:11:37 +0200 Subject: Compilation fix for systems that do not have JSON-C installed --- example/ndpiReader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 92bebc0d2..b76d66f34 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1321,11 +1321,11 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ /* *********************************************** */ +#ifdef HAVE_JSON_C /* * @brief Save Top Stats in json format */ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int direction, u_int64_t total_ip_addr){ -#ifdef HAVE_JSON_C struct top_stats *s, *tmp; json_object *jArray_stats = json_object_new_array(); int i = 0; @@ -1374,8 +1374,8 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int json_object_object_add(*jObj_group, (direction == DIR_SRC) ? "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); -#endif } +#endif /* *********************************************** */ -- cgit v1.2.3 From 61f8f56719d7169729609471753d52ce0093c1a0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 26 May 2017 12:46:19 +0200 Subject: Implemented network latency dissector --- wireshark/ndpi.lua | 68 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 22 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 04c367ca4..d6ff9c39d 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -4,14 +4,21 @@ -- This plugin is part of nDPI (https://github.com/ntop/nDPI) -- -- -local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") + +local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") ndpi_proto.fields = {} -local fds = ndpi_proto.fields +local ndpi_fds = ndpi_proto.fields +ndpi_fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) +ndpi_fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) +ndpi_fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) + -fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) -fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) -fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) +local ntop_proto = Proto("ntop", "ntop", "ntop Extensions") +ntop_proto.fields = {} +local ntop_fds = ntop_proto.fields +ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "ntop.latency.client_rtt", ftypes.FLOAT, nil, base.NONE) +ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) local f_eth_trailer = Field.new("eth.trailer") @@ -395,9 +402,9 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local name_str = name:string(ENC_ASCII) local ndpikey, srckey, dstkey, flowkey - ndpi_subtree:add(fds.network_protocol, network_protocol) - ndpi_subtree:add(fds.application_protocol, application_protocol) - ndpi_subtree:add(fds.name, name) + ndpi_subtree:add(ndpi_fds.network_protocol, network_protocol) + ndpi_subtree:add(ndpi_fds.application_protocol, application_protocol) + ndpi_subtree:add(ndpi_fds.name, name) local pname = ""..application_protocol if(pname ~= "0000") then @@ -446,33 +453,41 @@ function ndpi_proto.dissector(tvb, pinfo, tree) if(_tcp_flags ~= nil) then local key local tcp_flags = field_tcp_flags().value - local secs, frac = math.modf(pinfo.abs_ts) - - local age = os.difftime(os.clock(), pinfo.abs_ts) tcp_flags = tonumber(tcp_flags) if(tcp_flags == 2) then -- SYN + if(debug) then print("SYN @ ".. pinfo.abs_ts.." "..key) end + key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) syn[key] = pinfo.abs_ts - -- print("SYN @ ".. pinfo.abs_ts.." "..key) - elseif(tcp_flags == 18) then -- SYN|ACK + if(debug) then print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) end + key = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) - -- print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) synack[key] = pinfo.abs_ts - print("Client RTT --> ".. abstime_diff(synack[key], syn[key]) .. " sec") - table.remove(syn, key) + if(syn[key] ~= nil) then + local diff = abstime_diff(synack[key], syn[key]) * 1000 -- msec + + if(debug) then print("Client RTT --> ".. diff .. " sec") end + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.client_nw_rtt, diff) + -- syn[key] = nil + end elseif(tcp_flags == 16) then -- ACK + if(debug) then print("ACK @ ".. pinfo.abs_ts.." "..key) end + key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) - -- print("ACK @ ".. pinfo.abs_ts.." "..key) - + if(synack[key] ~= nil) then - print("Server RTT --> ".. abstime_diff(pinfo.abs_ts, synack[key]) .. " sec") - table.remove(synack, key) + local diff = abstime_diff(pinfo.abs_ts, synack[key]) * 1000 -- msec + if(debug) then print("Server RTT --> ".. diff .. " sec") end + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.server_nw_rtt, diff) + -- synack[key] = nil end end @@ -608,14 +623,23 @@ local function ip_mac_dialog_menu() for mac,v in pairs(mac_stats) do local num = 0 local m = string.split(mac, "_") + local manuf + if(m == nil) then + m = string.split(mac, ":") + + manuf = m[1]..":"..m[2]..":"..m[3] + else + manuf = m[1] + end + for a,b in pairs(v) do num = num +1 end _macs[mac] = num - if(_manufacturers[m[1]] == nil) then _manufacturers[m[1]] = 0 end - _manufacturers[m[1]] = _manufacturers[m[1]] + 1 + if(_manufacturers[manuf] == nil) then _manufacturers[manuf] = 0 end + _manufacturers[manuf] = _manufacturers[manuf] + 1 num_hosts = num_hosts + num end -- cgit v1.2.3 From 2b9f8f6a8924fbb747de5635ebb643478363f3fb Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 29 May 2017 16:46:28 +0200 Subject: Fixed nDPI report formatting --- wireshark/ndpi.lua | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index d6ff9c39d..a667749e0 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -421,7 +421,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) srckey = tostring(pinfo.src) dstkey = tostring(pinfo.dst) - flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]" + flowkey = srckey.." / "..dstkey.."\t["..ndpikey.."]" if(ndpi_flows[flowkey] == nil) then ndpi_flows[flowkey] = 0 num_ndpi_flows = num_ndpi_flows + 1 @@ -524,13 +524,18 @@ local function ndpi_dialog_menu() local i if(ndpi_protos ~= {}) then + local tot = 0 label = "nDPI Protocol Breakdown\n" label = label .. "-----------------------\n" + for _,v in pairs(ndpi_protos) do + tot = tot + v + end + i = 0 for k,v in pairsByValues(ndpi_protos, rev) do - -- label = label .. k .. "\t".. bytesToSize(v) .. "\n" - label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) + local pctg = formatPctg((v * 100) / tot) + label = label .. string.format("%-32s\t\t%s\t", k, bytesToSize(v)).. "\t["..pctg.."]\n" if(i == max_num_entries) then break else i = i + 1 end end @@ -540,7 +545,8 @@ local function ndpi_dialog_menu() label = label .. "-----------\n" i = 0 for k,v in pairsByValues(ndpi_flows, rev) do - label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) + local pctg = formatPctg((v * 100) / tot) + label = label .. string.format("%-48s\t%s", k, bytesToSize(v)).. "\t["..pctg.."]\n" if(i == max_num_entries) then break else i = i + 1 end end -- cgit v1.2.3 From d21dbee102215f22904fbb8b122fa21b39a83d78 Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 29 May 2017 18:58:02 +0200 Subject: TYpo --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b76d66f34..fa3dd4b27 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -312,7 +312,7 @@ void extcap_config() { /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); - printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" + printf("arg {number=%u}{call=-i}{display=Pcap File to Analyze}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); setupDetection(0, NULL); -- cgit v1.2.3 From 694bc039e85493786b2ff9049459748f43a0a233 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Mon, 29 May 2017 19:09:32 +0200 Subject: Added tinc protocol detection --- src/include/ndpi_protocol_ids.h | 5 +- src/include/ndpi_protocols.h | 2 + src/include/ndpi_typedefs.h | 21 +++ src/lib/Makefile.am | 5 +- src/lib/ndpi_main.c | 14 +- src/lib/protocols/tinc.c | 160 +++++++++++++++++++++ src/lib/third_party/include/libcache.h | 105 ++++++++++++++ src/lib/third_party/src/libcache.c | 255 +++++++++++++++++++++++++++++++++ tests/pcap/tinc.pcap | Bin 0 -> 357387 bytes tests/result/tinc.pcap.out | 6 + 10 files changed, 567 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/tinc.c create mode 100644 src/lib/third_party/include/libcache.h create mode 100644 src/lib/third_party/src/libcache.c create mode 100644 tests/pcap/tinc.pcap create mode 100644 tests/result/tinc.pcap.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 726736a06..4fce98b14 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -247,10 +247,7 @@ #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ #define NDPI_PROTOCOL_DNSCRYPT 208 - -/* 209 free */ -#define NDPI_PROTOCOL_FREE_209 209 - +#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ #define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index b3b4092b4..c0bce974e 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -196,6 +196,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_kxun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -339,4 +340,5 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index e1fbeb71c..906268b62 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,6 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" +#include "../lib/third_party/include/libcache.h" #define BT_ANNOUNCE #define SNAP_EXT @@ -330,6 +331,18 @@ struct bt_announce { // 192 bytes }; #endif +#ifdef NDPI_PROTOCOL_TINC + +#define TINC_CACHE_MAX_SIZE 100 + +typedef struct { + u_int32_t src_address; + u_int32_t dst_address; + u_int16_t dst_port; +} tinc_cache_entry_t; + +#endif + typedef enum { HTTP_METHOD_UNKNOWN = 0, HTTP_METHOD_OPTIONS, @@ -877,6 +890,9 @@ struct ndpi_detection_module_struct { struct bt_announce *bt_ann; int bt_ann_len; #endif +#endif +#ifdef NDPI_PROTOCOL_TINC + cache_t *tinc_cache; #endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -1052,6 +1068,11 @@ struct ndpi_flow_struct { u_int8_t ovpn_session_id[8]; u_int8_t ovpn_counter; #endif +#ifdef NDPI_PROTOCOL_TINC + u_int8_t tinc_state; + tinc_cache_entry_t tinc_cache_entry; +#endif + /* internal structures to save functions calls */ struct ndpi_packet_struct packet; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3770c9cfc..d3bd19264 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -158,13 +158,16 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/zattoo.c \ protocols/zeromq.c \ protocols/smpp.c \ + protocols/tinc.c \ third_party/include/actypes.h \ third_party/include/ahocorasick.h \ third_party/include/ndpi_patricia.h \ third_party/include/node.h \ third_party/include/sort.h \ + third_party/include/libcache.h \ third_party/src/ahocorasick.c \ third_party/src/node.c \ - third_party/src/sort.c + third_party/src/sort.c \ + third_party/src/libcache.c EXTRA_DIST = third_party/src/ndpi_patricia.c diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 040c54959..ef6393877 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1621,9 +1621,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TINC, + no_master, + no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); @@ -1941,6 +1945,11 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct ndpi_free(ndpi_struct->proto_defaults[i].protoName); } +#ifdef NDPI_PROTOCOL_TINC + if(ndpi_struct->tinc_cache) + cache_free(ndpi_struct->tinc_cache); +#endif + if(ndpi_struct->protocols_ptree) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); @@ -2709,6 +2718,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* SMPP */ init_smpp_dissector(ndpi_struct, &a, detection_bitmask); + /* TINC */ + init_tinc_dissector(ndpi_struct, &a, detection_bitmask); + /*** Put false-positive sensitive protocols at the end ***/ /* SKYPE */ diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c new file mode 100644 index 000000000..b25aff2e7 --- /dev/null +++ b/src/lib/protocols/tinc.c @@ -0,0 +1,160 @@ +/* + * tinc.c + * + * Copyright (C) 2017 - William Guglielmo + * Copyright (C) 2017 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_TINC + +static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + const u_int8_t *packet_payload = packet->payload; + u_int32_t payload_len = packet->payload_packet_len; + struct ndpi_id_struct *src = flow->src; + struct ndpi_id_struct *dst = flow->dst; + + if(packet->udp != NULL) { + if(ndpi_struct->tinc_cache != NULL) { + tinc_cache_entry_t tinc_cache_entry1 = { + .src_address = packet->iph->saddr, + .dst_address = packet->iph->daddr, + .dst_port = packet->udp->dest + }; + + tinc_cache_entry_t tinc_cache_entry2 = { + .src_address = packet->iph->daddr, + .dst_address = packet->iph->saddr, + .dst_port = packet->udp->source + }; + + if( cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)) == CACHE_NO_ERROR || + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)) == CACHE_NO_ERROR) + { + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)); + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)); + + // cache_free(ndpi_struct->tinc_cache); + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc udp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + } + } + + return; + + } + else if(packet->tcp != NULL) { + + if(payload_len == 0) { + if(packet->tcp->syn == 1 && packet->tcp->ack == 0) { + flow->tinc_cache_entry.src_address = packet->iph->saddr; + flow->tinc_cache_entry.dst_address = packet->iph->daddr; + flow->tinc_cache_entry.dst_port = packet->tcp->dest; + } + return; + } + + switch(flow->tinc_state) { + case 0: + case 1: + if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + while(i < payload_len && packet_payload[i++] != ' '); + if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { + flow->tinc_state++; + return; + } + } + break; + + case 2: + case 3: + if(payload_len > 11 && memcmp(packet_payload, "1 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + u_int8_t numbers_left = 4; + while(numbers_left) { + while(packet_payload[i] >= '0' && packet_payload[i] <= '9') { + i++; + } + + if(packet_payload[i++] == ' ') { + numbers_left--; + } + else break; + } + + if(numbers_left) break; + + while((packet_payload[i] >= '0' && packet_payload[i] <= '9') || + (packet_payload[i] >= 'A' && packet_payload[i] <= 'Z')) { + i++; + } + + if(packet_payload[i] == '\n') { + if(++flow->tinc_state > 3) { + if(ndpi_struct->tinc_cache == NULL) { + ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); + } + + cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + } + return; + } + } + break; + + default: break; + } + } + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "exclude tinc.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TINC); +} + +void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "tinc detection...\n"); + + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { + if (packet->tcp_retransmission == 0) { + ndpi_check_tinc(ndpi_struct, flow); + } + } +} + +void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_TINC, + ndpi_search_tinc, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h new file mode 100644 index 000000000..f959b3a9c --- /dev/null +++ b/src/lib/third_party/include/libcache.h @@ -0,0 +1,105 @@ +#ifndef __LIBCACHE_H__ +#define __LIBCACHE_H__ + +#include + + +/* Codes representing the result of some functions */ +typedef enum { + CACHE_NO_ERROR = 0, + CACHE_CONTAINS_FALSE = 0, + CACHE_CONTAINS_TRUE, + CACHE_INVALID_INPUT, + CACHE_REMOVE_NOT_FOUND, + CACHE_MALLOC_ERROR +} cache_result; + +/* CACHE_T */ +typedef struct cache_t cache_t; + +/* CACHE_ENTRY */ +typedef struct cache_entry cache_entry; + +/* CACHE_ENTRY_MAP */ +typedef struct cache_entry_map cache_entry_map; + + +/* STRUCT CACHE_T */ +struct cache_t { + uint32_t size; + uint32_t max_size; + cache_entry *head; + cache_entry *tail; + cache_entry_map **map; +}; + +/* STRUCT CACHE_ENTRY */ +struct cache_entry_map { + cache_entry *entry; + cache_entry_map *next; +}; + +/* STRUCT CACHE_ENTRY_MAP */ +struct cache_entry { + void *item; + uint32_t item_size; + cache_entry *prev; + cache_entry *next; +}; + + +/** + * Returns a new cache_t + * + * @par cache_max_size = max number of item that the new cache_t can contain + * @return a new cache_t, or NULL if an error occurred + * + */ +cache_t *cache_new(uint32_t cache_max_size); + + +/** + * Add an item in the specified cache_t + * + * @par cache = the cache_t + * @par item = pointer to the item to add + * @par item_size = size of the item + * @return a code representing the result of the function + * + */ +cache_result cache_add(cache_t *cache, void *item, uint32_t item_size); + + +/** + * Check if an item is in the specified cache_t + * + * @par cache = the cache_t + * @par item = pointer to the item to check + * @par item_size = size of the item + * @return a code representing the result of the function + * + */ +cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size); + + +/** + * Remove an item in the specified cache_t + * + * @par cache = the cache_t + * @par item = pointer to the item to remove + * @par item_size = size of the item + * @return a code representing the result of the function + * + */ +cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size); + +/** + * Free the specified cache_t + * + * @par alist = the cache + * + */ +void cache_free(cache_t *cache); + + +#endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c new file mode 100644 index 000000000..dc4bf9460 --- /dev/null +++ b/src/lib/third_party/src/libcache.c @@ -0,0 +1,255 @@ +#include +#include +#include +#include + +#include "libcache.h" + + +// https://en.wikipedia.org/wiki/Jenkins_hash_function +uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { + size_t i = 0; + uint32_t hash = 0; + while (i != length) { + hash += key[i++]; + hash += hash << 10; + hash ^= hash >> 6; + } + hash += hash << 3; + hash ^= hash >> 11; + hash += hash << 15; + return hash; +} + +cache_entry_map *cache_entry_map_new() { + return (cache_entry_map *) calloc(sizeof(cache_entry_map), 1); +} +cache_entry *cache_entry_new() { + return (cache_entry *) calloc(sizeof(cache_entry), 1); +} + +cache_t *cache_new(uint32_t cache_max_size) { + if(!cache_max_size) { + return NULL; + } + + cache_t *cache = (cache_t *) calloc(sizeof(cache_t), 1); + if(!cache) { + return NULL; + } + + cache->size = 0; + cache->max_size = cache_max_size; + + cache->map = (cache_entry_map **) calloc(sizeof(cache_entry_map *), cache->max_size); + + if(!cache->map) { + free(cache); + return NULL; + } + + return cache; +} + +cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { + if(!cache || !item || !item_size) { + return CACHE_INVALID_INPUT; + } + + uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + + if((cache->map)[hash]) { + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(item_size == hash_entry_map->entry->item_size && + !memcmp(hash_entry_map->entry->item, item, item_size)) { + break; + } + + hash_entry_map = hash_entry_map->next; + } + + if(hash_entry_map) { + cache_entry *entry = hash_entry_map->entry; + if(entry->prev) { + if(entry->next) { + entry->prev->next = entry->next; + entry->next->prev = entry->prev; + } else { + entry->prev->next = NULL; + cache->tail = entry->prev; + } + entry->prev = NULL; + entry->next = cache->head; + cache->head->prev = entry; + cache->head = entry; + } + + return CACHE_NO_ERROR; + } + } + + + cache_entry *entry = cache_entry_new(); + if(!entry) { + return CACHE_MALLOC_ERROR; + } + + cache_entry_map *map_entry = cache_entry_map_new(); + if(!map_entry) { + free(entry); + return CACHE_MALLOC_ERROR; + } + + + entry->item = malloc(item_size); + memcpy(entry->item, item, item_size); + entry->item_size = item_size; + + entry->prev = NULL; + entry->next = cache->head; + if(cache->head) cache->head->prev = entry; + cache->head = entry; + + map_entry->entry = entry; + map_entry->next = cache->map[hash]; + cache->map[hash] = map_entry; + + if(cache->max_size > cache->size) { + (cache->size)++; + if(cache->size == 1) { + cache->tail = entry; + } + } else { + cache_entry *tail = cache->tail; + + uint32_t hash = jenkins_one_at_a_time_hash(tail->item, tail->item_size) % cache->max_size; + if(cache->map[hash]) { + cache_entry_map *hash_entry_map_prev = NULL; + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(tail->item_size == hash_entry_map->entry->item_size && + !memcmp(tail->item, hash_entry_map->entry->item, item_size)) { + break; + } + + hash_entry_map_prev = hash_entry_map; + hash_entry_map = hash_entry_map->next; + } + + if(hash_entry_map_prev) { + hash_entry_map_prev->next = hash_entry_map->next; + } else { + cache->map[hash] = hash_entry_map->next; + } + + tail->prev->next = NULL; + cache->tail = tail->prev; + + free(tail->item); + free(tail); + free(hash_entry_map); + } + } + + return CACHE_NO_ERROR; +} + +cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size) { + if(!cache || !item || !item_size) { + return CACHE_INVALID_INPUT; + } + + uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + + if(cache->map[hash]) { + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(item_size == hash_entry_map->entry->item_size && + !memcmp(hash_entry_map->entry->item, item, item_size)) { + return CACHE_CONTAINS_TRUE; + } + + hash_entry_map = hash_entry_map->next; + } + } + + return CACHE_CONTAINS_FALSE; +} + +cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { + if(!cache || !item || !item_size) { + return CACHE_INVALID_INPUT; + } + + uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + + if(cache->map[hash]) { + cache_entry_map *hash_entry_map_prev = NULL; + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(item_size == hash_entry_map->entry->item_size && + !memcmp(hash_entry_map->entry->item, item, item_size)) { + break; + } + + hash_entry_map_prev = hash_entry_map; + hash_entry_map = hash_entry_map->next; + } + + if(hash_entry_map) { + + if(hash_entry_map_prev) { + hash_entry_map_prev->next = hash_entry_map->next; + } else { + cache->map[hash] = hash_entry_map->next; + } + + cache_entry *entry = hash_entry_map->entry; + + if(entry->prev) { + entry->prev->next = entry->next; + } else { + cache->head = entry->next; + } + if(entry->next) { + entry->next->prev = entry->prev; + } else { + cache->tail = entry->prev; + } + + free(entry->item); + free(entry); + free(hash_entry_map); + + (cache->size)--; + return CACHE_NO_ERROR; + } + } + + return CACHE_REMOVE_NOT_FOUND; +} + +void cache_free(cache_t *cache) { + if(!cache) { + return; + } + + int i; + for(i = 0; i < cache->max_size; i++) { + cache_entry_map *prev = NULL; + cache_entry_map *curr = cache->map[i]; + while(curr) { + prev = curr; + curr = curr->next; + free(prev->entry->item); + free(prev->entry); + free(prev); + } + } + + free(cache->map); + free(cache); + + return; +} diff --git a/tests/pcap/tinc.pcap b/tests/pcap/tinc.pcap new file mode 100644 index 000000000..d6f1d24ce Binary files /dev/null and b/tests/pcap/tinc.pcap differ diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out new file mode 100644 index 000000000..cd9506709 --- /dev/null +++ b/tests/result/tinc.pcap.out @@ -0,0 +1,6 @@ +TINC 317 352291 4 + + 1 TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][15 pkts/3169 bytes <-> 11 pkts/2932 bytes] + 2 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][14 pkts/3812 bytes <-> 13 pkts/3098 bytes] + 3 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][101 pkts/136966 bytes <-> 29 pkts/32550 bytes] + 4 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][29 pkts/30038 bytes <-> 105 pkts/139726 bytes] -- cgit v1.2.3 From 46284e1537906ba1b268979bb8f8ae0788219746 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Mon, 29 May 2017 21:30:30 +0200 Subject: Update ndpi_typedefs.h --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 906268b62..3e31c3807 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -333,7 +333,7 @@ struct bt_announce { // 192 bytes #ifdef NDPI_PROTOCOL_TINC -#define TINC_CACHE_MAX_SIZE 100 +#define TINC_CACHE_MAX_SIZE 10 typedef struct { u_int32_t src_address; -- cgit v1.2.3 From c5c417e526e55b802281257a7873839c7d3180d1 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 30 May 2017 07:03:55 +0200 Subject: Snapchat is now detected as sociaal network --- src/lib/ndpi_content_match.c.inc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e5a5d68fb..4fd04dac9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8100,12 +8100,12 @@ ndpi_protocol_match host_match[] = { { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 4a751f9d05ba742313fc0a88b1b3962ee51dac7d Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Tue, 30 May 2017 19:17:41 +0200 Subject: Updated libcache --- src/include/ndpi_typedefs.h | 2 +- src/lib/third_party/include/libcache.h | 84 +++++++++------------- src/lib/third_party/src/libcache.c | 123 ++++++++++++++++++++++----------- src/lib/third_party/src/test.c | 71 +++++++++++++++++++ 4 files changed, 186 insertions(+), 94 deletions(-) create mode 100644 src/lib/third_party/src/test.c diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3e31c3807..0bede5cb2 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -892,7 +892,7 @@ struct ndpi_detection_module_struct { #endif #endif #ifdef NDPI_PROTOCOL_TINC - cache_t *tinc_cache; + cache_t tinc_cache; #endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index f959b3a9c..1f240854f 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -1,65 +1,45 @@ -#ifndef __LIBCACHE_H__ -#define __LIBCACHE_H__ - -#include - - -/* Codes representing the result of some functions */ -typedef enum { - CACHE_NO_ERROR = 0, - CACHE_CONTAINS_FALSE = 0, - CACHE_CONTAINS_TRUE, - CACHE_INVALID_INPUT, - CACHE_REMOVE_NOT_FOUND, - CACHE_MALLOC_ERROR -} cache_result; - -/* CACHE_T */ -typedef struct cache_t cache_t; +/** + * @file libcache.h + * @author William Guglielmo + * @brief File containing header of cache_t type. + * + */ -/* CACHE_ENTRY */ -typedef struct cache_entry cache_entry; -/* CACHE_ENTRY_MAP */ -typedef struct cache_entry_map cache_entry_map; +#ifndef __DESELMO_LIBCACHE_H__ +#define __DESELMO_LIBCACHE_H__ +#include -/* STRUCT CACHE_T */ -struct cache_t { - uint32_t size; - uint32_t max_size; - cache_entry *head; - cache_entry *tail; - cache_entry_map **map; -}; +/** + * @brief Codes representing the result of some functions + * + */ +typedef enum cache_result { + CACHE_NO_ERROR = 0, /**< Returned by a function if no error occurs. */ + CACHE_CONTAINS_FALSE = 0, /**< Returned by function cache_contains if item is not present. */ + CACHE_CONTAINS_TRUE, /**< Returned by function cache_contains if item is present. */ + CACHE_INVALID_INPUT, /**< Returned by a function if it is called with invalid input parameters. */ + CACHE_REMOVE_NOT_FOUND, /**< Returned by function cache_remove if item is not present. */ + CACHE_MALLOC_ERROR /**< Returned by a function if a malloc fail. */ +} cache_result; -/* STRUCT CACHE_ENTRY */ -struct cache_entry_map { - cache_entry *entry; - cache_entry_map *next; -}; -/* STRUCT CACHE_ENTRY_MAP */ -struct cache_entry { - void *item; - uint32_t item_size; - cache_entry *prev; - cache_entry *next; -}; +typedef struct cache_t *cache_t; /** - * Returns a new cache_t + * @brief Returns a new cache_t * * @par cache_max_size = max number of item that the new cache_t can contain * @return a new cache_t, or NULL if an error occurred * */ -cache_t *cache_new(uint32_t cache_max_size); +cache_t cache_new(uint32_t cache_max_size); /** - * Add an item in the specified cache_t + * @brief Add an item in the specified cache_t * * @par cache = the cache_t * @par item = pointer to the item to add @@ -67,11 +47,11 @@ cache_t *cache_new(uint32_t cache_max_size); * @return a code representing the result of the function * */ -cache_result cache_add(cache_t *cache, void *item, uint32_t item_size); +cache_result cache_add(cache_t cache, void *item, uint32_t item_size); /** - * Check if an item is in the specified cache_t + * @brief Check if an item is in the specified cache_t * * @par cache = the cache_t * @par item = pointer to the item to check @@ -79,11 +59,11 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size); * @return a code representing the result of the function * */ -cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size); +cache_result cache_contains(cache_t cache, void *item, uint32_t item_size); /** - * Remove an item in the specified cache_t + * @brief Remove an item in the specified cache_t * * @par cache = the cache_t * @par item = pointer to the item to remove @@ -91,15 +71,15 @@ cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size); * @return a code representing the result of the function * */ -cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size); +cache_result cache_remove(cache_t cache, void *item, uint32_t item_size); /** - * Free the specified cache_t + * @brief Free the specified cache_t * * @par alist = the cache * */ -void cache_free(cache_t *cache); +void cache_free(cache_t cache); #endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index dc4bf9460..d5545beae 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -1,3 +1,11 @@ +/** + * @file libcache.c + * @author William Guglielmo + * @brief File containing implementation of cache_t type. + * + */ + + #include #include #include @@ -7,6 +15,7 @@ // https://en.wikipedia.org/wiki/Jenkins_hash_function +#define HASH_FUNCTION jenkins_one_at_a_time_hash uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { size_t i = 0; uint32_t hash = 0; @@ -21,19 +30,62 @@ uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { return hash; } -cache_entry_map *cache_entry_map_new() { - return (cache_entry_map *) calloc(sizeof(cache_entry_map), 1); + +typedef struct cache_entry *cache_entry; + +typedef struct cache_entry_map *cache_entry_map; + +struct cache_t { + uint32_t size; + uint32_t max_size; + cache_entry head; + cache_entry tail; + cache_entry_map *map; +}; + +struct cache_entry_map { + cache_entry entry; + cache_entry_map next; +}; + +struct cache_entry { + void *item; + uint32_t item_size; + cache_entry prev; + cache_entry next; +}; + + +void cache_touch_entry(cache_t cache, cache_entry entry) { + if(entry->prev) { + if(entry->next) { + entry->prev->next = entry->next; + entry->next->prev = entry->prev; + } else { + entry->prev->next = NULL; + cache->tail = entry->prev; + } + entry->prev = NULL; + entry->next = cache->head; + cache->head->prev = entry; + cache->head = entry; + } +} + + +cache_entry cache_entry_new() { + return (cache_entry) calloc(sizeof(struct cache_entry), 1); } -cache_entry *cache_entry_new() { - return (cache_entry *) calloc(sizeof(cache_entry), 1); +cache_entry_map cache_entry_map_new() { + return (cache_entry_map) calloc(sizeof(struct cache_entry_map), 1); } -cache_t *cache_new(uint32_t cache_max_size) { +cache_t cache_new(uint32_t cache_max_size) { if(!cache_max_size) { return NULL; } - cache_t *cache = (cache_t *) calloc(sizeof(cache_t), 1); + cache_t cache = (cache_t) calloc(sizeof(struct cache_t), 1); if(!cache) { return NULL; } @@ -41,7 +93,7 @@ cache_t *cache_new(uint32_t cache_max_size) { cache->size = 0; cache->max_size = cache_max_size; - cache->map = (cache_entry_map **) calloc(sizeof(cache_entry_map *), cache->max_size); + cache->map = (cache_entry_map *) calloc(sizeof(cache_entry_map ), cache->max_size); if(!cache->map) { free(cache); @@ -51,15 +103,15 @@ cache_t *cache_new(uint32_t cache_max_size) { return cache; } -cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { +cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; if((cache->map)[hash]) { - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && !memcmp(hash_entry_map->entry->item, item, item_size)) { @@ -70,32 +122,19 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { } if(hash_entry_map) { - cache_entry *entry = hash_entry_map->entry; - if(entry->prev) { - if(entry->next) { - entry->prev->next = entry->next; - entry->next->prev = entry->prev; - } else { - entry->prev->next = NULL; - cache->tail = entry->prev; - } - entry->prev = NULL; - entry->next = cache->head; - cache->head->prev = entry; - cache->head = entry; - } + cache_touch_entry(cache, hash_entry_map->entry); return CACHE_NO_ERROR; } } - cache_entry *entry = cache_entry_new(); + cache_entry entry = cache_entry_new(); if(!entry) { return CACHE_MALLOC_ERROR; } - cache_entry_map *map_entry = cache_entry_map_new(); + cache_entry_map map_entry = cache_entry_map_new(); if(!map_entry) { free(entry); return CACHE_MALLOC_ERROR; @@ -121,12 +160,12 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { cache->tail = entry; } } else { - cache_entry *tail = cache->tail; + cache_entry tail = cache->tail; - uint32_t hash = jenkins_one_at_a_time_hash(tail->item, tail->item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(tail->item, tail->item_size) % cache->max_size; if(cache->map[hash]) { - cache_entry_map *hash_entry_map_prev = NULL; - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map_prev = NULL; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(tail->item_size == hash_entry_map->entry->item_size && !memcmp(tail->item, hash_entry_map->entry->item, item_size)) { @@ -155,18 +194,20 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { return CACHE_NO_ERROR; } -cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size) { +cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && !memcmp(hash_entry_map->entry->item, item, item_size)) { + cache_touch_entry(cache, hash_entry_map->entry); + return CACHE_CONTAINS_TRUE; } @@ -177,16 +218,16 @@ cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size) { return CACHE_CONTAINS_FALSE; } -cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { +cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { - cache_entry_map *hash_entry_map_prev = NULL; - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map_prev = NULL; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && !memcmp(hash_entry_map->entry->item, item, item_size)) { @@ -205,7 +246,7 @@ cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { cache->map[hash] = hash_entry_map->next; } - cache_entry *entry = hash_entry_map->entry; + cache_entry entry = hash_entry_map->entry; if(entry->prev) { entry->prev->next = entry->next; @@ -230,15 +271,15 @@ cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { return CACHE_REMOVE_NOT_FOUND; } -void cache_free(cache_t *cache) { +void cache_free(cache_t cache) { if(!cache) { return; } int i; for(i = 0; i < cache->max_size; i++) { - cache_entry_map *prev = NULL; - cache_entry_map *curr = cache->map[i]; + cache_entry_map prev = NULL; + cache_entry_map curr = cache->map[i]; while(curr) { prev = curr; curr = curr->next; diff --git a/src/lib/third_party/src/test.c b/src/lib/third_party/src/test.c new file mode 100644 index 000000000..63097fcc3 --- /dev/null +++ b/src/lib/third_party/src/test.c @@ -0,0 +1,71 @@ +#include +#include +#include + +#include "libcache.h" + + +int main() { + cache_t cache = cache_new(3); + long e; + + e = 0; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + assert(cache_remove(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_remove(cache, &e, sizeof(e)) == CACHE_REMOVE_NOT_FOUND); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 1; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 2; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 3; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 0; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + e = 1; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 2; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 3; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 1; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + e = 4; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + e = 0; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + e = 1; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 2; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + e = 3; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 4; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + // e = 5; + // assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + // e = 1; + // assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + + for(e = 0; e < 1000; e++) { + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + } + for(e = 0; e < 997; e++) { + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + } + for(e = 997; e < 1000; e++) { + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + } + + cache_free(cache); + + puts("OK"); + return 0; +} -- cgit v1.2.3 From b08fbe46c0e72ad858655eadc24c7674c495dc06 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Tue, 30 May 2017 21:04:57 +0200 Subject: Delete test.c --- src/lib/third_party/src/test.c | 71 ------------------------------------------ 1 file changed, 71 deletions(-) delete mode 100644 src/lib/third_party/src/test.c diff --git a/src/lib/third_party/src/test.c b/src/lib/third_party/src/test.c deleted file mode 100644 index 63097fcc3..000000000 --- a/src/lib/third_party/src/test.c +++ /dev/null @@ -1,71 +0,0 @@ -#include -#include -#include - -#include "libcache.h" - - -int main() { - cache_t cache = cache_new(3); - long e; - - e = 0; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - assert(cache_remove(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_remove(cache, &e, sizeof(e)) == CACHE_REMOVE_NOT_FOUND); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 1; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 2; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 3; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 0; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - e = 1; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 2; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 3; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 1; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - e = 4; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - e = 0; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - e = 1; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 2; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - e = 3; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 4; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - // e = 5; - // assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - // e = 1; - // assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - - for(e = 0; e < 1000; e++) { - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - } - for(e = 0; e < 997; e++) { - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - } - for(e = 997; e < 1000; e++) { - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - } - - cache_free(cache); - - puts("OK"); - return 0; -} -- cgit v1.2.3 From 22b7b407c32dfa7fedb017b64d4a8e2905a483b4 Mon Sep 17 00:00:00 2001 From: cardigliano Date: Thu, 1 Jun 2017 18:13:31 +0200 Subject: compilation fix --- src/lib/third_party/include/libcache.h | 2 +- src/lib/third_party/src/libcache.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 1f240854f..da3e9411f 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -25,7 +25,7 @@ typedef enum cache_result { } cache_result; -typedef struct cache_t *cache_t; +typedef struct cache *cache_t; /** diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index d5545beae..bc16d37dc 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -35,7 +35,7 @@ typedef struct cache_entry *cache_entry; typedef struct cache_entry_map *cache_entry_map; -struct cache_t { +struct cache { uint32_t size; uint32_t max_size; cache_entry head; @@ -85,7 +85,7 @@ cache_t cache_new(uint32_t cache_max_size) { return NULL; } - cache_t cache = (cache_t) calloc(sizeof(struct cache_t), 1); + cache_t cache = (cache_t) calloc(sizeof(struct cache), 1); if(!cache) { return NULL; } -- cgit v1.2.3 From e1b5b54c4c5c61e206d01eb3872a39a9ba7c3b25 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Fri, 2 Jun 2017 00:29:04 +0200 Subject: Update license libcache --- src/lib/third_party/include/libcache.h | 24 +++++++++++++++++++++--- src/lib/third_party/src/libcache.c | 24 +++++++++++++++++++++--- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 1f240854f..fa1675f14 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -1,7 +1,25 @@ /** - * @file libcache.h - * @author William Guglielmo - * @brief File containing header of cache_t type. + * libcache.h + * +Copyright (c) 2017 William Guglielmo + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. * */ diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index d5545beae..11af22284 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -1,7 +1,25 @@ /** - * @file libcache.c - * @author William Guglielmo - * @brief File containing implementation of cache_t type. + * libcache.c + * +Copyright (c) 2017 William Guglielmo + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. * */ -- cgit v1.2.3 From 6b5f640849b510e1f5137b8a6e2fb7d707cebaa1 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 2 Jun 2017 20:10:05 +0200 Subject: improved spotify detection --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4fd04dac9..9072fab19 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8070,6 +8070,8 @@ ndpi_protocol_match host_match[] = { { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 67aa9f23508aa855bc1442319d1b5e60670e07c9 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 2 Jun 2017 21:47:55 +0200 Subject: Implemented Application/Network latency Implemented DNS stats Moved all menu entries unser Tools -> ntop menu --- wireshark/ndpi.lua | 467 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 399 insertions(+), 68 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index a667749e0..822cefc51 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -13,14 +13,22 @@ ndpi_fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.pr ndpi_fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) ndpi_fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) - local ntop_proto = Proto("ntop", "ntop", "ntop Extensions") ntop_proto.fields = {} -local ntop_fds = ntop_proto.fields -ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "ntop.latency.client_rtt", ftypes.FLOAT, nil, base.NONE) -ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) -local f_eth_trailer = Field.new("eth.trailer") +local ntop_fds = ntop_proto.fields +ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "ntop.latency.client_rtt", ftypes.FLOAT, nil, base.NONE) +ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) +ntop_fds.appl_latency_rtt = ProtoField.new("Application Latency RTT (msec)", "ntop.latency.appl_rtt", ftypes.FLOAT, nil, base.NONE) + +-- local f_eth_trailer = Field.new("eth.trailer") +local f_dns_query_name = Field.new("dns.qry.name") +local f_dns_ret_code = Field.new("dns.flags.rcode") +local f_dns_response = Field.new("dns.flags.response") +local f_udp_len = Field.new("udp.length") +local f_tcp_header_len = Field.new("tcp.hdr_len") +local f_ip_len = Field.new("ip.len") +local f_ip_hdr_len = Field.new("ip.hdr_len") local ndpi_protos = {} local ndpi_flows = {} @@ -31,6 +39,12 @@ local mac_stats = {} local vlan_stats = {} local vlan_found = false +local dns_responses_ok = {} +local dns_responses_error = {} +local dns_client_queries = {} +local dns_server_responses = {} +local dns_queries = {} + local syn = {} local synack = {} local lower_ndpi_flow_id = 0 @@ -40,10 +54,23 @@ local compute_flows_stats = true local max_num_entries = 10 local max_num_flows = 50 +local num_top_dns_queries = 0 +local max_num_dns_queries = 50 + +local min_nw_client_RRT = {} +local min_nw_server_RRT = {} +local max_nw_client_RRT = {} +local max_nw_server_RRT = {} +local min_appl_RRT = {} +local max_appl_RRT = {} + +local first_payload_ts = {} +local first_payload_id = {} + local num_pkts = 0 local last_processed_packet_number = 0 - -local debug = false +local max_latency_discard = 5000 -- 5 sec +local debug = false -- ############################################## @@ -114,6 +141,17 @@ string.split = function(s, p) return temp end +-- ############################################## + +function shortenString(name, max_len) + max_len = max_len or 24 + if(string.len(name) < max_len) then + return(name) + else + return(string.sub(name, 1, max_len).."...") + end +end + -- ############################################### -- Convert bytes to human readable format @@ -221,7 +259,25 @@ function ndpi_proto.init() -- TCP syn = {} - synack = {} + synack = {} + + -- DNS + dns_responses_ok = {} + dns_responses_error = {} + dns_client_queries = {} + dns_server_responses = {} + top_dns_queries = {} + num_top_dns_queries = 0 + + -- Network RRT + min_nw_client_RRT = {} + min_nw_server_RRT = {} + max_nw_client_RRT = {} + max_nw_server_RRT = {} + + -- Application Latency + first_payload_ts = {} + first_payload_id = {} end function slen(str) @@ -322,15 +378,7 @@ end -- ############################################### function abstime_diff(a, b) - local secs1, frac1 = math.modf(a) - local secs2, frac2 = math.modf(b) - local diff - local diff_sec = secs1 - secs2 - local diff_res = frac1 - frac2 - - if(diff_res < 0) then diff_sec = diff_sec + 1 end - - return(diff_sec + diff_res) + return(tonumber(a)-tonumber(b)) end -- ############################################### @@ -389,9 +437,9 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local src_ip = tostring(pinfo.src) if(mac_stats[src_mac] == nil) then mac_stats[src_mac] = {} end mac_stats[src_mac][src_ip] = 1 - + local pktlen = tvb:len() - local eth_trailer = f_eth_trailer() + -- local eth_trailer = f_eth_trailer() local magic = tostring(tvb(pktlen-28,4)) if(magic == "19680924") then @@ -433,13 +481,12 @@ function ndpi_proto.dissector(tvb, pinfo, tree) for k,v in pairsByValues(ndpi_flows, asc) do if(k ~= flowkey) then table.remove(ndpi_flows, k) - tot_removed = tot_removed + 1 - if(tot_removed == max_num_entries) then + num_ndpi_flows = num_ndpi_flows + 1 + if(num_ndpi_flows == (2*max_num_entries)) then break end end end - end end @@ -447,61 +494,222 @@ function ndpi_proto.dissector(tvb, pinfo, tree) end end -- nDPI + -- ########################################### - local _tcp_flags = field_tcp_flags() + local dns_response = f_dns_response() + if(dns_response ~= nil) then + local dns_ret_code = f_dns_ret_code() + local dns_response = tonumber(getval(dns_response)) + local srckey = tostring(pinfo.src) + local dstkey = tostring(pinfo.dst) + local dns_query_name = f_dns_query_name() + dns_query_name = getval(dns_query_name) + + if(dns_response == 0) then + -- DNS Query + if(dns_client_queries[srckey] == nil) then dns_client_queries[srckey] = 0 end + dns_client_queries[srckey] = dns_client_queries[srckey] + 1 + + if(dns_query_name ~= nil) then + if(top_dns_queries[dns_query_name] == nil) then + top_dns_queries[dns_query_name] = 0 + num_top_dns_queries = num_top_dns_queries + 1 + + if(num_top_dns_queries > max_num_dns_queries) then + -- We need to harvest the flow with least packets beside this new one + for k,v in pairsByValues(dns_client_queries, asc) do + if(k ~= dns_query_name) then + table.remove(ndpi_flows, k) + num_top_dns_queries = num_top_dns_queries - 1 + + if(num_top_dns_queries == (2*max_num_entries)) then + break + end + end + end + end + end + + top_dns_queries[dns_query_name] = top_dns_queries[dns_query_name] + 1 + end + else + -- DNS Response + if(dns_server_responses[srckey] == nil) then dns_server_responses[srckey] = 0 end + dns_server_responses[srckey] = dns_server_responses[srckey] + 1 + + if(dns_ret_code ~= nil) then + dns_ret_code = getval(dns_ret_code) + + if((dns_query_name ~= nil) and (dns_ret_code ~= nil)) then + dns_ret_code = tonumber(dns_ret_code) - if(_tcp_flags ~= nil) then + if(debug) then print("[".. srckey .." -> ".. dstkey .."] "..dns_query_name.."\t"..dns_ret_code) end + + if(dns_ret_code == 0) then + if(dns_responses_ok[srckey] == nil) then dns_responses_ok[srckey] = 0 end + dns_responses_ok[srckey] = dns_responses_ok[srckey] + 1 + else + if(dns_responses_error[srckey] == nil) then dns_responses_error[srckey] = 0 end + dns_responses_error[srckey] = dns_responses_error[srckey] + 1 + end + end + end + end + end + + -- ########################################### + + local _tcp_flags = field_tcp_flags() + local udp_len = f_udp_len() + + if((_tcp_flags ~= nil) or (udp_len ~= nil)) then local key - local tcp_flags = field_tcp_flags().value + local rtt_debug = false + local tcp_flags + local tcp_header_len + local ip_len + local ip_hdr_len + + if(udp_len == nil) then + tcp_flags = field_tcp_flags().value + tcp_header_len = f_tcp_header_len() + ip_len = f_ip_len() + ip_hdr_len = f_ip_hdr_len() + end + + if(((ip_len ~= nil) and (tcp_header_len ~= nil) and (ip_hdr_len ~= nil)) + or (udp_len ~= nil) + ) then + local payloadLen + + if(udp_len == nil) then + ip_len = tonumber(getval(ip_len)) + tcp_header_len = tonumber(getval(tcp_header_len)) + ip_hdr_len = tonumber(getval(ip_hdr_len)) + + payloadLen = ip_len - tcp_header_len - ip_hdr_len + else + payloadLen = tonumber(getval(udp_len)) + end + + if(payloadLen > 0) then + local key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + local revkey = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) + + if(first_payload_ts[revkey] ~= nil) then + local appl_latency = abstime_diff(pinfo.abs_ts, first_payload_ts[revkey]) * 1000 + + if((appl_latency > 0) + -- The trick below is used to set only the first latency packet + and ((first_payload_id[revkey] == nil) or (first_payload_id[revkey] == pinfo.number)) + ) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + local server = getstring(pinfo.src) + if(rtt_debug) then print("==> Appl Latency @ "..pinfo.number..": "..appl_latency) end + + ntop_subtree:add(ntop_fds.appl_latency_rtt, appl_latency) + first_payload_id[revkey] = pinfo.number + + if(min_appl_RRT[server] == nil) then + min_appl_RRT[server] = appl_latency + else + min_appl_RRT[server] = math.min(min_appl_RRT[server], appl_latency) + end + + if(max_appl_RRT[server] == nil) then + max_appl_RRT[server] = appl_latency + else + max_appl_RRT[server] = math.max(max_appl_RRT[server], appl_latency) + end + + -- first_payload_ts[revkey] = nil + end + else + if(first_payload_ts[key] == nil) then first_payload_ts[key] = pinfo.abs_ts end + end + end + end - tcp_flags = tonumber(tcp_flags) + tcp_flags = tonumber(tcp_flags) + if(tcp_flags == 2) then -- SYN - if(debug) then print("SYN @ ".. pinfo.abs_ts.." "..key) end - key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + if(rtt_debug) then print("SYN @ ".. pinfo.abs_ts.." "..key) end syn[key] = pinfo.abs_ts elseif(tcp_flags == 18) then -- SYN|ACK - if(debug) then print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) end - key = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) + if(rtt_debug) then print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) end synack[key] = pinfo.abs_ts if(syn[key] ~= nil) then local diff = abstime_diff(synack[key], syn[key]) * 1000 -- msec - - if(debug) then print("Client RTT --> ".. diff .. " sec") end - local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") - ntop_subtree:add(ntop_fds.client_nw_rtt, diff) - -- syn[key] = nil + + if(rtt_debug) then print("Server RTT --> ".. diff .. " msec") end + + if(diff <= max_latency_discard) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.server_nw_rtt, diff) + -- Do not delete the key below as it's used when a user clicks on a packet + -- syn[key] = nil + + local server = getstring(pinfo.src) + if(min_nw_server_RRT[server] == nil) then + min_nw_server_RRT[server] = diff + else + min_nw_server_RRT[server] = math.min(min_nw_server_RRT[server], diff) + end + + if(max_nw_server_RRT[server] == nil) then + max_nw_server_RRT[server] = diff + else + max_nw_server_RRT[server] = math.max(max_nw_server_RRT[server], diff) + end + end end elseif(tcp_flags == 16) then -- ACK - if(debug) then print("ACK @ ".. pinfo.abs_ts.." "..key) end - key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) - + if(rtt_debug) then print("ACK @ ".. pinfo.abs_ts.." "..key) end + if(synack[key] ~= nil) then local diff = abstime_diff(pinfo.abs_ts, synack[key]) * 1000 -- msec - if(debug) then print("Server RTT --> ".. diff .. " sec") end - local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") - ntop_subtree:add(ntop_fds.server_nw_rtt, diff) - -- synack[key] = nil + if(rtt_debug) then print("Client RTT --> ".. diff .. " msec") end + + if(diff <= max_latency_discard) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.client_nw_rtt, diff) + + -- Do not delete the key below as it's used when a user clicks on a packet + synack[key] = nil + + local client = getstring(pinfo.src) + if(min_nw_client_RRT[client] == nil) then + min_nw_client_RRT[client] = diff + else + min_nw_client_RRT[client] = math.min(min_nw_client_RRT[client], diff) + end + + if(max_nw_client_RRT[client] == nil) then + max_nw_client_RRT[client] = diff + else + max_nw_client_RRT[client] = math.max(max_nw_client_RRT[client], diff) + end + end end - end end - + if(debug) then local fields = { } local _fields = { all_field_infos() } - + -- fields['pinfo.number'] = pinfo.number - + for k,v in pairs(_fields) do local value = getstring(v) - + if(value ~= nil) then fields[v.name] = value end @@ -551,17 +759,12 @@ local function ndpi_dialog_menu() end win:set(label) + win:add_button("Clear", function() win:clear() end) end end -- ############################################### -if(compute_flows_stats) then - register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) -end - --- ############################################### - local function arp_dialog_menu() local win = TextWindow.new("ARP Statistics"); local label = "" @@ -586,11 +789,12 @@ local function arp_dialog_menu() local pctg = formatPctg((v * 100) / last_processed_packet_number) local str = k .. "\t" .. v .. "\t" .. pctg .. "\t" .. "[sent: ".. (s.request_sent + s.response_sent) .. "][rcvd: ".. (s.request_rcvd + s.response_rcvd) .. "]\n" label = label .. str - if(i == max_num_entries) then break else i = i + 1 end + if(i == max_num_entries) then break else i = i + 1 end end end win:set(label) + win:add_button("Clear", function() win:clear() end) end -- ############################################### @@ -600,20 +804,21 @@ local function vlan_dialog_menu() local label = "" local _macs local num_hosts = 0 - + if(vlan_found) then i = 0 label = "VLAN\tPackets\n" for k,v in pairsByValues(vlan_stats, rev) do local pctg = formatPctg((v * 100) / last_processed_packet_number) label = label .. k .. "\t" .. v .. " pkts [".. pctg .."]\n" - if(i == max_num_entries) then break else i = i + 1 end + if(i == max_num_entries) then break else i = i + 1 end end else label = "No VLAN traffic found" end win:set(label) + win:add_button("Clear", function() win:clear() end) end -- ############################################### @@ -628,17 +833,17 @@ local function ip_mac_dialog_menu() _manufacturers = {} for mac,v in pairs(mac_stats) do local num = 0 - local m = string.split(mac, "_") + local m = string.split(mac, "_") local manuf if(m == nil) then m = string.split(mac, ":") - + manuf = m[1]..":"..m[2]..":"..m[3] else manuf = m[1] end - + for a,b in pairs(v) do num = num +1 end @@ -653,28 +858,154 @@ local function ip_mac_dialog_menu() i = 0 label = label .. "MAC\t\t# Hosts\tPercentage\n" for k,v in pairsByValues(_macs, rev) do - local pctg = formatPctg((v * 100) / num_hosts) + local pctg = formatPctg((v * 100) / num_hosts) label = label .. k .. "\t" .. v .. "\t".. pctg .."\n" - if(i == max_num_entries) then break else i = i + 1 end + if(i == max_num_entries) then break else i = i + 1 end end - i = 0 label = label .. "\n\nManufacturer\t# Hosts\tPercentage\n" for k,v in pairsByValues(_manufacturers, rev) do - local pctg = formatPctg((v * 100) / num_hosts) + local pctg = formatPctg((v * 100) / num_hosts) label = label .. k .. "\t\t" .. v .. "\t".. pctg .."\n" - if(i == max_num_entries) then break else i = i + 1 end + if(i == max_num_entries) then break else i = i + 1 end end else label = label .. "\nIP-MAC traffic found" end - + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + +local function dns_dialog_menu() + local win = TextWindow.new("DNS Statistics"); + local label = "" + local tot = 0 + local _dns = {} + + for k,v in pairs(dns_responses_ok) do + _dns[k] = v + tot = tot + v + end + + for k,v in pairs(dns_responses_error) do + if(_dns[k] == nil) then _dns[k] = 0 end + _dns[k] = _dns[k] + v + tot = tot + v + end + + if(tot > 0) then + i = 0 + label = label .. "DNS Server\t\t# Responses\n" + for k,v in pairsByValues(_dns, rev) do + local pctg = formatPctg((v * 100) / tot) + local ok = dns_responses_ok[k] + local err = dns_responses_error[k] + + if(ok == nil) then ok = 0 end + if(err == nil) then err = 0 end + label = label .. string.format("%-20s\t%s\n", shortenString(k), v .. "\t[ok: "..ok.."][error: "..err.."][".. pctg .."]") + + if(i == max_num_entries) then break else i = i + 1 end + end + + i = 0 + label = label .. "\n\nTop DNS Clients\t# Queries\n" + for k,v in pairsByValues(dns_client_queries, rev) do + local pctg = formatPctg((v * 100) / tot) + label = label .. string.format("%-20s\t%s\n", shortenString(k), v .. "\t["..pctg.."]") + if(i == max_num_entries) then break else i = i + 1 end + end + + i = 0 + label = label .. "\n\nTop DNS Resolvers\t# Responses\n" + for k,v in pairsByValues(dns_server_responses, rev) do + local pctg = formatPctg((v * 100) / tot) + label = label .. string.format("%-20s\t%s\n", shortenString(k), v .. "\t["..pctg.."]") + if(i == max_num_entries) then break else i = i + 1 end + end + + i = 0 + label = label .. "\n\nTop DNS Queries\t\t\t# Queries\n" + for k,v in pairsByValues(top_dns_queries, rev) do + local pctg = formatPctg((v * 100) / tot) + label = label .. string.format("%-32s\t%s\n", shortenString(k,32), v .. "\t["..pctg.."]") + if(i == max_num_entries) then break else i = i + 1 end + end + else + label = label .. "\nNo DNS traffic found" + end + win:set(label) + + + -- add buttons to clear text window and to enable editing + win:add_button("Clear", function() win:clear() end) + --win:add_button("Enable edit", function() win:set_editable(true) end) + + -- print "closing" to stdout when the user closes the text windw + --win:set_atclose(function() print("closing") end) end -- ############################################### -register_menu("ARP", arp_dialog_menu, MENU_STAT_UNSORTED) -register_menu("VLAN", vlan_dialog_menu, MENU_STAT_UNSORTED) -register_menu("IP-MAC", ip_mac_dialog_menu, MENU_STAT_UNSORTED) +local function rtt_dialog_menu() + local win = TextWindow.new("Network Latency"); + local label = "" + local tot = 0 + local i + + i = 0 + label = label .. "Client\t\tMin/Max RTT\n" + for k,v in pairsByValues(min_nw_client_RRT, rev) do + label = label .. string.format("%-20s\t%.3f / %.3f msec\n", shortenString(k), v, max_nw_client_RRT[k]) + if(i == max_num_entries) then break else i = i + 1 end + end + + i = 0 + label = label .. "\nServer\t\tMin RTT\n" + for k,v in pairsByValues(min_nw_server_RRT, rev) do + label = label .. string.format("%-20s\t%.3f / %.3f msec\n", shortenString(k), v, max_nw_server_RRT[k]) + if(i == max_num_entries) then break else i = i + 1 end + end + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + +local function appl_rtt_dialog_menu() + local win = TextWindow.new("Application Latency"); + local label = "" + local tot = 0 + local i + + i = 0 + label = label .. "Server\t\tMin Application RTT\n" + for k,v in pairsByValues(min_appl_RRT, rev) do + label = label .. string.format("%-20s\t%.3f / %.3f msec\n", shortenString(k), v, max_appl_RRT[k]) + if(i == max_num_entries) then break else i = i + 1 end + end + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + +register_menu("ntop/ARP", arp_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/VLAN", vlan_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/IP-MAC", ip_mac_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/DNS", dns_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/Latency/Network", rtt_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/Latency/Application", appl_rtt_dialog_menu, MENU_TOOLS_UNSORTED) + +-- ############################################### + +if(compute_flows_stats) then + register_menu("ntop/nDPI", ndpi_dialog_menu, MENU_TOOLS_UNSORTED) +end -- cgit v1.2.3 From 2049e3d6555bcd0e872e45232583e34907e7e6a4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 3 Jun 2017 11:35:51 +0200 Subject: Added SSL dissection --- wireshark/ndpi.lua | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 822cefc51..934dad4c2 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -3,8 +3,20 @@ -- -- This plugin is part of nDPI (https://github.com/ntop/nDPI) -- +-- This program is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. -- - +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software Foundation, +-- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +-- local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") ndpi_proto.fields = {} @@ -29,6 +41,7 @@ local f_udp_len = Field.new("udp.length") local f_tcp_header_len = Field.new("tcp.hdr_len") local f_ip_len = Field.new("ip.len") local f_ip_hdr_len = Field.new("ip.hdr_len") +local f_ssl_server_name = Field.new("ssl.handshake.extensions_server_name") local ndpi_protos = {} local ndpi_flows = {} @@ -57,6 +70,9 @@ local max_num_flows = 50 local num_top_dns_queries = 0 local max_num_dns_queries = 50 +local ssl_server_names = {} +local tot_ssl_flows = 0 + local min_nw_client_RRT = {} local min_nw_server_RRT = {} local max_nw_client_RRT = {} @@ -261,6 +277,9 @@ function ndpi_proto.init() syn = {} synack = {} + -- SSL + ssl_server_names = {} + -- DNS dns_responses_ok = {} dns_responses_error = {} @@ -496,6 +515,20 @@ function ndpi_proto.dissector(tvb, pinfo, tree) -- ########################################### + local ssl_server_name = f_ssl_server_name() + if(ssl_server_name ~= nil) then + ssl_server_name = getval(ssl_server_name) + + if(ssl_server_names[ssl_server_name] == nil) then + ssl_server_names[ssl_server_name] = 0 + end + + ssl_server_names[ssl_server_name] = ssl_server_names[ssl_server_name] + 1 + tot_ssl_flows = tot_ssl_flows + 1 + end + + -- ########################################### + local dns_response = f_dns_response() if(dns_response ~= nil) then local dns_ret_code = f_dns_ret_code() @@ -997,10 +1030,38 @@ end -- ############################################### +local function ssl_dialog_menu() + local win = TextWindow.new("SSL Server Contacts"); + local label = "" + local tot = 0 + local i + + if(tot_ssl_flows > 0) then + i = 0 + label = label .. "SSL Server\t\t\t\t# Flows\n" + for k,v in pairsByValues(ssl_server_names, rev) do + local pctg + + v = tonumber(v) + pctg = formatPctg((v * 100) / tot_ssl_flows) + label = label .. string.format("%-32s", shortenString(k,32)).."\t"..v.." [".. pctg.." %]\n" + if(i == 50) then break else i = i + 1 end + end + else + label = "No SSL server certificates detected" + end + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + register_menu("ntop/ARP", arp_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/VLAN", vlan_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/IP-MAC", ip_mac_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/DNS", dns_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/SSL", ssl_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Network", rtt_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Application", appl_rtt_dialog_menu, MENU_TOOLS_UNSORTED) -- cgit v1.2.3 From 3e529dd04259d0a1a923771ea1dd65e56ab3b986 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 3 Jun 2017 12:38:00 +0200 Subject: Cleanup --- example/ndpiReader.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index fa3dd4b27..142c1d5d1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -73,7 +73,7 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; -static u_int8_t stats_flag = 0, file_first_time = 1; +static u_int8_t stats_flag = 0, file_first_time = 1; static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; @@ -105,7 +105,7 @@ typedef struct node_a{ struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; - u_int32_t num_flows; + u_int32_t num_flows; u_int32_t num_addr; /*to hold number of distinct IP addresses */ u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses */ addr_node *addr_tree; /* to hold distinct IP addresses */ @@ -116,14 +116,14 @@ struct port_stats { struct port_stats *srcStats = NULL, *dstStats = NULL; // struct to hold port based top statistics -struct top_stats { +struct top_stats { u_int32_t port; /* we'll use this field as the key */ char top_ip[48]; /*ip address that is contributed to > 95% of traffic*/ char proto[64]; /*application level protocol of top_ip */ u_int32_t num_pkts; float prcnt_pkt; /*percent of packets respect to total packets */ u_int32_t num_addr; /*to hold number of distinct IP addresses */ - u_int32_t num_flows; + u_int32_t num_flows; UT_hash_handle hh; /* makes this structure hashable */ }; @@ -833,7 +833,7 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { if(q != (addr_node *)0) { /* make new node */ *rootp = q; /* link new node to old */ strncpy(q->addr, key, sizeof(q->addr)); /* initialize new node */ - strncpy(q->proto, proto, sizeof(q->proto)); + strncpy(q->proto, proto, sizeof(q->proto)); q->count = UPDATED_TREE; q->left = q->right = (addr_node *)0; return q->count; @@ -873,24 +873,24 @@ void updateTopIpAddress(const char *addr, const char *proto, int count, struct i if(count == 0) return; - strncpy(pair.addr, addr, sizeof(pair.addr)); - strncpy(pair.proto, proto, sizeof(pair.proto)); + strncpy(pair.addr, addr, sizeof(pair.addr)); + strncpy(pair.proto, proto, sizeof(pair.proto)); pair.count = count; - + for(i=0; iport = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes, - s->num_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; + s->num_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); updateTopIpAddress(addr, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); - + s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); if(!s->addr_tree) return; @@ -941,7 +941,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, count = updateIpTree(addr, &(*s).addr_tree, proto); if(count == UPDATED_TREE) s->num_addr++; - + if(count) { s->cumulative_addr++; updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); @@ -970,13 +970,13 @@ static void deletePortsStats(struct port_stats *stats) { * @brief Ports stats */ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ + if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t sport, dport; char saddr[48], daddr[48]; char proto[48]; u_int16_t thread_id = *(int *)user_data; - + sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); strncpy(saddr, flow->src_name, sizeof(saddr)); strncpy(daddr, flow->dst_name, sizeof(daddr)); @@ -986,9 +986,9 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol, proto, sizeof(proto)); else - strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol),sizeof(proto)); - + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); } @@ -1204,7 +1204,7 @@ static void json_open_stats_file() { (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { printf("Error creating/opening file %s\n", _statsFilePath); stats_flag = 0; - } + } else file_first_time = 0; } @@ -1282,7 +1282,7 @@ static void deleteTopStats(struct top_stats *stats) { /* *********************************************** */ /** - * @brief Get port based top statistics + * @brief Get port based top statistics */ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_int64_t total_packet_count){ struct top_stats *s; @@ -1297,7 +1297,7 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ memset(s, 0, sizeof(struct top_stats)); s->port = sp->port; - s->num_pkts = sp->num_pkts; + s->num_pkts = sp->num_pkts; s->prcnt_pkt = (sp->num_pkts*100.0)/total_packet_count; s->num_addr = sp->num_addr; s->num_flows = sp->num_flows; @@ -1341,15 +1341,15 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); json_object_object_add(jObj_stat,"protocol",json_object_new_string(s->proto)); - + json_object_array_add(jArray_stats, jObj_stat); i++; if(i >= 10) break; } - } + } - json_object_object_add(*jObj_group, (direction == DIR_SRC) ? + json_object_object_add(*jObj_group, (direction == DIR_SRC) ? "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_stats); jArray_stats = json_object_new_array(); @@ -1372,7 +1372,7 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int if(i >= 10) break; } - json_object_object_add(*jObj_group, (direction == DIR_SRC) ? + json_object_object_add(*jObj_group, (direction == DIR_SRC) ? "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); } #endif @@ -1928,7 +1928,7 @@ static void pcap_process_packet(u_char *args, tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); printResults(tot_usec); - + for(i=0; iprefs.num_roots; i++) { ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); -- cgit v1.2.3 From 5570e6cbeebbccf1cb4890fc4845e882cf7759a8 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 3 Jun 2017 18:39:43 +0200 Subject: Fixed bug that was preventiv packets to be analyzed properly Fixed ARP stats calculation --- wireshark/ndpi.lua | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 934dad4c2..cc2f29a6d 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -265,7 +265,7 @@ function ndpi_proto.init() -- ARP arp_stats = { } - + -- MAC mac_stats = { } @@ -410,7 +410,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) -- run as on that step the packet is still undecoded -- The trick below avoids to process the packet twice - if(pinfo.visited == false) then return end + if(pinfo.visited == true) then return end num_pkts = num_pkts + 1 if((num_pkts > 1) and (pinfo.number == 1)) then return end @@ -803,11 +803,13 @@ local function arp_dialog_menu() local label = "" local _stats local found = false - + local tot_arp_pkts = 0 + _stats = {} for k,v in pairs(arp_stats) do if(k ~= "Broadcast") then _stats[k] = v.request_sent + v.request_rcvd + v.response_sent + v.response_rcvd + tot_arp_pkts = tot_arp_pkts + _stats[k] found = true end end @@ -819,7 +821,7 @@ local function arp_dialog_menu() i = 0 for k,v in pairsByValues(_stats, rev) do local s = arp_stats[k] - local pctg = formatPctg((v * 100) / last_processed_packet_number) + local pctg = formatPctg((v * 100) / tot_arp_pkts) local str = k .. "\t" .. v .. "\t" .. pctg .. "\t" .. "[sent: ".. (s.request_sent + s.response_sent) .. "][rcvd: ".. (s.request_rcvd + s.response_rcvd) .. "]\n" label = label .. str if(i == max_num_entries) then break else i = i + 1 end -- cgit v1.2.3 From 7bf508df0ad1ad1e2608ecbaaee906c8ead367a2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 5 Jun 2017 18:05:02 +0200 Subject: Improved ARP/VLAN stats --- wireshark/ndpi.lua | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index cc2f29a6d..fbf0a28d1 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -33,7 +33,10 @@ ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "nt ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) ntop_fds.appl_latency_rtt = ProtoField.new("Application Latency RTT (msec)", "ntop.latency.appl_rtt", ftypes.FLOAT, nil, base.NONE) --- local f_eth_trailer = Field.new("eth.trailer") +local f_vlan_id = Field.new("vlan.id") +local f_arp_opcode = Field.new("arp.opcode") +local f_arp_sender_mac = Field.new("arp.src.hw_mac") +local f_arp_target_mac = Field.new("arp.dst.hw_mac") local f_dns_query_name = Field.new("dns.qry.name") local f_dns_ret_code = Field.new("dns.flags.rcode") local f_dns_response = Field.new("dns.flags.response") @@ -374,9 +377,6 @@ function initARPEntry(mac) end function dissectARP(isRequest, src_mac, dst_mac) - local mac - - -- print(num_pkts) if(isRequest == 1) then -- ARP Request initARPEntry(src_mac) @@ -422,27 +422,23 @@ function ndpi_proto.dissector(tvb, pinfo, tree) -- print(num_pkts .. " / " .. pinfo.number .. " / " .. last_processed_packet_number) -- ############# ARP / VLAN ############# - local offset = 12 - local eth_proto = tostring(tvb(offset,2)) - - if(eth_proto == "8100") then - local vlan_id = BitAND(tonumber(tostring(tvb(offset+2,2))), 0xFFF) + local vlan_id = f_vlan_id() + if(vlan_id ~= nil) then + vlan_id = tonumber(getval(vlan_id)) if(vlan_stats[vlan_id] == nil) then vlan_stats[vlan_id] = 0 end vlan_stats[vlan_id] = vlan_stats[vlan_id] + 1 vlan_found = true end - while(eth_proto == "8100") do - offset = offset + 4 - eth_proto = tostring(tvb(offset,2)) - end - - if(eth_proto == "0806") then + local arp_opcode = f_arp_opcode() + + if(arp_opcode ~= nil) then -- ARP - local isRequest = tonumber(tvb(21,1)) - --print(eth_proto.." ["..tostring(pinfo.dl_src).." / ".. tostring(pinfo.dl_dst) .."] [" .. tostring(pinfo.src).." -> "..tostring(pinfo.dst).."]") - dissectARP(isRequest, tostring(pinfo.dl_src), tostring(pinfo.dl_dst)) + local isRequest = getval(arp_opcode) + local src_mac = getval(f_arp_sender_mac()) + local dst_mac = getval(f_arp_target_mac()) + dissectARP(isRequest, src_mac, dst_mac) else -- ############# 2 nDPI Dissection ############# @@ -458,7 +454,6 @@ function ndpi_proto.dissector(tvb, pinfo, tree) mac_stats[src_mac][src_ip] = 1 local pktlen = tvb:len() - -- local eth_trailer = f_eth_trailer() local magic = tostring(tvb(pktlen-28,4)) if(magic == "19680924") then -- cgit v1.2.3 From 984eedc5ea0c844cd73b3a10fe844845aaef7b32 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 6 Jun 2017 11:40:30 +0200 Subject: Code cleanup --- wireshark/ndpi.lua | 632 +++++++++++++++++++++++++++-------------------------- 1 file changed, 324 insertions(+), 308 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index fbf0a28d1..00740e3af 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -16,11 +16,12 @@ -- You should have received a copy of the GNU General Public License -- along with this program; if not, write to the Free Software Foundation, -- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. --- +-- local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") ndpi_proto.fields = {} -local ndpi_fds = ndpi_proto.fields + +local ndpi_fds = ndpi_proto.fields ndpi_fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) ndpi_fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) ndpi_fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) @@ -33,6 +34,7 @@ ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "nt ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) ntop_fds.appl_latency_rtt = ProtoField.new("Application Latency RTT (msec)", "ntop.latency.appl_rtt", ftypes.FLOAT, nil, base.NONE) +local f_eth_trailer = Field.new("eth.trailer") local f_vlan_id = Field.new("vlan.id") local f_arp_opcode = Field.new("arp.opcode") local f_arp_sender_mac = Field.new("arp.src.hw_mac") @@ -45,6 +47,7 @@ local f_tcp_header_len = Field.new("tcp.hdr_len") local f_ip_len = Field.new("ip.len") local f_ip_hdr_len = Field.new("ip.hdr_len") local f_ssl_server_name = Field.new("ssl.handshake.extensions_server_name") +local f_tcp_flags = Field.new('tcp.flags') local ndpi_protos = {} local ndpi_flows = {} @@ -135,36 +138,36 @@ end -- ############################################### string.split = function(s, p) - local temp = {} - local index = 0 - local last_index = string.len(s) - - while true do - local i, e = string.find(s, p, index) - - if i and e then - local next_index = e + 1 - local word_bound = i - 1 - table.insert(temp, string.sub(s, index, word_bound)) - index = next_index - else - if index > 0 and index <= last_index then - table.insert(temp, string.sub(s, index, last_index)) - elseif index == 0 then - temp = nil + local temp = {} + local index = 0 + local last_index = string.len(s) + + while true do + local i, e = string.find(s, p, index) + + if i and e then + local next_index = e + 1 + local word_bound = i - 1 + table.insert(temp, string.sub(s, index, word_bound)) + index = next_index + else + if index > 0 and index <= last_index then + table.insert(temp, string.sub(s, index, last_index)) + elseif index == 0 then + temp = nil + end + break end - break - end - end + end - return temp + return temp end -- ############################################## function shortenString(name, max_len) max_len = max_len or 24 - if(string.len(name) < max_len) then + if(string.len(name) < max_len) then return(name) else return(string.sub(name, 1, max_len).."...") @@ -268,7 +271,7 @@ function ndpi_proto.init() -- ARP arp_stats = { } - + -- MAC mac_stats = { } @@ -282,7 +285,7 @@ function ndpi_proto.init() -- SSL ssl_server_names = {} - + -- DNS dns_responses_ok = {} dns_responses_error = {} @@ -299,7 +302,7 @@ function ndpi_proto.init() -- Application Latency first_payload_ts = {} - first_payload_id = {} + first_payload_id = {} end function slen(str) @@ -402,26 +405,21 @@ end -- ############################################### -local field_tcp_flags = Field.new('tcp.flags') - --- the dissector function callback -function ndpi_proto.dissector(tvb, pinfo, tree) - -- Wireshark dissects the packet twice. We ignore the first - -- run as on that step the packet is still undecoded - -- The trick below avoids to process the packet twice - - if(pinfo.visited == true) then return end - - num_pkts = num_pkts + 1 - if((num_pkts > 1) and (pinfo.number == 1)) then return end +function arp_dissector(tvb, pinfo, tree) + local arp_opcode = f_arp_opcode() - if(last_processed_packet_number < pinfo.number) then - last_processed_packet_number = pinfo.number + if(arp_opcode ~= nil) then + -- ARP + local isRequest = getval(arp_opcode) + local src_mac = getval(f_arp_sender_mac()) + local dst_mac = getval(f_arp_target_mac()) + dissectARP(isRequest, src_mac, dst_mac) end +end - -- print(num_pkts .. " / " .. pinfo.number .. " / " .. last_processed_packet_number) +-- ############################################### - -- ############# ARP / VLAN ############# +function vlan_dissector(tvb, pinfo, tree) local vlan_id = f_vlan_id() if(vlan_id ~= nil) then vlan_id = tonumber(getval(vlan_id)) @@ -430,73 +428,63 @@ function ndpi_proto.dissector(tvb, pinfo, tree) vlan_stats[vlan_id] = vlan_stats[vlan_id] + 1 vlan_found = true end +end - local arp_opcode = f_arp_opcode() - - if(arp_opcode ~= nil) then - -- ARP - local isRequest = getval(arp_opcode) - local src_mac = getval(f_arp_sender_mac()) - local dst_mac = getval(f_arp_target_mac()) - dissectARP(isRequest, src_mac, dst_mac) - else - -- ############# 2 nDPI Dissection ############# +-- ############################################### - if(false) then - local srckey = tostring(pinfo.src) - local dstkey = tostring(pinfo.dst) - print("Processing packet "..pinfo.number .. "["..srckey.." / "..dstkey.."]") - end +function mac_dissector(tvb, pinfo, tree) + local src_mac = tostring(pinfo.dl_src) + local src_ip = tostring(pinfo.src) + if(mac_stats[src_mac] == nil) then mac_stats[src_mac] = {} end + mac_stats[src_mac][src_ip] = 1 +end - local src_mac = tostring(pinfo.dl_src) - local src_ip = tostring(pinfo.src) - if(mac_stats[src_mac] == nil) then mac_stats[src_mac] = {} end - mac_stats[src_mac][src_ip] = 1 - - local pktlen = tvb:len() - local magic = tostring(tvb(pktlen-28,4)) - - if(magic == "19680924") then - local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") - local network_protocol = tvb(pktlen-24,2) - local application_protocol = tvb(pktlen-22,2) - local name = tvb(pktlen-20,16) - local name_str = name:string(ENC_ASCII) - local ndpikey, srckey, dstkey, flowkey - - ndpi_subtree:add(ndpi_fds.network_protocol, network_protocol) - ndpi_subtree:add(ndpi_fds.application_protocol, application_protocol) - ndpi_subtree:add(ndpi_fds.name, name) - - local pname = ""..application_protocol - if(pname ~= "0000") then - -- Set protocol name in the wireshark protocol column (if not Unknown) - pinfo.cols.protocol = name_str - end +-- ############################################### - if(compute_flows_stats) then - ndpikey = tostring(slen(name_str)) +function ssl_dissector(tvb, pinfo, tree) + local ssl_server_name = f_ssl_server_name() + if(ssl_server_name ~= nil) then + ssl_server_name = getval(ssl_server_name) - if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end - ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len + if(ssl_server_names[ssl_server_name] == nil) then + ssl_server_names[ssl_server_name] = 0 + end - srckey = tostring(pinfo.src) - dstkey = tostring(pinfo.dst) + ssl_server_names[ssl_server_name] = ssl_server_names[ssl_server_name] + 1 + tot_ssl_flows = tot_ssl_flows + 1 + end +end - flowkey = srckey.." / "..dstkey.."\t["..ndpikey.."]" - if(ndpi_flows[flowkey] == nil) then - ndpi_flows[flowkey] = 0 - num_ndpi_flows = num_ndpi_flows + 1 +-- ############################################### - if(num_ndpi_flows > max_num_flows) then +function dns_dissector(tvb, pinfo, tree) + local dns_response = f_dns_response() + if(dns_response ~= nil) then + local dns_ret_code = f_dns_ret_code() + local dns_response = tonumber(getval(dns_response)) + local srckey = tostring(pinfo.src) + local dstkey = tostring(pinfo.dst) + local dns_query_name = f_dns_query_name() + dns_query_name = getval(dns_query_name) + + if(dns_response == 0) then + -- DNS Query + if(dns_client_queries[srckey] == nil) then dns_client_queries[srckey] = 0 end + dns_client_queries[srckey] = dns_client_queries[srckey] + 1 + + if(dns_query_name ~= nil) then + if(top_dns_queries[dns_query_name] == nil) then + top_dns_queries[dns_query_name] = 0 + num_top_dns_queries = num_top_dns_queries + 1 + + if(num_top_dns_queries > max_num_dns_queries) then -- We need to harvest the flow with least packets beside this new one - local tot_removed = 0 - - for k,v in pairsByValues(ndpi_flows, asc) do - if(k ~= flowkey) then + for k,v in pairsByValues(dns_client_queries, asc) do + if(k ~= dns_query_name) then table.remove(ndpi_flows, k) - num_ndpi_flows = num_ndpi_flows + 1 - if(num_ndpi_flows == (2*max_num_entries)) then + num_top_dns_queries = num_top_dns_queries - 1 + + if(num_top_dns_queries == (2*max_num_entries)) then break end end @@ -504,250 +492,278 @@ function ndpi_proto.dissector(tvb, pinfo, tree) end end - ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len + top_dns_queries[dns_query_name] = top_dns_queries[dns_query_name] + 1 end - end -- nDPI + else + -- DNS Response + if(dns_server_responses[srckey] == nil) then dns_server_responses[srckey] = 0 end + dns_server_responses[srckey] = dns_server_responses[srckey] + 1 - -- ########################################### + if(dns_ret_code ~= nil) then + dns_ret_code = getval(dns_ret_code) - local ssl_server_name = f_ssl_server_name() - if(ssl_server_name ~= nil) then - ssl_server_name = getval(ssl_server_name) + if((dns_query_name ~= nil) and (dns_ret_code ~= nil)) then + dns_ret_code = tonumber(dns_ret_code) - if(ssl_server_names[ssl_server_name] == nil) then - ssl_server_names[ssl_server_name] = 0 + if(debug) then print("[".. srckey .." -> ".. dstkey .."] "..dns_query_name.."\t"..dns_ret_code) end + + if(dns_ret_code == 0) then + if(dns_responses_ok[srckey] == nil) then dns_responses_ok[srckey] = 0 end + dns_responses_ok[srckey] = dns_responses_ok[srckey] + 1 + else + if(dns_responses_error[srckey] == nil) then dns_responses_error[srckey] = 0 end + dns_responses_error[srckey] = dns_responses_error[srckey] + 1 + end + end end + end + end +end - ssl_server_names[ssl_server_name] = ssl_server_names[ssl_server_name] + 1 - tot_ssl_flows = tot_ssl_flows + 1 +-- ############################################### + +function latency_dissector(tvb, pinfo, tree) + local _tcp_flags = f_tcp_flags() + local udp_len = f_udp_len() + + if((_tcp_flags ~= nil) or (udp_len ~= nil)) then + local key + local rtt_debug = false + local tcp_flags + local tcp_header_len + local ip_len + local ip_hdr_len + + if(udp_len == nil) then + tcp_flags = f_tcp_flags().value + tcp_header_len = f_tcp_header_len() + ip_len = f_ip_len() + ip_hdr_len = f_ip_hdr_len() end - - -- ########################################### - - local dns_response = f_dns_response() - if(dns_response ~= nil) then - local dns_ret_code = f_dns_ret_code() - local dns_response = tonumber(getval(dns_response)) - local srckey = tostring(pinfo.src) - local dstkey = tostring(pinfo.dst) - local dns_query_name = f_dns_query_name() - dns_query_name = getval(dns_query_name) - - if(dns_response == 0) then - -- DNS Query - if(dns_client_queries[srckey] == nil) then dns_client_queries[srckey] = 0 end - dns_client_queries[srckey] = dns_client_queries[srckey] + 1 - - if(dns_query_name ~= nil) then - if(top_dns_queries[dns_query_name] == nil) then - top_dns_queries[dns_query_name] = 0 - num_top_dns_queries = num_top_dns_queries + 1 - - if(num_top_dns_queries > max_num_dns_queries) then - -- We need to harvest the flow with least packets beside this new one - for k,v in pairsByValues(dns_client_queries, asc) do - if(k ~= dns_query_name) then - table.remove(ndpi_flows, k) - num_top_dns_queries = num_top_dns_queries - 1 - if(num_top_dns_queries == (2*max_num_entries)) then - break - end - end - end - end - end + if(((ip_len ~= nil) and (tcp_header_len ~= nil) and (ip_hdr_len ~= nil)) + or (udp_len ~= nil) + ) then + local payloadLen - top_dns_queries[dns_query_name] = top_dns_queries[dns_query_name] + 1 - end + if(udp_len == nil) then + ip_len = tonumber(getval(ip_len)) + tcp_header_len = tonumber(getval(tcp_header_len)) + ip_hdr_len = tonumber(getval(ip_hdr_len)) + + payloadLen = ip_len - tcp_header_len - ip_hdr_len else - -- DNS Response - if(dns_server_responses[srckey] == nil) then dns_server_responses[srckey] = 0 end - dns_server_responses[srckey] = dns_server_responses[srckey] + 1 + payloadLen = tonumber(getval(udp_len)) + end - if(dns_ret_code ~= nil) then - dns_ret_code = getval(dns_ret_code) + if(payloadLen > 0) then + local key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + local revkey = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) - if((dns_query_name ~= nil) and (dns_ret_code ~= nil)) then - dns_ret_code = tonumber(dns_ret_code) + if(first_payload_ts[revkey] ~= nil) then + local appl_latency = abstime_diff(pinfo.abs_ts, first_payload_ts[revkey]) * 1000 - if(debug) then print("[".. srckey .." -> ".. dstkey .."] "..dns_query_name.."\t"..dns_ret_code) end + if((appl_latency > 0) + -- The trick below is used to set only the first latency packet + and ((first_payload_id[revkey] == nil) or (first_payload_id[revkey] == pinfo.number)) + ) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + local server = getstring(pinfo.src) + if(rtt_debug) then print("==> Appl Latency @ "..pinfo.number..": "..appl_latency) end - if(dns_ret_code == 0) then - if(dns_responses_ok[srckey] == nil) then dns_responses_ok[srckey] = 0 end - dns_responses_ok[srckey] = dns_responses_ok[srckey] + 1 + ntop_subtree:add(ntop_fds.appl_latency_rtt, appl_latency) + first_payload_id[revkey] = pinfo.number + + if(min_appl_RRT[server] == nil) then + min_appl_RRT[server] = appl_latency else - if(dns_responses_error[srckey] == nil) then dns_responses_error[srckey] = 0 end - dns_responses_error[srckey] = dns_responses_error[srckey] + 1 + min_appl_RRT[server] = math.min(min_appl_RRT[server], appl_latency) end + + if(max_appl_RRT[server] == nil) then + max_appl_RRT[server] = appl_latency + else + max_appl_RRT[server] = math.max(max_appl_RRT[server], appl_latency) + end + + -- first_payload_ts[revkey] = nil end + else + if(first_payload_ts[key] == nil) then first_payload_ts[key] = pinfo.abs_ts end end end end - -- ########################################### - - local _tcp_flags = field_tcp_flags() - local udp_len = f_udp_len() - - if((_tcp_flags ~= nil) or (udp_len ~= nil)) then - local key - local rtt_debug = false - local tcp_flags - local tcp_header_len - local ip_len - local ip_hdr_len - - if(udp_len == nil) then - tcp_flags = field_tcp_flags().value - tcp_header_len = f_tcp_header_len() - ip_len = f_ip_len() - ip_hdr_len = f_ip_hdr_len() - end - - if(((ip_len ~= nil) and (tcp_header_len ~= nil) and (ip_hdr_len ~= nil)) - or (udp_len ~= nil) - ) then - local payloadLen - - if(udp_len == nil) then - ip_len = tonumber(getval(ip_len)) - tcp_header_len = tonumber(getval(tcp_header_len)) - ip_hdr_len = tonumber(getval(ip_hdr_len)) - - payloadLen = ip_len - tcp_header_len - ip_hdr_len - else - payloadLen = tonumber(getval(udp_len)) - end - - if(payloadLen > 0) then - local key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) - local revkey = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) - - if(first_payload_ts[revkey] ~= nil) then - local appl_latency = abstime_diff(pinfo.abs_ts, first_payload_ts[revkey]) * 1000 - - if((appl_latency > 0) - -- The trick below is used to set only the first latency packet - and ((first_payload_id[revkey] == nil) or (first_payload_id[revkey] == pinfo.number)) - ) then - local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") - local server = getstring(pinfo.src) - if(rtt_debug) then print("==> Appl Latency @ "..pinfo.number..": "..appl_latency) end - - ntop_subtree:add(ntop_fds.appl_latency_rtt, appl_latency) - first_payload_id[revkey] = pinfo.number - - if(min_appl_RRT[server] == nil) then - min_appl_RRT[server] = appl_latency - else - min_appl_RRT[server] = math.min(min_appl_RRT[server], appl_latency) - end - - if(max_appl_RRT[server] == nil) then - max_appl_RRT[server] = appl_latency - else - max_appl_RRT[server] = math.max(max_appl_RRT[server], appl_latency) - end + tcp_flags = tonumber(tcp_flags) + + if(tcp_flags == 2) then + -- SYN + key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + if(rtt_debug) then print("SYN @ ".. pinfo.abs_ts.." "..key) end + syn[key] = pinfo.abs_ts + elseif(tcp_flags == 18) then + -- SYN|ACK + key = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) + if(rtt_debug) then print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) end + synack[key] = pinfo.abs_ts + if(syn[key] ~= nil) then + local diff = abstime_diff(synack[key], syn[key]) * 1000 -- msec + + if(rtt_debug) then print("Server RTT --> ".. diff .. " msec") end + + if(diff <= max_latency_discard) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.server_nw_rtt, diff) + -- Do not delete the key below as it's used when a user clicks on a packet + -- syn[key] = nil + + local server = getstring(pinfo.src) + if(min_nw_server_RRT[server] == nil) then + min_nw_server_RRT[server] = diff + else + min_nw_server_RRT[server] = math.min(min_nw_server_RRT[server], diff) + end - -- first_payload_ts[revkey] = nil - end + if(max_nw_server_RRT[server] == nil) then + max_nw_server_RRT[server] = diff else - if(first_payload_ts[key] == nil) then first_payload_ts[key] = pinfo.abs_ts end + max_nw_server_RRT[server] = math.max(max_nw_server_RRT[server], diff) end end end - - - tcp_flags = tonumber(tcp_flags) - - if(tcp_flags == 2) then - -- SYN - key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) - if(rtt_debug) then print("SYN @ ".. pinfo.abs_ts.." "..key) end - syn[key] = pinfo.abs_ts - elseif(tcp_flags == 18) then - -- SYN|ACK - key = getstring(pinfo.dst).."_"..getstring(pinfo.dst_port).."_"..getstring(pinfo.src).."_"..getstring(pinfo.src_port) - if(rtt_debug) then print("SYN|ACK @ ".. pinfo.abs_ts.." "..key) end - synack[key] = pinfo.abs_ts - if(syn[key] ~= nil) then - local diff = abstime_diff(synack[key], syn[key]) * 1000 -- msec - - if(rtt_debug) then print("Server RTT --> ".. diff .. " msec") end - - if(diff <= max_latency_discard) then - local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") - ntop_subtree:add(ntop_fds.server_nw_rtt, diff) - -- Do not delete the key below as it's used when a user clicks on a packet - -- syn[key] = nil - - local server = getstring(pinfo.src) - if(min_nw_server_RRT[server] == nil) then - min_nw_server_RRT[server] = diff - else - min_nw_server_RRT[server] = math.min(min_nw_server_RRT[server], diff) - end + elseif(tcp_flags == 16) then + -- ACK + key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) + if(rtt_debug) then print("ACK @ ".. pinfo.abs_ts.." "..key) end - if(max_nw_server_RRT[server] == nil) then - max_nw_server_RRT[server] = diff - else - max_nw_server_RRT[server] = math.max(max_nw_server_RRT[server], diff) - end - end - end - elseif(tcp_flags == 16) then - -- ACK - key = getstring(pinfo.src).."_"..getstring(pinfo.src_port).."_"..getstring(pinfo.dst).."_"..getstring(pinfo.dst_port) - if(rtt_debug) then print("ACK @ ".. pinfo.abs_ts.." "..key) end + if(synack[key] ~= nil) then + local diff = abstime_diff(pinfo.abs_ts, synack[key]) * 1000 -- msec + if(rtt_debug) then print("Client RTT --> ".. diff .. " msec") end - if(synack[key] ~= nil) then - local diff = abstime_diff(pinfo.abs_ts, synack[key]) * 1000 -- msec - if(rtt_debug) then print("Client RTT --> ".. diff .. " msec") end + if(diff <= max_latency_discard) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.client_nw_rtt, diff) - if(diff <= max_latency_discard) then - local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") - ntop_subtree:add(ntop_fds.client_nw_rtt, diff) - - -- Do not delete the key below as it's used when a user clicks on a packet - synack[key] = nil - - local client = getstring(pinfo.src) - if(min_nw_client_RRT[client] == nil) then - min_nw_client_RRT[client] = diff - else - min_nw_client_RRT[client] = math.min(min_nw_client_RRT[client], diff) - end - - if(max_nw_client_RRT[client] == nil) then - max_nw_client_RRT[client] = diff - else - max_nw_client_RRT[client] = math.max(max_nw_client_RRT[client], diff) - end + -- Do not delete the key below as it's used when a user clicks on a packet + synack[key] = nil + + local client = getstring(pinfo.src) + if(min_nw_client_RRT[client] == nil) then + min_nw_client_RRT[client] = diff + else + min_nw_client_RRT[client] = math.min(min_nw_client_RRT[client], diff) + end + + if(max_nw_client_RRT[client] == nil) then + max_nw_client_RRT[client] = diff + else + max_nw_client_RRT[client] = math.max(max_nw_client_RRT[client], diff) end end end end + end +end + +-- the dissector function callback +function ndpi_proto.dissector(tvb, pinfo, tree) + -- Wireshark dissects the packet twice. We ignore the first + -- run as on that step the packet is still undecoded + -- The trick below avoids to process the packet twice - if(debug) then - local fields = { } - local _fields = { all_field_infos() } + if(pinfo.visited == true) then + local eth_trailer = f_eth_trailer() - -- fields['pinfo.number'] = pinfo.number + if(eth_trailer ~= nil) then + local eth_trailer = getval(eth_trailer) + local magic = string.sub(eth_trailer, 1, 11) - for k,v in pairs(_fields) do - local value = getstring(v) + if(magic == "19:68:09:24") then + local ndpikey, srckey, dstkey, flowkey + local elems = string.split(string.sub(eth_trailer, 12), ":") + local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") + local network_protocol = tonumber(elems[2]..elems[3], 16) -- 16 = HEX + local application_protocol = tonumber(elems[4]..elems[5], 16) -- 16 = HEX + local name = "" - if(value ~= nil) then - fields[v.name] = value + for i=6,21 do + name = name .. string.char(tonumber(elems[i], 16)) end - end - for k,v in pairs(fields) do - print(k.." = "..v) + ndpi_subtree:add(ndpi_fds.network_protocol, network_protocol) + ndpi_subtree:add(ndpi_fds.application_protocol, application_protocol) + ndpi_subtree:add(ndpi_fds.name, name) + + if(application_protocol ~= 0) then + -- Set protocol name in the wireshark protocol column (if not Unknown) + --pinfo.cols.protocol = name + print(network_protocol .. "/" .. application_protocol .. "/".. name) + end + + if(compute_flows_stats) then + ndpikey = tostring(slen(name)) + + if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end + ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len + + srckey = tostring(pinfo.src) + dstkey = tostring(pinfo.dst) + + flowkey = srckey.." / "..dstkey.."\t["..ndpikey.."]" + if(ndpi_flows[flowkey] == nil) then + ndpi_flows[flowkey] = 0 + num_ndpi_flows = num_ndpi_flows + 1 + + if(num_ndpi_flows > max_num_flows) then + -- We need to harvest the flow with least packets beside this new one + local tot_removed = 0 + + for k,v in pairsByValues(ndpi_flows, asc) do + if(k ~= flowkey) then + table.remove(ndpi_flows, k) + num_ndpi_flows = num_ndpi_flows + 1 + if(num_ndpi_flows == (2*max_num_entries)) then + break + end + end + end + end + end + + ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len + end end - end + end -- nDPI + + latency_dissector(tvb, pinfo, tree) end + + -- ########################################### + + -- As we do not need to add fields to the dissection + -- there is no need to process the packet multiple times + if(pinfo.visited == true) then return end + + num_pkts = num_pkts + 1 + if((num_pkts > 1) and (pinfo.number == 1)) then return end + + if(last_processed_packet_number < pinfo.number) then + last_processed_packet_number = pinfo.number + end + + -- print(num_pkts .. " / " .. pinfo.number .. " / " .. last_processed_packet_number) + + if(false) then + local srckey = tostring(pinfo.src) + local dstkey = tostring(pinfo.dst) + print("Processing packet "..pinfo.number .. "["..srckey.." / "..dstkey.."]") + end + + mac_dissector(tvb, pinfo, tree) + arp_dissector(tvb, pinfo, tree) + vlan_dissector(tvb, pinfo, tree) + ssl_dissector(tvb, pinfo, tree) + dns_dissector(tvb, pinfo, tree) end register_postdissector(ndpi_proto) @@ -799,7 +815,7 @@ local function arp_dialog_menu() local _stats local found = false local tot_arp_pkts = 0 - + _stats = {} for k,v in pairs(arp_stats) do if(k ~= "Broadcast") then @@ -1036,18 +1052,18 @@ local function ssl_dialog_menu() if(tot_ssl_flows > 0) then i = 0 label = label .. "SSL Server\t\t\t\t# Flows\n" - for k,v in pairsByValues(ssl_server_names, rev) do + for k,v in pairsByValues(ssl_server_names, rev) do local pctg - + v = tonumber(v) - pctg = formatPctg((v * 100) / tot_ssl_flows) + pctg = formatPctg((v * 100) / tot_ssl_flows) label = label .. string.format("%-32s", shortenString(k,32)).."\t"..v.." [".. pctg.." %]\n" if(i == 50) then break else i = i + 1 end end else label = "No SSL server certificates detected" end - + win:set(label) win:add_button("Clear", function() win:clear() end) end -- cgit v1.2.3 From 9a4634adbbf360790086e6b9fd87eb4758dc972b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 6 Jun 2017 21:22:46 +0200 Subject: Fixes for latency calculation --- wireshark/ndpi.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 00740e3af..f9db38411 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -91,7 +91,8 @@ local first_payload_id = {} local num_pkts = 0 local last_processed_packet_number = 0 -local max_latency_discard = 5000 -- 5 sec +local max_latency_discard = 5000 -- 5 sec +local max_appl_lat_discard = 15000 -- 15 sec local debug = false -- ############################################## @@ -301,6 +302,12 @@ function ndpi_proto.init() max_nw_server_RRT = {} -- Application Latency + min_nw_client_RRT = {} + min_nw_server_RRT = {} + max_nw_client_RRT = {} + max_nw_server_RRT = {} + min_appl_RRT = {} + max_appl_RRT = {} first_payload_ts = {} first_payload_id = {} end @@ -563,7 +570,7 @@ function latency_dissector(tvb, pinfo, tree) if(first_payload_ts[revkey] ~= nil) then local appl_latency = abstime_diff(pinfo.abs_ts, first_payload_ts[revkey]) * 1000 - if((appl_latency > 0) + if((appl_latency > 0) and (appl_latency < max_appl_lat_discard) -- The trick below is used to set only the first latency packet and ((first_payload_id[revkey] == nil) or (first_payload_id[revkey] == pinfo.number)) ) then -- cgit v1.2.3 From 1467ad68d4077ea440be81bfa19c7032695c5a94 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Wed, 7 Jun 2017 11:18:38 +0200 Subject: Remove unused variables for ndpiReader.c and tinc.c --- example/ndpiReader.c | 1 - src/lib/protocols/tinc.c | 2 -- 2 files changed, 3 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 142c1d5d1..337110d32 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1288,7 +1288,6 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ struct top_stats *s; struct port_stats *sp, *tmp; struct info_pair inf; - float pkt_burst; u_int64_t total_ip_addrs = 0; /* stats are ordered by packet number */ diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index b25aff2e7..a69d18759 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -29,8 +29,6 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st struct ndpi_packet_struct *packet = &flow->packet; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - struct ndpi_id_struct *src = flow->src; - struct ndpi_id_struct *dst = flow->dst; if(packet->udp != NULL) { if(ndpi_struct->tinc_cache != NULL) { -- cgit v1.2.3 From 9c4a446c76d5c17a2881f2bc7e3e9489ed5851e3 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Wed, 7 Jun 2017 13:14:37 +0200 Subject: Use flag %d to print signed integers in ndpiReader. --- example/ndpiReader.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 337110d32..6d5f5d5ee 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -310,9 +310,9 @@ void extcap_config() { struct ndpi_proto_sorter *protos; /* -i */ - printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" + printf("arg {number=%d}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); - printf("arg {number=%u}{call=-i}{display=Pcap File to Analyze}{type=fileselect}" + printf("arg {number=%d}{call=-i}{display=Pcap File to Analyze}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); setupDetection(0, NULL); @@ -328,13 +328,13 @@ void extcap_config() { qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); - printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" + printf("arg {number=%d}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) - printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id, + printf("value {arg=%d}{value=%d}{display=%s (%d)}\n", argidx, protos[i].id, protos[i].name, protos[i].id); free(protos); -- cgit v1.2.3 From 39dc99443cf60c2daa859d77c59b811a4aad4243 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 7 Jun 2017 18:18:12 +0200 Subject: added GoogleDrive detection --- src/include/ndpi_protocol_ids.h | 93 ++++++++++++++++++++-------------------- src/lib/ndpi_content_match.c.inc | 11 +++-- src/lib/ndpi_main.c | 1 - 3 files changed, 54 insertions(+), 51 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 4fce98b14..c32613777 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -159,71 +159,71 @@ #define NDPI_PROTOCOL_TWITTER 120 #define NDPI_PROTOCOL_DROPBOX 121 #define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 #define NDPI_PROTOCOL_YOUTUBE 124 #define NDPI_PROTOCOL_SKYPE 125 #define NDPI_PROTOCOL_GOOGLE 126 #define NDPI_PROTOCOL_DCERPC 127 #define NDPI_PROTOCOL_NETFLOW 128 #define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_CITRIX 132 +#define NDPI_PROTOCOL_NETFLIX 133 +#define NDPI_PROTOCOL_LASTFM 134 +#define NDPI_PROTOCOL_WAZE 135 #define NDPI_PROTOCOL_SKYFILE_PREPAID 136 #define NDPI_PROTOCOL_SKYFILE_RUDICS 137 #define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 #define NDPI_PROTOCOL_CITRIX_ONLINE 139 -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 +#define NDPI_PROTOCOL_APPLE 140 +#define NDPI_PROTOCOL_WEBEX 141 +#define NDPI_PROTOCOL_WHATSAPP 142 #define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 +#define NDPI_PROTOCOL_VIBER 144 #define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 +#define NDPI_PROTOCOL_RADIUS 146 #define NDPI_PROTOCOL_WINDOWS_UPDATE 147 #define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 +#define NDPI_PROTOCOL_TUENTI 149 #define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 +#define NDPI_PROTOCOL_SAP 151 +#define NDPI_PROTOCOL_GTP 152 +#define NDPI_PROTOCOL_UPNP 153 +#define NDPI_PROTOCOL_LLMNR 154 #define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_CONTENT_WEBM 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SPOTIFY 156 +#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ +#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ +#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ #define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ +#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ #define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ #define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MS_LYNC 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_COLLECTD 171 +#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MS_LYNC 173 +#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 +#define NDPI_PROTOCOL_ZMQ 177 +#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ +#define NDPI_PROTOCOL_REDIS 182 +#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_VHUA 184 +#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ +#define NDPI_PROTOCOL_VEVO 186 +#define NDPI_PROTOCOL_PANDORA 187 #define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 @@ -256,8 +256,7 @@ #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 #define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -/* 217 is free */ -#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 #define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 9072fab19..dd0a21ae2 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7990,11 +7990,16 @@ ndpi_protocol_match host_match[] = { { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ + { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8013,8 +8018,8 @@ ndpi_protocol_match host_match[] = { { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ef6393877..810485149 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1628,7 +1628,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); /* calling function for host and content matched protocols */ -- cgit v1.2.3 From 05912a49ae7cfeab2b050a6228012df245cced33 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 01:15:11 +0200 Subject: fixed 1kxun application protocol to avoid false positive in udp detection --- src/include/ndpi_protocols.h | 2 - src/lib/Makefile.am | 1 - src/lib/ndpi_main.c | 14 +++---- src/lib/protocols/http.c | 24 ++++++----- src/lib/protocols/kxun.c | 98 -------------------------------------------- 5 files changed, 20 insertions(+), 119 deletions(-) delete mode 100644 src/lib/protocols/kxun.c diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index c0bce974e..f1d34f75e 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -194,7 +194,6 @@ void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndp void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -void ndpi_search_kxun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ @@ -338,7 +337,6 @@ void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); -void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index d3bd19264..375e9ce48 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -67,7 +67,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/kakaotalk_voice.c \ protocols/kerberos.c \ protocols/kontiki.c \ - protocols/kxun.c \ protocols/ldap.c \ protocols/lotus_notes.c \ protocols/mail_imap.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 810485149..53c2b9d59 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1596,11 +1596,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, - no_master, - no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + /* ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, */ + /* no_master, */ + /* no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, */ + /* ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /\* TCP *\/ */ + /* ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /\* UDP *\/ */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, @@ -2711,8 +2711,8 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BJNP */ init_bjnp_dissector(ndpi_struct, &a, detection_bitmask); - /* 1KXUN */ - init_kxun_dissector(ndpi_struct, &a, detection_bitmask); + /* /\* 1KXUN *\/ */ + /* init_kxun_dissector(ndpi_struct, &a, detection_bitmask); */ /* SMPP */ init_smpp_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 44ca32cb4..35e67a54d 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -39,14 +39,13 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd ndpi_search_tcp_or_udp(ndpi_struct, flow); /* If no custom protocol has been detected */ - /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ { - if(protocol == NDPI_PROTOCOL_HTTP) { - ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); - } else - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); - } - + /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ + if(protocol == NDPI_PROTOCOL_HTTP) { + ndpi_int_reset_protocol(flow); + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); + } else + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); + flow->http_detected = 1; } } @@ -199,11 +198,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* PPStream */ if(flow->l4.tcp.ppstream_stage > 0 && iqiyi_counter == 0) { NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "PPStream found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); + /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_HTTP); } else if(iqiyi_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); + /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_HTTP); } #endif @@ -211,7 +212,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* 1KXUN */ if(kxun_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); + /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_HTTP); } #endif diff --git a/src/lib/protocols/kxun.c b/src/lib/protocols/kxun.c deleted file mode 100644 index d78e77a1a..000000000 --- a/src/lib/protocols/kxun.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * kxun.c - * - * Copyright (C) 2016 - ntop.org - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ -#include "ndpi_protocols.h" - -#ifdef NDPI_PROTOCOL_1KXUN - - -static void ndpi_int_kxun_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_UNKNOWN); -} - - -void ndpi_search_kxun(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - /* 1KXUN over TCP is detected inside HTTP dissector */ - - /* check 1KXUN over UDP */ - if(packet->udp != NULL) { - /* check ipv6 */ - if(packet->iphv6 != NULL) { - if(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == 0x2ff && - packet->payload_packet_len == 329) { - if(packet->payload[0] == 0xff && - packet->payload[1] == 0x0f && - packet->payload[4] == 0xa0 && - packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, - "found 1kxun over udp.\n"); - ndpi_int_kxun_add_connection(ndpi_struct, flow); - return; - } - } - } - else if(packet->iph != NULL) { - if(packet->iph->daddr == 0xffffffff) { - if(packet->payload_packet_len == 40 && - packet->payload[8] == 0x41 && - packet->payload[9] == 0x41 && - packet->payload[10] == 0x42) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, - "found 1kxun over udp.\n"); - ndpi_int_kxun_add_connection(ndpi_struct, flow); - return; - } - if(packet->payload_packet_len == 317 && - packet->payload[0] == 0xff && - packet->payload[1] == 0xff && - packet->payload[4] == 0xa0 && - packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, - "found 1kxun over udp.\n"); - ndpi_int_kxun_add_connection(ndpi_struct, flow); - return; - } - } - } - } - /* EXCLUDE 1KXUN */ - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude 1kxun.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_1KXUN); -} - - -void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("1kxun", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_1KXUN, - ndpi_search_kxun, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - -#endif -- cgit v1.2.3 From 88d47399b5db59e75f1515dc34bf8416c79fb0b6 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 01:18:41 +0200 Subject: updated results --- src/lib/ndpi_main.c | 8 -- tests/result/1kxun.pcap.out | 252 +++++++++++++++++++++---------------------- tests/result/pps.pcap.out | 12 +-- tests/result/wechat.pcap.out | 7 +- 4 files changed, 136 insertions(+), 143 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 53c2b9d59..9c6432de0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1596,11 +1596,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - /* ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, */ - /* no_master, */ - /* no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, */ - /* ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /\* TCP *\/ */ - /* ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /\* UDP *\/ */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, @@ -2711,9 +2706,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BJNP */ init_bjnp_dissector(ndpi_struct, &a, detection_bitmask); - /* /\* 1KXUN *\/ */ - /* init_kxun_dissector(ndpi_struct, &a, detection_bitmask); */ - /* SMPP */ init_smpp_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 1860121c9..6cbdc3f69 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,4 +1,4 @@ -Unknown 9 2428 7 +Unknown 24 6428 14 DNS 2 378 1 HTTP 5 324 2 MDNS 1 82 1 @@ -13,137 +13,137 @@ Facebook 19 6840 2 Google 3 176 1 LLMNR 89 6799 47 Lync 2 132 1 -1kxun 967 535718 28 +1kxun 952 531718 21 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] 3 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] 4 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 5 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 6 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes -> 0 pkts/0 bytes] - 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] - 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] - 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] - 10 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 11 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] - 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] - 13 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] - 15 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] - 18 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] - 19 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 20 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 21 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] - 23 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 24 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] - 27 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 29 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 31 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] - 33 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] - 34 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 38 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes -> 0 pkts/0 bytes] - 40 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes -> 0 pkts/0 bytes] - 41 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] - 43 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 44 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] - 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] - 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] - 47 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] - 49 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] - 50 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] - 51 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] - 52 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] - 53 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 54 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] - 55 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes -> 0 pkts/0 bytes] - 56 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] - 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] - 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] - 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] - 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] - 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] - 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] - 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] - 66 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 67 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] - 68 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 69 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 70 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] - 71 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 72 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] - 73 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] - 74 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] - 75 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] - 76 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] - 78 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] - 79 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 80 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 81 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 82 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 83 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] - 84 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 85 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 86 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 90 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 91 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 92 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 93 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] - 94 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 95 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 96 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] - 97 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] - 98 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 99 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 100 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 101 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 102 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 103 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] - 104 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 105 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] - 107 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] - 108 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 109 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 110 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] - 111 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 112 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] - 114 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] - 115 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] - 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] - 119 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] - 120 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] - 121 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] - 122 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 6 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] + 7 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] + 8 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] + 9 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 10 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] + 11 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] + 12 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 13 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] + 14 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 16 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] + 17 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] + 18 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 19 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 20 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] + 22 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 23 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 25 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] + 26 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 28 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 30 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 31 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] + 32 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] + 33 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 36 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 37 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] + 38 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 39 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] + 41 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] + 42 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 43 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] + 44 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] + 45 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] + 46 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] + 47 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] + 48 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 49 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] + 50 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 51 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] + 52 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 53 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] + 54 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] + 55 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] + 56 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] + 57 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] + 58 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] + 59 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] + 60 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 61 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 63 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 64 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] + 65 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 66 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] + 72 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] + 73 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 74 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 75 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 76 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 77 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 79 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 80 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 81 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 82 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 83 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 84 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 85 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 86 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 87 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] + 88 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 89 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 90 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] + 91 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] + 92 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 93 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 94 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 95 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 96 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 97 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 99 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 100 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 101 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] + 102 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 103 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 104 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] + 105 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 106 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] + 107 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] + 108 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 110 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] + 111 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] + 112 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] + 113 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] + 114 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] + 115 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] Undetected flows: - 1 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] - 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] - 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] - 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] - 6 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][5 pkts/1795 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][1 pkts/359 bytes -> 0 pkts/0 bytes] + 7 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 8 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] + 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 11 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] + 12 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] + 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index bee502be8..9be4adae9 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,11 +1,11 @@ Unknown 990 378832 34 -HTTP 12 4427 6 +HTTP 3 174 2 SSDP 62 17013 9 Google 2 1093 1 UPnP 1 130 1 -iQIYI 1490 1845116 56 +iQIYI 1499 1849369 60 - 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes -> 0 pkts/0 bytes] + 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7.206/HTTP.iQIYI][1 pkts/347 bytes -> 0 pkts/0 bytes] 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] @@ -14,7 +14,7 @@ iQIYI 1490 1845116 56 7 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] 8 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 9 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes -> 0 pkts/0 bytes] + 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7.206/HTTP.iQIYI][1 pkts/199 bytes -> 0 pkts/0 bytes] 11 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 12 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 13 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] @@ -46,7 +46,7 @@ iQIYI 1490 1845116 56 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes -> 0 pkts/0 bytes] + 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7.206/HTTP.iQIYI][2 pkts/398 bytes -> 0 pkts/0 bytes] 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] @@ -72,7 +72,7 @@ iQIYI 1490 1845116 56 65 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] 66 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes -> 0 pkts/0 bytes] 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes -> 0 pkts/0 bytes] - 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.206/HTTP.iQIYI][4 pkts/2953 bytes <-> 1 pkts/356 bytes] 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 1f80e3df1..426f79c1e 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -8,9 +8,10 @@ DHCP 1 342 1 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -Google 128 29925 17 +Google 113 24811 15 LLMNR 12 944 6 WeChat 1277 615827 51 +GoogleDrive 15 5114 2 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] @@ -50,7 +51,7 @@ WeChat 1277 615827 51 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.217/QUIC.GoogleDrive][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] @@ -88,7 +89,7 @@ WeChat 1277 615827 51 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com] 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com] 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.217/DNS.GoogleDrive][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] -- cgit v1.2.3 From e0366a99653debd29d57aae3ac81a0559a5434fb Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 13:15:09 +0200 Subject: improved whatsapp and wechat detection by new ip-ranges --- src/lib/ndpi_content_match.c.inc | 21 +++++++++++++++++---- tests/result/Viber_session.pcap.out | 5 +++-- tests/result/viber_mobile.pcap.out | 6 +++--- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dd0a21ae2..077a04ff0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -74,21 +74,34 @@ static ndpi_network host_protocol_list[] = { /* WhatsApp Inc. - 169.47.35.32 - 169.47.35.63 */ + { 0x3216C6CC /* 50.22.198.204/30 */, 30, NDPI_PROTOCOL_WHATSAPP }, + { 0x4B7E2720 /* 75.126.39.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0x6CA8B460 /* 108.168.180.96/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0x9E553A00 /* 158.85.58.0/25 */, 25, NDPI_PROTOCOL_WHATSAPP }, + { 0x9E55FE40 /* 158.85.254.64/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA93743E0 /* 169.55.67.224/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA93764A0 /* 169.55.100.160/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA937EBA0 /* 169.55.235.160/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xADC0A220 /* 173.192.162.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xB8AD8840 /* 184.173.136.64/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xB93CDA35 /* 185.60.218.53/32 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xC60BFB20 /* 198.11.251.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xD02B73C0 /* 208.43.115.192/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xD02B7A80 /* 208.43.122.128/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* WeChat - 203.205.147.171 - 203.205.147.173 - 203.205.151.162 + origin AS132203, AS132591, AS45090 */ { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, /* OpenDNS, LLC diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 11b958080..88d9589a3 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -2,18 +2,19 @@ Unknown 163 9995 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 80 7703 8 +SSL 75 7291 7 Facebook 29 3944 2 Dropbox 1 97 1 GMail 21 1891 1 Google 50 4084 5 +WhatsApp 5 412 1 Viber 4163 392492 4 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/389 bytes <-> 5 pkts/368 bytes] 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/428 bytes <-> 4 pkts/264 bytes] 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][2 pkts/157 bytes <-> 3 pkts/255 bytes] + 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][14 pkts/1058 bytes <-> 9 pkts/2287 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index e761e520c..097363152 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -4,12 +4,12 @@ HTTP 43 4771 7 BitTorrent 57 13074 27 SSL_No_Cert 36 5874 1 ICMP 3 370 2 -SSL 79 21658 7 +SSL 72 21126 6 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 Google 76 17175 8 -WhatsApp 31 6224 2 +WhatsApp 38 6756 3 Viber 10081 1413446 4 Amazon 8 528 1 @@ -18,7 +18,7 @@ Amazon 8 528 1 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][1 pkts/75 bytes <-> 1 pkts/166 bytes][Host: mail.google.com] 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] -- cgit v1.2.3 From af3086fb82e4c4622e10370ab092822e55fb6716 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 13:22:58 +0200 Subject: add check for whatsapp in ssl --- src/lib/protocols/ssl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 94f3ad7e3..5860abed7 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -595,6 +595,11 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (packet->payload[3] <= 9))) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); return; + } else if((packet->payload_packet_len == 4) + && (packet->payload[0] == 'W') + && (packet->payload[1] == 'A')){ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + return; } else { /* No whatsapp, let's try SSL */ if(sslDetectProtocolFromCertificate(ndpi_struct, flow) > 0) -- cgit v1.2.3 From d9bef8fa46752bf97c0c0fe103f050ed3b0f3653 Mon Sep 17 00:00:00 2001 From: MaYuming Date: Tue, 13 Jun 2017 17:17:19 +0800 Subject: fix ms-lync detection missing, More detail at https://github.com/ntop/nDPI/issues/401 --- src/lib/protocols/stun.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index caebeb066..421ed5d75 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -53,7 +53,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int16_t msg_type, msg_len; struct stun_packet_header *h = (struct stun_packet_header*)payload; u_int8_t can_this_be_whatsapp_voice = 1; - + + if(payload_length < sizeof(struct stun_packet_header)) { if(flow->num_stun_udp_pkts > 0) { *is_whatsapp = 1; @@ -73,8 +74,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((payload[0] != 0x80) && ((msg_len+20) > payload_length)) return(NDPI_IS_NOT_STUN); - /* printf("msg_type=%04X, msg_len=%u\n", msg_type, msg_len); */ - if((payload_length == (msg_len+20)) && ((msg_type <= 0x000b) /* http://www.3cx.com/blog/voip-howto/stun-details/ */)) { u_int offset = 20; @@ -99,7 +98,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) - && (payload[offset+4] == 0x31) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -252,7 +250,6 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ - if(packet->payload_packet_len >= 2 + 20 && ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) { @@ -261,9 +258,16 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found TCP stun.\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_STUN, flow); - return; + if(is_lync) { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + } else { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + ndpi_int_stun_add_connection(ndpi_struct, + is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); + } + + return; } } } @@ -293,7 +297,7 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); -- cgit v1.2.3 From f3f83f2eee0eaf4301670c07d3b5cdfe36a09f58 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 13 Jun 2017 14:48:59 +0200 Subject: Adding AppleStore and PlayStore (work in progress) --- src/include/ndpi_protocol_ids.h | 10 +++------- src/include/ndpi_typedefs.h | 1 + src/lib/ndpi_content_match.c.inc | 13 ++++++++++--- src/lib/ndpi_main.c | 6 +++--- 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c32613777..f1ba9d4a3 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -255,25 +255,21 @@ #define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 #define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ - #define NDPI_PROTOCOL_GOOGLE_DRIVE 217 - #define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 #define NDPI_PROTOCOL_MQTT 222 #define NDPI_PROTOCOL_RX 223 - -/* 224 is free */ -#define NDPI_PROTOCOL_FREE_224 224 - +#define NDPI_PROTOCOL_APPLESTORE 224 #define NDPI_PROTOCOL_OPENDNS 225 #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTORE #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0bede5cb2..c10101d42 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -762,6 +762,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM, /* System level applications */ + NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 077a04ff0..a1a501edf 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7983,7 +7983,12 @@ ndpi_protocol_match host_match[] = { { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ + { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ + { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, @@ -8013,6 +8018,9 @@ ndpi_protocol_match host_match[] = { { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8025,7 +8033,6 @@ ndpi_protocol_match host_match[] = { { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8144,8 +8151,8 @@ ndpi_protocol_match host_match[] = { { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9c6432de0..b721b98cd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1622,9 +1622,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); -/* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); - /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -4493,6 +4490,9 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED: return("Unspecified"); break; + case NDPI_PROTOCOL_CATEGORY_SW_UPDATE: + return("SoftwareUpdate"); + break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); break; -- cgit v1.2.3 From c46af1291a066d8ef2855b172444d55de4eecee2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 13 Jun 2017 15:06:27 +0200 Subject: Improved AppleStore detection Modified string search matching to match the longest match (and not the first one) --- src/lib/ndpi_content_match.c.inc | 14 +++++++++----- src/lib/ndpi_main.c | 19 ++++++++++++------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index a1a501edf..528bf84a5 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -91,7 +91,7 @@ static ndpi_network host_protocol_list[] = { { 0xC60BFB20 /* 198.11.251.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xD02B73C0 /* 208.43.115.192/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xD02B7A80 /* 208.43.122.128/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, - + /* WeChat @@ -859,7 +859,7 @@ static ndpi_network host_protocol_list[] = { { 0xAC100010 /* 172.16.0.16/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, - + /* Tor @@ -7987,6 +7987,10 @@ ndpi_protocol_match host_match[] = { { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ + { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, @@ -8020,7 +8024,7 @@ ndpi_protocol_match host_match[] = { { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8096,7 +8100,7 @@ ndpi_protocol_match host_match[] = { { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8308,7 +8312,7 @@ ndpi_protocol_match content_match[] = { - www.fgd2iwya7vinfutj5wq5we.net See also DGA (Domain Generation Algorithm) - + In essence www..com|net To do things properly we should check if host name in the certificate diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b721b98cd..52a7d7222 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1637,11 +1637,14 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp static int ac_match_handler(AC_MATCH_t *m, void *param) { int *matching_protocol_id = (int*)param; - /* Stopping to the first match. We might consider searching - * for the more specific match, paying more cpu cycles. */ + /* + Return 1 for stopping to the first match. + We might consider searching for the more + specific match, paying more cpu cycles. + */ *matching_protocol_id = m->patterns[0].rep.number; - return 1; /* 0 to continue searching, !0 to stop */ + return 0; /* 0 to continue searching, !0 to stop */ } /* ******************************************************************** */ @@ -4615,9 +4618,9 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { - return str_len <= payload_len - ? memcmp(payload, str, str_len) == 0 - : 0; + int rc = str_len <= payload_len ? memcmp(payload, str, str_len) == 0 : 0; + + return rc; } /* ****************************************************** */ @@ -4628,7 +4631,8 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - + int rc; + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { @@ -4638,6 +4642,7 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); + ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); return(matching_protocol_id); -- cgit v1.2.3 From ef1a84fb39ddd8163d4824d8893145dc60ed6a56 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Wed, 10 May 2017 17:23:23 +0300 Subject: ndpi someip initial version with hardcoded port enforcing --- src/include/ndpi_protocol_ids.h | 3 + src/include/ndpi_protocols.h | 2 + src/lib/ndpi_main.c | 8 ++ src/lib/protocols/SOMEIP.c | 229 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 242 insertions(+) create mode 100644 src/lib/protocols/SOMEIP.c diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index f1ba9d4a3..cf474eefa 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -268,6 +268,9 @@ #define NDPI_PROTOCOL_DRDA 227 #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ +#define NDPI_PROTOCOL_SOMEIP 228 + + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTORE diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index f1d34f75e..2ac9485ab 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -190,6 +190,7 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct *ndpi_struct, str void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -332,6 +333,7 @@ void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 52a7d7222..c18723c87 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1571,6 +1571,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, + no_master, + no_master, "SOME/IP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, no_master, no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, @@ -2691,6 +2696,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* MQTT */ init_mqtt_dissector(ndpi_struct, &a, detection_bitmask); + /* MQTT */ + init_someip_dissector(ndpi_struct, &a, detection_bitmask); + /* RX */ init_rx_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c new file mode 100644 index 000000000..84fdfada7 --- /dev/null +++ b/src/lib/protocols/SOMEIP.c @@ -0,0 +1,229 @@ +/* + * SOMEIP.c + * + * Copyright (C) 2016 Sorin Zamfir + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your omessage_typeion) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_SOMEIP + +/** + * The type of control messages in mqtt version 3.1.1 + * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 + */ +enum SOMEIP_MESSAGE_TYPES { + REQUEST = 0x00, + REQUEST_NO_RETURN = 0x01, + NOTIFICATION = 0x02, + REQUEST_ACK = 0x40, + REQUEST_NO_RETURN_ACK = 0x41, + NOTIFICATION_ACK = 0x42, + RESPONSE = 0x80, + ERROR = 0x81, + RESPONSE_ACK = 0xc0, + ERROR_ACK = 0xc1 +}; + +enum SOMEIP_RETURN_CODES { + E_OK = 0x00, + E_NOT_OK = 0x01, + E_UNKNOWN_SERVICE = 0x02, + E_UNKNOWN_METHOD = 0x03, + E_NOT_READY = 0x04, + E_NOT_REACHABLE = 0x05, + E_TIMEOUT = 0x06, + E_WRONG_PROTOCOL_VERSION = 0x07, + E_WRONG_INTERFACE_VERSION = 0x08, + E_MALFORMED_MESSAGE = 0x09, + E_WRONG_MESSAGE_TYPE = 0x0a +}; + +enum SPECIAL_MESSAGE_IDS { + MSG_MAGIC_COOKIE = 0xffff0000, + MSG_MAGIC_COOKIE_ACK = 0xffff8000, + MSG_SD = 0xffff8100 +}; + + +/** + * Entry point when protocol is identified. + */ +static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); +} + +/** + * Dissector function that searches SOME/IP headers + */ +void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + + //####Maybe check carrier protocols?#### + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + struct ndpi_packet_struct *packet = &flow->packet; + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { + return; + } + /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); + if (flow->packet_counter > 10) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + ####This block drops flows with over 10 packets. Why? Probably just an auto-drop in case nothing else catches it. Necessary for SOME/IP? Good question.#### + */ + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Service ID: %02x%02x%02x%02x [len: %u]\n", + packet->payload[3], packet->payload[2], packet->payload[1], packet->payload[0], packet->payload_packet_len); + //####I switched the endianity on these since the Message ID is 32 bit. Might be a wrong move?#### + if (packet->payload_packet_len < 16) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + /*if (packet->payload_packet_len > 258) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. maximum packet size exceeded!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + ####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### + */ + + + + // we extract the remaining length + u_int32_t someip_len = (u_int32_t) (packet->payload[4]+(packet->payload[5]<<8)+(packet->payload[6]<<16)+(packet->payload[7]<<24)); + if (packet->payload_packet_len != (someip_len + 8)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + + // check protocol version. ####CHECK IF ENDIANITY IS CORRECT#### + u_int8_t protocol_version = (u_int8_t) (packet->payload[15]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + if (protocol_version != 0x01){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + //####Read Interface Version, for later use. CHECK IF ENDIANITY IS CORRECT#### + u_int8_t interface_version = (packet->payload[14]); + + + // we extract the message type. ####CHECK IF ENDIANITY IS CORRECT#### + u_int8_t message_type = (u_int8_t) (packet->payload[13]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && + (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + // we extract the return code. ####CHECK IF ENDIANITY IS CORRECT#### + u_int8_t return_code = (u_int8_t) (packet->payload[12]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); + if ((return_code > 0x3f)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + //we extract the Message ID and Request ID and check for special cases + u_int32_t message_id = (u_int32_t) (packet->payload[0]+(packet->payload[1]<<8)+(packet->payload[2]<<16)+(packet->payload[3]<<24)); + u_int32_t request_id = (u_int32_t) (packet->payload[8]+(packet->payload[9]<<8)+(packet->payload[10]<<16)+(packet->payload[11]<<24)); + + if (message_id == MSG_MAGIC_COOKIE){ + if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x01) && (return_code == 0x00){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_MAGIC_COOKIE_ACK){ + if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x02) && (return_code == 0x00){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_SD){ + //####Service Discovery message. Fill in later!#### + } + + //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! + if (packet->l4_protocol == IPPROTO_UDP){ + if ((packet->udp->dest == 30491) || (packet->udp->dest == 30501) || (packet->udp->dest == 30490)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + } + } + if (packet->l4_protocol == IPPROTO_TCP){ + if ((packet->tcp->dest == 30491) || (packet->tcp->dest == 30501)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + } + } + + + + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; +} +/** + * Entry point for the ndpi library + */ +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); + ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SOMEIP, + ndpi_search_someip, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + *id +=1; +} + +#endif // NDPI_PROTOCOL_SOMEIP + -- cgit v1.2.3 From 87b49c524993bf17de1a207b4473d439c4071b24 Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Wed, 10 May 2017 18:05:27 +0300 Subject: Fix build errors --- src/lib/Makefile.am | 1 + src/lib/protocols/SOMEIP.c | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 375e9ce48..3bf808f44 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -158,6 +158,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/zeromq.c \ protocols/smpp.c \ protocols/tinc.c \ + protocols/someip.c \ third_party/include/actypes.h \ third_party/include/ahocorasick.h \ third_party/include/ndpi_patricia.h \ diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 84fdfada7..54c2d568f 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -158,8 +158,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t request_id = (u_int32_t) (packet->payload[8]+(packet->payload[9]<<8)+(packet->payload[10]<<16)+(packet->payload[11]<<24)); if (message_id == MSG_MAGIC_COOKIE){ - if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x01) && (return_code == 0x00){ + if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x01) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); return; @@ -172,8 +172,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x02) && (return_code == 0x00){ + if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x02) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); return; -- cgit v1.2.3 From bc7f0b368670f8c067c04c43a3fa9c6c81af77d4 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Mon, 15 May 2017 10:18:46 +0300 Subject: endianity for ports --- src/lib/protocols/SOMEIP.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 54c2d568f..62abc1cd0 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -191,13 +191,13 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ - if ((packet->udp->dest == 30491) || (packet->udp->dest == 30501) || (packet->udp->dest == 30490)) { + if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); } } if (packet->l4_protocol == IPPROTO_TCP){ - if ((packet->tcp->dest == 30491) || (packet->tcp->dest == 30501)) { + if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); } @@ -217,7 +217,7 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); - ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOMEIP, ndpi_search_someip, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, -- cgit v1.2.3 From 62a65aa4ccea8896890aa11ef5f8f24159d92e3d Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Thu, 18 May 2017 10:40:15 +0300 Subject: Fix case-sensitivity issue --- src/lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3bf808f44..3af5881b7 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -158,7 +158,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/zeromq.c \ protocols/smpp.c \ protocols/tinc.c \ - protocols/someip.c \ + protocols/SOMEIP.c \ third_party/include/actypes.h \ third_party/include/ahocorasick.h \ third_party/include/ndpi_patricia.h \ -- cgit v1.2.3 From 968085c965b1ef74b3a061178d53a62457f66697 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Thu, 18 May 2017 15:38:29 +0300 Subject: last updated protocol updated to SOMEIP(228) --- src/include/ndpi_protocol_ids.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index cf474eefa..1e088ceaa 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -268,11 +268,11 @@ #define NDPI_PROTOCOL_DRDA 227 #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ -#define NDPI_PROTOCOL_SOMEIP 228 +#define NDPI_PROTOCOL_SOMEIP 229 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTORE +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOMEIP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) -- cgit v1.2.3 From ae959f2d78feec6f66d29add46789078199acb93 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Fri, 19 May 2017 10:57:27 +0300 Subject: SOMEIP debug + bug fixes --- example/ndpiReader.c | 1 + src/lib/protocols/SOMEIP.c | 52 +++++++++++++++++++++++++++++----------------- 2 files changed, 34 insertions(+), 19 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6d5f5d5ee..ecb023d96 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1114,6 +1114,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { // enable all protocols NDPI_BITMASK_SET_ALL(all); + printf("Setting up detection..."); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 62abc1cd0..7637cf768 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -80,6 +80,9 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, { //####Maybe check carrier protocols?#### + + printf("trying to SOMEIP 1..."); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { @@ -94,9 +97,15 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, ####This block drops flows with over 10 packets. Why? Probably just an auto-drop in case nothing else catches it. Necessary for SOME/IP? Good question.#### */ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Service ID: %02x%02x%02x%02x [len: %u]\n", - packet->payload[3], packet->payload[2], packet->payload[1], packet->payload[0], packet->payload_packet_len); - //####I switched the endianity on these since the Message ID is 32 bit. Might be a wrong move?#### + //we extract the Message ID and Request ID and check for special cases later + u_int32_t message_id = (u_int32_t) ((packet->payload[0]<<24)+(packet->payload[1]<<16)+(packet->payload[2]<<8)+packet->payload[3]); + u_int32_t request_id = (u_int32_t) ((packet->payload[8]<<24)+(packet->payload[9]<<16)+(packet->payload[10]<<8)+packet->payload[11]); + + + printf("trying to SOMEIP 2..."); + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", + message_id, packet->payload_packet_len); if (packet->payload_packet_len < 16) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -111,18 +120,19 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ - + printf("trying to SOMEIP 3..."); + // we extract the remaining length - u_int32_t someip_len = (u_int32_t) (packet->payload[4]+(packet->payload[5]<<8)+(packet->payload[6]<<16)+(packet->payload[7]<<24)); + u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } + printf("trying to SOMEIP 4..."); - // check protocol version. ####CHECK IF ENDIANITY IS CORRECT#### - u_int8_t protocol_version = (u_int8_t) (packet->payload[15]); + u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); if (protocol_version != 0x01){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); @@ -130,12 +140,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - //####Read Interface Version, for later use. CHECK IF ENDIANITY IS CORRECT#### - u_int8_t interface_version = (packet->payload[14]); - + u_int8_t interface_version = (packet->payload[13]); + + printf("trying to SOMEIP 5..."); - // we extract the message type. ####CHECK IF ENDIANITY IS CORRECT#### - u_int8_t message_type = (u_int8_t) (packet->payload[13]); + u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { @@ -144,18 +153,17 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - // we extract the return code. ####CHECK IF ENDIANITY IS CORRECT#### - u_int8_t return_code = (u_int8_t) (packet->payload[12]); + printf("trying to SOMEIP 6..."); + + u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); if ((return_code > 0x3f)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } - - //we extract the Message ID and Request ID and check for special cases - u_int32_t message_id = (u_int32_t) (packet->payload[0]+(packet->payload[1]<<8)+(packet->payload[2]<<16)+(packet->payload[3]<<24)); - u_int32_t request_id = (u_int32_t) (packet->payload[8]+(packet->payload[9]<<8)+(packet->payload[10]<<16)+(packet->payload[11]<<24)); + + printf("trying to SOMEIP 7..."); if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -170,6 +178,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } } + + printf("trying to SOMEIP 8..."); if (message_id == MSG_MAGIC_COOKIE_ACK){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -185,6 +195,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } } + printf("trying to SOMEIP 9..."); + if (message_id == MSG_SD){ //####Service Discovery message. Fill in later!#### } @@ -194,16 +206,18 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); + return; } } if (packet->l4_protocol == IPPROTO_TCP){ if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); + return; } } - + printf("trying to SOMEIP 10..."); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); -- cgit v1.2.3 From 7d39ba212471cbbfe5bb695dd43bbf4927239817 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Fri, 19 May 2017 11:42:57 +0300 Subject: removed debug prints, changed line of documentation --- example/ndpiReader.c | 1 - src/lib/ndpi_main.c | 2 +- src/lib/protocols/SOMEIP.c | 23 ----------------------- 3 files changed, 1 insertion(+), 25 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index ecb023d96..6d5f5d5ee 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1114,7 +1114,6 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { // enable all protocols NDPI_BITMASK_SET_ALL(all); - printf("Setting up detection..."); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c18723c87..8ff3855af 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2696,7 +2696,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* MQTT */ init_mqtt_dissector(ndpi_struct, &a, detection_bitmask); - /* MQTT */ + /* SOME/IP */ init_someip_dissector(ndpi_struct, &a, detection_bitmask); /* RX */ diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 7637cf768..e857371f9 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -81,8 +81,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### - printf("trying to SOMEIP 1..."); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { @@ -101,9 +99,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t message_id = (u_int32_t) ((packet->payload[0]<<24)+(packet->payload[1]<<16)+(packet->payload[2]<<8)+packet->payload[3]); u_int32_t request_id = (u_int32_t) ((packet->payload[8]<<24)+(packet->payload[9]<<16)+(packet->payload[10]<<8)+packet->payload[11]); - - printf("trying to SOMEIP 2..."); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); if (packet->payload_packet_len < 16) { @@ -119,9 +114,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, ####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### */ - - printf("trying to SOMEIP 3..."); - // we extract the remaining length u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); if (packet->payload_packet_len != (someip_len + 8)) { @@ -130,8 +122,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - printf("trying to SOMEIP 4..."); - u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); if (protocol_version != 0x01){ @@ -142,8 +132,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t interface_version = (packet->payload[13]); - printf("trying to SOMEIP 5..."); - u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && @@ -153,8 +141,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - printf("trying to SOMEIP 6..."); - u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); if ((return_code > 0x3f)) { @@ -162,8 +148,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } - - printf("trying to SOMEIP 7..."); if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -178,8 +162,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } } - - printf("trying to SOMEIP 8..."); if (message_id == MSG_MAGIC_COOKIE_ACK){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -195,8 +177,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } } - printf("trying to SOMEIP 9..."); - if (message_id == MSG_SD){ //####Service Discovery message. Fill in later!#### } @@ -217,9 +197,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } } - printf("trying to SOMEIP 10..."); - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; -- cgit v1.2.3 From 6029510ee7623ec55a28d0505db4b5b3ad4ec931 Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Fri, 19 May 2017 13:36:39 +0300 Subject: Add CR comments --- src/lib/protocols/SOMEIP.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index e857371f9..9c12343e8 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -24,6 +24,7 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SOMEIP +// CR: these MQTT references are no longer relevant, rigth? /** * The type of control messages in mqtt version 3.1.1 * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 @@ -82,10 +83,13 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + // CR: can packet be const? struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } + // CR: let's reach a decision in this issue. + /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); if (flow->packet_counter > 10) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found!\n"); @@ -115,6 +119,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ // we extract the remaining length + // CR: cast the payload to unsigned int, then use ntohl u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); @@ -124,6 +129,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + // CR: don't use magic numbers, convert this to a constant instead if (protocol_version != 0x01){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -134,6 +140,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + + // CR: don't use magic numbers, convert these to constants instead if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); @@ -142,7 +150,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } u_int8_t return_code = (u_int8_t) (packet->payload[15]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); + // CR: don't use magic numbers, convert this to a constant instead if ((return_code > 0x3f)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -150,10 +159,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE){ + // CR: don't use magic numbers, convert these to constants instead if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && (message_type == 0x01) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ @@ -164,10 +174,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ + // CR: don't use magic numbers, convert these to constants instead if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && (message_type == 0x02) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ @@ -178,21 +189,26 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ + // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) //####Service Discovery message. Fill in later!#### } + // CR: while this is for demo purposes, the port numbers are as specified in the SOME/IP document, so we should change the + // comment to reflect this. + // Also, don't use magic numbers, use constants. + //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } if (packet->l4_protocol == IPPROTO_TCP){ if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } -- cgit v1.2.3 From 0aa5ebde5d0a03dbc4c941f129efb42a8c010457 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Fri, 19 May 2017 14:16:21 +0300 Subject: CR comments and fixes --- src/lib/protocols/SOMEIP.c | 79 +++++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 32 deletions(-) diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 9c12343e8..a0d347417 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -24,11 +24,7 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SOMEIP -// CR: these MQTT references are no longer relevant, rigth? -/** - * The type of control messages in mqtt version 3.1.1 - * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 - */ +// CR: these MQTT references are no longer relevant, rigth? ANS: true. enum SOMEIP_MESSAGE_TYPES { REQUEST = 0x00, REQUEST_NO_RETURN = 0x01, @@ -53,7 +49,8 @@ enum SOMEIP_RETURN_CODES { E_WRONG_PROTOCOL_VERSION = 0x07, E_WRONG_INTERFACE_VERSION = 0x08, E_MALFORMED_MESSAGE = 0x09, - E_WRONG_MESSAGE_TYPE = 0x0a + E_WRONG_MESSAGE_TYPE = 0x0a, + E_RETURN_CODE_LEGAL_THRESHOLD = 0x40 //return codes from 0x40 (inclusive) and upwards are illegal. }; enum SPECIAL_MESSAGE_IDS { @@ -62,6 +59,21 @@ enum SPECIAL_MESSAGE_IDS { MSG_SD = 0xffff8100 }; +enum PROTOCOL_VERSION{ + LEGAL_PROTOCOL_VERSION = 0x01 +}; + +enum MAGIC_COOKIE_CONSTANTS{ + MC_REQUEST_ID = 0xDEADBEEF, + MC_LENGTH = 0x08, + MC_INTERFACE_VERSION = 0x01 +}; + +enum DEFAULT_PROTOCOL_PORTS{ + PORT_DEFAULT_CLIENT = 30491, + PORT_DEFAULT_SERVER = 30501, + PORT_DEFAULT_SD = 30490 +}; /** * Entry point when protocol is identified. @@ -83,12 +95,12 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - // CR: can packet be const? - struct ndpi_packet_struct *packet = &flow->packet; + // CR: can packet be const? ANS: Probably yeah, needs testing but I changed it. + struct const ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - // CR: let's reach a decision in this issue. + // CR: let's reach a decision in this issue. ANS: I think it's unnecessary and would get dropped on length checks or whatever, so we can remove this. /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); if (flow->packet_counter > 10) { @@ -100,8 +112,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ //we extract the Message ID and Request ID and check for special cases later - u_int32_t message_id = (u_int32_t) ((packet->payload[0]<<24)+(packet->payload[1]<<16)+(packet->payload[2]<<8)+packet->payload[3]); - u_int32_t request_id = (u_int32_t) ((packet->payload[8]<<24)+(packet->payload[9]<<16)+(packet->payload[10]<<8)+packet->payload[11]); + u_int32_t message_id = ntohl(*((u_int32_t *)packet->payload[0])); + u_int32_t request_id = ntohl(*((u_int32_t *)packet->payload[8])); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); @@ -119,8 +131,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ // we extract the remaining length - // CR: cast the payload to unsigned int, then use ntohl - u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); + // CR: cast the payload to unsigned int, then use ntohl ANS: done + u_int32_t someip_len = ntohl(*((u_int32_t *)packet->payload[4])); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -129,8 +141,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); - // CR: don't use magic numbers, convert this to a constant instead - if (protocol_version != 0x01){ + // CR: don't use magic numbers, convert this to a constant instead ANS: done + if (protocol_version != LEGAL_PROTOCOL_VERSION){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; @@ -141,9 +153,10 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); - // CR: don't use magic numbers, convert these to constants instead - if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && - (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { + // CR: don't use magic numbers, convert these to constants instead ANS: done + if ((message_type != REQUEST) && (message_type != REQUEST_NO_RETURN) && (message_type != NOTIFICATION) && (message_type != REQUEST_ACK) && + (message_type != REQUEST_NO_RETURN_ACK) && (message_type != NOTIFICATION_ACK) && (message_type != RESPONSE) && + (message_type != ERROR) && (message_type != RESPONSE_ACK) && (message_type != ERROR_ACK)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; @@ -151,17 +164,17 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); - // CR: don't use magic numbers, convert this to a constant instead - if ((return_code > 0x3f)) { + // CR: don't use magic numbers, convert this to a constant instead ANS: done + if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } if (message_id == MSG_MAGIC_COOKIE){ - // CR: don't use magic numbers, convert these to constants instead - if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x01) && (return_code == 0x00)){ + // CR: don't use magic numbers, convert these to constants instead ANS:done + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && + (message_type == REQUEST_NO_RETURN\) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; @@ -174,9 +187,9 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - // CR: don't use magic numbers, convert these to constants instead - if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x02) && (return_code == 0x00)){ + // CR: don't use magic numbers, convert these to constants instead ANS: done + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION\) && + (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; @@ -189,24 +202,26 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ - // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) + // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) ANS: a TON of stuff. SD is basically another protocol built ontop SOMEIP. at the very least I expect it to be as long as everything else we've done already. //####Service Discovery message. Fill in later!#### } // CR: while this is for demo purposes, the port numbers are as specified in the SOME/IP document, so we should change the - // comment to reflect this. - // Also, don't use magic numbers, use constants. + // comment to reflect this. ANS: done + // Also, don't use magic numbers, use constants. ANS: done - //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! + //Filtering by port. + //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. + //This is is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ - if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { + if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } if (packet->l4_protocol == IPPROTO_TCP){ - if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { + if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; -- cgit v1.2.3 From 8ec286743361a0e7944c24c90f600a2b842df661 Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Fri, 19 May 2017 14:33:05 +0300 Subject: CR fixes --- src/lib/protocols/SOMEIP.c | 40 ++++++---------------------------------- 1 file changed, 6 insertions(+), 34 deletions(-) diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index a0d347417..7e33048c8 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -24,7 +24,6 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SOMEIP -// CR: these MQTT references are no longer relevant, rigth? ANS: true. enum SOMEIP_MESSAGE_TYPES { REQUEST = 0x00, REQUEST_NO_RETURN = 0x01, @@ -95,25 +94,14 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - // CR: can packet be const? ANS: Probably yeah, needs testing but I changed it. struct const ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - // CR: let's reach a decision in this issue. ANS: I think it's unnecessary and would get dropped on length checks or whatever, so we can remove this. - - /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); - if (flow->packet_counter > 10) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - ####This block drops flows with over 10 packets. Why? Probably just an auto-drop in case nothing else catches it. Necessary for SOME/IP? Good question.#### - */ //we extract the Message ID and Request ID and check for special cases later - u_int32_t message_id = ntohl(*((u_int32_t *)packet->payload[0])); - u_int32_t request_id = ntohl(*((u_int32_t *)packet->payload[8])); + u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); + u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); @@ -122,17 +110,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } - /*if (packet->payload_packet_len > 258) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. maximum packet size exceeded!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - ####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### - */ + + //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### // we extract the remaining length - // CR: cast the payload to unsigned int, then use ntohl ANS: done - u_int32_t someip_len = ntohl(*((u_int32_t *)packet->payload[4])); + u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -141,7 +123,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); - // CR: don't use magic numbers, convert this to a constant instead ANS: done if (protocol_version != LEGAL_PROTOCOL_VERSION){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -153,7 +134,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); - // CR: don't use magic numbers, convert these to constants instead ANS: done if ((message_type != REQUEST) && (message_type != REQUEST_NO_RETURN) && (message_type != NOTIFICATION) && (message_type != REQUEST_ACK) && (message_type != REQUEST_NO_RETURN_ACK) && (message_type != NOTIFICATION_ACK) && (message_type != RESPONSE) && (message_type != ERROR) && (message_type != RESPONSE_ACK) && (message_type != ERROR_ACK)) { @@ -164,7 +144,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); - // CR: don't use magic numbers, convert this to a constant instead ANS: done if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -172,7 +151,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE){ - // CR: don't use magic numbers, convert these to constants instead ANS:done if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == REQUEST_NO_RETURN\) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); @@ -187,7 +165,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - // CR: don't use magic numbers, convert these to constants instead ANS: done if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION\) && (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); @@ -202,14 +179,9 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ - // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) ANS: a TON of stuff. SD is basically another protocol built ontop SOMEIP. at the very least I expect it to be as long as everything else we've done already. - //####Service Discovery message. Fill in later!#### + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); } - // CR: while this is for demo purposes, the port numbers are as specified in the SOME/IP document, so we should change the - // comment to reflect this. ANS: done - // Also, don't use magic numbers, use constants. ANS: done - //Filtering by port. //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. //This is is PURELY for demo purposes and the rest of the check must be filled in later on! -- cgit v1.2.3 From d4ca57884b6e85590dc71053f23b10ebfbbed2af Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Fri, 19 May 2017 14:38:44 +0300 Subject: CR fixes #2 --- src/lib/protocols/SOMEIP.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 7e33048c8..adffb0c33 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -94,7 +94,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - struct const ndpi_packet_struct *packet = &flow->packet; + const struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } @@ -152,7 +152,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && - (message_type == REQUEST_NO_RETURN\) && (return_code == E_OK)){ + (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; @@ -165,7 +165,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION\) && + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From 090dc752bdfb574535095422a235b9a4d8da87e5 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 14 Jun 2017 21:35:46 -0400 Subject: Added OOO, restransmission, segment losts --- wireshark/ndpi.lua | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index f9db38411..495d4c14c 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -48,6 +48,9 @@ local f_ip_len = Field.new("ip.len") local f_ip_hdr_len = Field.new("ip.hdr_len") local f_ssl_server_name = Field.new("ssl.handshake.extensions_server_name") local f_tcp_flags = Field.new('tcp.flags') +local f_tcp_retrans = Field.new('tcp.analysis.retransmission') +local f_tcp_ooo = Field.new('tcp.analysis.out_of_order') +local f_tcp_lost_segment = Field.new('tcp.analysis.lost_segment') -- packet drop ? local ndpi_protos = {} local ndpi_flows = {} @@ -295,6 +298,14 @@ function ndpi_proto.init() top_dns_queries = {} num_top_dns_queries = 0 + -- TCP analysis + num_tcp_retrans = 0 + num_tcp_ooo = 0 + num_tcp_lost_segment = 0 + tcp_retrans = {} + tcp_ooo = {} + tcp_lost_segment = {} + -- Network RRT min_nw_client_RRT = {} min_nw_server_RRT = {} @@ -529,6 +540,35 @@ end -- ############################################### +function tcp_dissector(tvb, pinfo, tree) + local _tcp_retrans = f_tcp_retrans() + local _tcp_ooo = f_tcp_ooo() + local _tcp_lost_segment = f_tcp_lost_segment() + + if(_tcp_retrans ~= nil) then + local key = getstring(pinfo.src)..":"..getstring(pinfo.src_port).." -> "..getstring(pinfo.dst)..":"..getstring(pinfo.dst_port) + num_tcp_retrans = num_tcp_retrans + 1 + if(tcp_retrans[key] == nil) then tcp_retrans[key] = 0 end + tcp_retrans[key] = tcp_retrans[key] + 1 + end + + if(_tcp_ooo ~= nil) then + local key = getstring(pinfo.src)..":"..getstring(pinfo.src_port).." -> "..getstring(pinfo.dst)..":"..getstring(pinfo.dst_port) + num_tcp_ooo = num_tcp_ooo + 1 + if(tcp_ooo[key] == nil) then tcp_ooo[key] = 0 end + tcp_ooo[key] = tcp_ooo[key] + 1 + end + + if(_tcp_lost_segment ~= nil) then + local key = getstring(pinfo.src)..":"..getstring(pinfo.src_port).." -> "..getstring(pinfo.dst)..":"..getstring(pinfo.dst_port) + num_tcp_lost_segment = num_tcp_lost_segment + 1 + if(tcp_lost_segment[key] == nil) then tcp_lost_segment[key] = 0 end + tcp_lost_segment[key] = tcp_lost_segment[key] + 1 + end +end + +-- ############################################### + function latency_dissector(tvb, pinfo, tree) local _tcp_flags = f_tcp_flags() local udp_len = f_udp_len() @@ -743,6 +783,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) end -- nDPI latency_dissector(tvb, pinfo, tree) + tcp_dissector(tvb, pinfo, tree) end -- ########################################### @@ -1077,11 +1118,52 @@ end -- ############################################### +local function tcp_dialog_menu() + local win = TextWindow.new("TCP Packets Analysis"); + local label = "" + + label = label .. "Total Retransmissions : "..num_tcp_retrans.."\n" + if(num_tcp_retrans > 0) then + i = 0 + label = label .. "-----------------------------\n" + for k,v in pairsByValues(tcp_retrans, rev) do + label = label .. string.format("%-48s", shortenString(k,48)).."\t"..v.."\n" + if(i == 10) then break else i = i + 1 end + end + end + + label = label .. "\nTotal Out-of-Order : "..num_tcp_ooo.."\n" + if(num_tcp_ooo > 0) then + i = 0 + label = label .. "-----------------------------\n" + for k,v in pairsByValues(tcp_ooo, rev) do + label = label .. string.format("%-48s", shortenString(k,48)).."\t"..v.."\n" + if(i == 10) then break else i = i + 1 end + end + end + + label = label .. "\nTotal Lost Segment : "..num_tcp_lost_segment.."\n" + if(num_tcp_lost_segment > 0) then + i = 0 + label = label .. "-----------------------------\n" + for k,v in pairsByValues(tcp_lost_segment, rev) do + label = label .. string.format("%-48s", shortenString(k,48)).."\t"..v.."\n" + if(i == 10) then break else i = i + 1 end + end + end + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + register_menu("ntop/ARP", arp_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/VLAN", vlan_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/IP-MAC", ip_mac_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/DNS", dns_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/SSL", ssl_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/TCP Analysis", tcp_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Network", rtt_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Application", appl_rtt_dialog_menu, MENU_TOOLS_UNSORTED) -- cgit v1.2.3 From ac5cb53066adf584da95b96e04e3e7e838c97a4a Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 15 Jun 2017 05:25:27 -0400 Subject: mDNS improvemennts to recognize reponses senst to non multicast addresses --- src/lib/protocols/mdns.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index 0692b3252..a47e9b72a 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -1,7 +1,7 @@ /* * mdns.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -26,6 +26,10 @@ #define NDPI_MAX_MDNS_REQUESTS 128 +PACK_ON +struct mdns_header { + u_int16_t transaction_id, flags, questions, answers, authority_rr, additional_rr; +} PACK_OFF; /** MDNS header is similar to dns header @@ -48,27 +52,26 @@ static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ + *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MDNS, NDPI_PROTOCOL_UNKNOWN); } static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ + *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - if((packet->payload[2] & 0x80) == 0 && - ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { - + struct mdns_header *h = (struct mdns_header*)packet->payload; + u_int16_t questions = ntohs(h->questions), answers = ntohs(h->answers); + + if(((packet->payload[2] & 0x80) == 0) + && (questions <= NDPI_MAX_MDNS_REQUESTS) + && (answers <= NDPI_MAX_MDNS_REQUESTS)) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); return 1; } - else if((packet->payload[2] & 0x80) != 0 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) != 0) { + else if(((packet->payload[2] & 0x80) != 0) + && (questions == 0) + && (answers <= NDPI_MAX_MDNS_REQUESTS) + && (answers != 0)) { char answer[256]; int i, j, len; @@ -77,7 +80,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct answer[j] = '\0'; - /* printf("==> [%d] %s\n", j, answer); */ + printf("==> [%d] %s\n", j, answer); len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); strncpy(flow->protos.mdns.answer, (const char *)answer, len); @@ -107,7 +110,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n /* check standard MDNS ON port 5353 */ if(dport == 5353 && packet->payload_packet_len >= 12) { /* mdns protocol must have destination address 224.0.0.251 */ - if(packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { + if(packet->iph != NULL /* && ntohl(packet->iph->daddr) == 0xe00000fb */) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); @@ -120,7 +123,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(packet->iphv6 != NULL) { const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; - if(daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) { + if(daddr[0] == htonl(0xff020000) /* && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb) */) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); -- cgit v1.2.3 From be749e75a502b14e249143eb4353e0a0cea764aa Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 15 Jun 2017 07:13:29 -0400 Subject: Removed tracing --- src/lib/protocols/mdns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index a47e9b72a..d805a0bca 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -80,7 +80,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct answer[j] = '\0'; - printf("==> [%d] %s\n", j, answer); + /* printf("==> [%d] %s\n", j, answer); */ len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); strncpy(flow->protos.mdns.answer, (const char *)answer, len); -- cgit v1.2.3 From 6edece628e578ffb437b99cce4cc1a8e728f5037 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 16 Jun 2017 11:24:16 +0200 Subject: Fixed bug causing wrong results in (-b) diagnose statistics --- example/ndpiReader.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6d5f5d5ee..0dd83f899 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -990,7 +990,7 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi flow->detected_protocol.app_protocol),sizeof(proto)); updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); - if(flow->dst2src_packets > 0) updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); + updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); } } @@ -1336,7 +1336,6 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); - json_object_object_add(jObj_stat,"packets.percent",json_object_new_double(s->prcnt_pkt)); json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); json_object_object_add(jObj_stat,"protocol",json_object_new_string(s->proto)); @@ -1665,6 +1664,15 @@ static void printResults(u_int64_t tot_usec) { } + if(verbose == 3) { + printf("\n\nSource Ports Stats:\n"); + printPortStats(srcStats); + + printf("\nDestination Ports Stats:\n"); + printPortStats(dstStats); + } + + if(stats_flag) { #ifdef HAVE_JSON_C u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats, cumulative_stats.ip_packet_count); @@ -1686,17 +1694,12 @@ static void printResults(u_int64_t tot_usec) { #endif } + if(verbose == 3 || stats_flag){ + deletePortsStats(srcStats), deletePortsStats(dstStats); + srcStats = NULL, dstStats = NULL; + } - if(verbose == 3) { - printf("\n\nSource Ports Stats:\n"); - printPortStats(srcStats); - - printf("\nDestination Ports Stats:\n"); - printPortStats(dstStats); - deletePortsStats(srcStats), deletePortsStats(dstStats); - srcStats = NULL, dstStats = NULL; - } } -- cgit v1.2.3 From 5a08303c430e88e2c2c4c600252f19e172b9b545 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 16 Jun 2017 14:10:54 +0200 Subject: Added scanner host stats to (-b) diagnose statistics --- example/ndpiReader.c | 182 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 171 insertions(+), 11 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0dd83f899..bcf243eeb 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -91,14 +91,14 @@ static u_int32_t num_flows; struct info_pair{ char addr[48]; - char proto[48]; /*l4 protocol*/ + char proto[48]; /*app level protocol*/ int count; }; typedef struct node_a{ char addr[48]; int count; - char proto[48]; /*l4 protocol*/ + char proto[48]; /*app level protocol*/ struct node_a *left, *right; }addr_node; @@ -121,7 +121,6 @@ struct top_stats { char top_ip[48]; /*ip address that is contributed to > 95% of traffic*/ char proto[64]; /*application level protocol of top_ip */ u_int32_t num_pkts; - float prcnt_pkt; /*percent of packets respect to total packets */ u_int32_t num_addr; /*to hold number of distinct IP addresses */ u_int32_t num_flows; UT_hash_handle hh; /* makes this structure hashable */ @@ -130,6 +129,23 @@ struct top_stats { struct top_stats *topSrcStats = NULL, *topDstStats = NULL; +// struct to hold count of flows received by destination ports +struct port_flow_info { + u_int32_t port; /* key */ + u_int32_t num_flows; + UT_hash_handle hh; +}; + +// struct to hold single packet tcp flows send by source ip address +struct single_flow_info { + char saddr[48]; /* key */ + struct port_flow_info *ports; + u_int32_t tot_flows; + UT_hash_handle hh; +}; + +struct single_flow_info *scannerHosts = NULL; + struct ndpi_packet_trailer { u_int32_t magic; /* 0x19682017 */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; @@ -811,6 +827,47 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ +void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int32_t dport){ + struct single_flow_info *f; + + HASH_FIND_STR(*scanners, saddr, f); + + if(f == NULL) { + f = (struct single_flow_info*)malloc(sizeof(struct single_flow_info)); + if(!f) return; + strncpy(f->saddr, saddr, sizeof(f->saddr)); + f->tot_flows = 1; + f->ports = NULL; + + HASH_ADD_STR(*scanners, saddr, f); + + struct port_flow_info *p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); + if(!p) return; + p->port = dport; + p->num_flows = 1; + + HASH_ADD_INT(f->ports, port, p); + } + else{ + struct port_flow_info *pp; + f->tot_flows++; + + HASH_FIND_INT(f->ports, &dport, pp); + + if(pp == NULL){ + pp = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); + if(!pp) return; + pp->port = dport; + pp->num_flows = 1; + + HASH_ADD_INT(f->ports, port, pp); + } + else pp->num_flows++; + } +} + +/* *********************************************** */ + int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { addr_node *q; addr_node **rootp = vrootp; @@ -920,7 +977,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, s = (struct port_stats*)malloc(sizeof(struct port_stats)); if(!s) return; - s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes, + s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes; s->num_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); @@ -953,6 +1010,22 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ +static void deleteScanners(struct single_flow_info *scanners){ + struct single_flow_info *s, *tmp; + struct port_flow_info *p, *tmp2; + + HASH_ITER(hh, scanners, s, tmp) { + HASH_ITER(hh, s->ports, p, tmp2) { + HASH_DEL(s->ports, p); + free(s->ports); + } + HASH_DEL(scanners, s); + free(s); + } +} + +/* *********************************************** */ + static void deletePortsStats(struct port_stats *stats) { struct port_stats *current_port, *tmp; @@ -976,6 +1049,7 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi char saddr[48], daddr[48]; char proto[48]; u_int16_t thread_id = *(int *)user_data; + int r; sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); strncpy(saddr, flow->src_name, sizeof(saddr)); @@ -989,6 +1063,12 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol),sizeof(proto)); + if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) + && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)){ + + updateScanners(&scannerHosts, saddr, dport); + } + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); } @@ -1252,6 +1332,24 @@ static int port_stats_sort(void *_a, void *_b) { /* *********************************************** */ +static int scanners_sort(void *_a, void *_b) { + struct single_flow_info *a = (struct single_flow_info *)_a; + struct single_flow_info *b = (struct single_flow_info *)_b; + + return(b->tot_flows - a->tot_flows); +} + +/* *********************************************** */ + +static int scanners_port_sort(void *_a, void *_b) { + struct port_flow_info *a = (struct port_flow_info *)_a; + struct port_flow_info *b = (struct port_flow_info *)_b; + + return(b->num_flows - a->num_flows); +} + +/* *********************************************** */ + static int info_pair_cmp (const void *_a, const void *_b) { struct info_pair *a = (struct info_pair *)_a; @@ -1284,7 +1382,7 @@ static void deleteTopStats(struct top_stats *stats) { /** * @brief Get port based top statistics */ -static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_int64_t total_packet_count){ +static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ struct top_stats *s; struct port_stats *sp, *tmp; struct info_pair inf; @@ -1297,7 +1395,6 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ s->port = sp->port; s->num_pkts = sp->num_pkts; - s->prcnt_pkt = (sp->num_pkts*100.0)/total_packet_count; s->num_addr = sp->num_addr; s->num_flows = sp->num_flows; @@ -1320,11 +1417,63 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ /* *********************************************** */ +#ifdef HAVE_JSON_C +static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners){ + struct single_flow_info *s, *tmp; + struct port_flow_info *p, *tmp2; + json_object *jArray_stats = json_object_new_array(); + int i = 0, j = 0; + + HASH_SORT(scanners, scanners_sort); + + + HASH_ITER(hh, scanners, s, tmp) { + json_object *jObj_stat = json_object_new_object(); + json_object *jArray_ports = json_object_new_array(); + + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(s->saddr)); + json_object_object_add(jObj_stat,"total.flows.number",json_object_new_int(s->tot_flows)); + + HASH_SORT(s->ports, scanners_port_sort); + + HASH_ITER(hh, s->ports, p, tmp2) { + json_object *jObj_port = json_object_new_object(); + + json_object_object_add(jObj_port,"port",json_object_new_int(p->port)); + json_object_object_add(jObj_port,"flows.number",json_object_new_int(p->num_flows)); + + json_object_array_add(jArray_ports, jObj_port); + + j++; + if(j >= 10) break; + } + + json_object_object_add(jObj_stat,"top.ports",jArray_ports); + json_object_array_add(jArray_stats, jObj_stat); + + j = 0; + i++; + if(i >= 10) break; + } + + json_object_object_add(*jObj_group, "scanner.stats", jArray_stats); + + +} +#endif + + + #ifdef HAVE_JSON_C /* * @brief Save Top Stats in json format */ -static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int direction, u_int64_t total_ip_addr){ +static void saveTopStats(json_object **jObj_group, + struct top_stats *stats, + int direction, + u_int64_t total_flow_count, + u_int64_t total_ip_addr){ + struct top_stats *s, *tmp; json_object *jArray_stats = json_object_new_array(); int i = 0; @@ -1337,6 +1486,11 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); + json_object_object_add(jObj_stat,"flows.percent",json_object_new_double((s->num_flows*100.0)/total_flow_count)); + if(s->num_pkts) json_object_object_add(jObj_stat,"flows/packets", + json_object_new_double(((double)s->num_flows)/s->num_pkts)); + else json_object_object_add(jObj_stat,"flows/packets",json_object_new_double(0.0)); + json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); json_object_object_add(jObj_stat,"protocol",json_object_new_string(s->proto)); @@ -1675,8 +1829,8 @@ static void printResults(u_int64_t tot_usec) { if(stats_flag) { #ifdef HAVE_JSON_C - u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats, cumulative_stats.ip_packet_count); - u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats, cumulative_stats.ip_packet_count); + u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats); + u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats); json_object *jObj_stats = json_object_new_object(); char timestamp[64]; @@ -1684,13 +1838,19 @@ static void printResults(u_int64_t tot_usec) { strftime(timestamp, sizeof(timestamp), "%FT%TZ", localtime(&pcap_start.tv_sec)); json_object_object_add(jObj_stats, "time", json_object_new_string(timestamp)); - saveTopStats(&jObj_stats, topSrcStats, DIR_SRC, total_src_addr); - saveTopStats(&jObj_stats, topDstStats, DIR_DST, total_dst_addr); + saveScannerStats(&jObj_stats, scannerHosts); + + saveTopStats(&jObj_stats, topSrcStats, DIR_SRC, cumulative_stats.ndpi_flow_count, total_src_addr); + saveTopStats(&jObj_stats, topDstStats, DIR_DST, cumulative_stats.ndpi_flow_count, total_dst_addr); json_object_array_add(jArray_topStats, jObj_stats); deleteTopStats(topSrcStats), deleteTopStats(topDstStats); topSrcStats = NULL, topDstStats = NULL; + + deleteScanners(scannerHosts); + scannerHosts = NULL; + #endif } -- cgit v1.2.3 From 412cb2e6e8b5e10c3150023ed5a1b74790d0ba5b Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 17 Jun 2017 07:15:50 -0400 Subject: Label fix --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index bcf243eeb..4e84bd7fc 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1489,7 +1489,7 @@ static void saveTopStats(json_object **jObj_group, json_object_object_add(jObj_stat,"flows.percent",json_object_new_double((s->num_flows*100.0)/total_flow_count)); if(s->num_pkts) json_object_object_add(jObj_stat,"flows/packets", json_object_new_double(((double)s->num_flows)/s->num_pkts)); - else json_object_object_add(jObj_stat,"flows/packets",json_object_new_double(0.0)); + else json_object_object_add(jObj_stat,"flows.num_packets",json_object_new_double(0.0)); json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); json_object_object_add(jObj_stat,"protocol",json_object_new_string(s->proto)); -- cgit v1.2.3 From 68f1653dec9bdffa96479c8245529c76c604c30a Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 19 Jun 2017 20:39:36 +0200 Subject: fix lync detection --- src/lib/protocols/stun.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 421ed5d75..8c42f56c9 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -98,6 +98,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) + && ((payload[offset+4] == 0x31) || (payload[offset+4] == 0x34)) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -258,16 +259,15 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - if(is_lync) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); - } else { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); - ndpi_int_stun_add_connection(ndpi_struct, - is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); - } - - return; + if(is_lync) { + NDPI_LOG(NDPI_PROTOCOL_MS_LYNC, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + } else { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + ndpi_int_stun_add_connection(ndpi_struct, + is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); + } + return; } } } -- cgit v1.2.3 From e2119896db85f1caa22ca8ba7c8be46a246e5ce4 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 20 Jun 2017 14:19:55 -0400 Subject: Added protocl info in wireshark info columm --- wireshark/ndpi.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 495d4c14c..6724ebfcf 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -743,8 +743,8 @@ function ndpi_proto.dissector(tvb, pinfo, tree) if(application_protocol ~= 0) then -- Set protocol name in the wireshark protocol column (if not Unknown) - --pinfo.cols.protocol = name - print(network_protocol .. "/" .. application_protocol .. "/".. name) + pinfo.cols.protocol = name + --print(network_protocol .. "/" .. application_protocol .. "/".. name) end if(compute_flows_stats) then -- cgit v1.2.3 From 8395bdac97f1b2dfa81f8f0bf36febba7ee66d11 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 20 Jun 2017 23:16:59 -0400 Subject: Implemented RPC latency --- wireshark/ndpi.lua | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 6724ebfcf..ad1f5fe0e 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -51,6 +51,8 @@ local f_tcp_flags = Field.new('tcp.flags') local f_tcp_retrans = Field.new('tcp.analysis.retransmission') local f_tcp_ooo = Field.new('tcp.analysis.out_of_order') local f_tcp_lost_segment = Field.new('tcp.analysis.lost_segment') -- packet drop ? +local f_rpc_xid = Field.new('rpc.xid') +local f_rpc_msgtyp = Field.new('rpc.msgtyp') local ndpi_protos = {} local ndpi_flows = {} @@ -92,6 +94,8 @@ local max_appl_RRT = {} local first_payload_ts = {} local first_payload_id = {} +local rpc_ts = {} + local num_pkts = 0 local last_processed_packet_number = 0 local max_latency_discard = 5000 -- 5 sec @@ -321,6 +325,9 @@ function ndpi_proto.init() max_appl_RRT = {} first_payload_ts = {} first_payload_id = {} + + -- RPC + rpc_ts = {} end function slen(str) @@ -540,6 +547,31 @@ end -- ############################################### +function rpc_dissector(tvb, pinfo, tree) + local _rpc_xid = f_rpc_xid() + local _rpc_msgtyp = f_rpc_msgtyp() + + if((_rpc_xid ~= nil) and (_rpc_msgtyp ~= nil)) then + local xid = getval(_rpc_xid) + local msgtyp = getval(_rpc_msgtyp) + + if(msgtyp == "0") then + rpc_ts[xid] = pinfo.abs_ts + else + if(rpc_ts[xid] ~= nil) then + local appl_latency = abstime_diff(pinfo.abs_ts, rpc_ts[xid]) * 1000 + + if((appl_latency > 0) and (appl_latency < max_appl_lat_discard)) then + local ntop_subtree = tree:add(ntop_proto, tvb(), "ntop") + ntop_subtree:add(ntop_fds.appl_latency_rtt, appl_latency) + end + end + end + end +end + +-- ############################################### + function tcp_dissector(tvb, pinfo, tree) local _tcp_retrans = f_tcp_retrans() local _tcp_ooo = f_tcp_ooo() @@ -812,6 +844,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) vlan_dissector(tvb, pinfo, tree) ssl_dissector(tvb, pinfo, tree) dns_dissector(tvb, pinfo, tree) + rpc_dissector(tvb, pinfo, tree) end register_postdissector(ndpi_proto) -- cgit v1.2.3 From 7235c9a73a4da26e98a82dc639a4a1c28653ee2a Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 23 Jun 2017 12:14:31 +0200 Subject: Added -x flag. Produces a bpf filter based on diagnose information generated by -b flag --- example/ndpiReader.c | 282 +++++++++++++++++++++++++++++++++++++++++++++------ example/ndpi_util.h | 4 + 2 files changed, 253 insertions(+), 33 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4e84bd7fc..09b909c22 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -46,6 +46,10 @@ #include "../config.h" #include "ndpi_api.h" #include "uthash.h" +#include +#include +#include +#include #ifdef HAVE_JSON_C #include @@ -62,6 +66,7 @@ static char *_bpf_filter = NULL; /**< bpf filter */ static char *_protoFilePath = NULL; /**< Protocol file path */ static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C +static char *_diagnoseFilePath = NULL; /**< Top stats file path */ static char *_jsonFilePath = NULL; /**< JSON file path */ static FILE *stats_fp = NULL; /**< for Top Stats JSON file */ #endif @@ -73,7 +78,7 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; -static u_int8_t stats_flag = 0, file_first_time = 1; +static u_int8_t stats_flag = 0, file_first_time = 1, bpf_filter_flag = 0; static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; @@ -203,7 +208,7 @@ static void help(u_int long_help) { printf("ndpiReader -i [-f ][-s ][-m ]\n" " [-p ][-l [-q][-d][-h][-t][-v ]\n" - " [-n ] [-w ] [-j ]\n\n" + " [-n ] [-w ] [-j ] [-x ] \n\n" "Usage:\n" " -i | Specify a pcap file/playlist to read packets from or a\n" " | device for live capture (comma-separated list)\n" @@ -229,7 +234,10 @@ static void help(u_int long_help) { " | 1 = verbose\n" " | 2 = very verbose\n" " | 3 = port stats\n" - " -b | Specify a file to write port based diagnose statistics\n"); + " -b | Specify a file to write port based diagnose statistics\n" + " -x | Produce bpf filters for specified diagnose file. Use\n" + " | this option only for .json files generated with -b flag.\n"); + #ifndef WIN32 printf("\nExcap (wireshark) options:\n" @@ -400,7 +408,7 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:", longopts, &option_idx)) != EOF) { + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -428,6 +436,15 @@ static void parseOptions(int argc, char **argv) { pcap_analysis_duration = atol(optarg); break; + case 'x': +#ifndef HAVE_JSON_C + printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); +#else + _diagnoseFilePath = optarg; + bpf_filter_flag = 1; +#endif + break; + case 'f': case '6': _bpf_filter = optarg; @@ -535,42 +552,45 @@ static void parseOptions(int argc, char **argv) { } } - if(do_capture) { - quiet_mode = 1; - extcap_capture(); - } + if(!bpf_filter_flag){ + + if(do_capture) { + quiet_mode = 1; + extcap_capture(); + } - // check parameters - if(_pcap_file[0] == NULL || strcmp(_pcap_file[0], "") == 0) { - help(0); - } + // check parameters + if(!bpf_filter_flag && (_pcap_file[0] == NULL || strcmp(_pcap_file[0], "") == 0)) { + help(0); + } - if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */ - num_threads = 0; /* setting number of threads = number of interfaces */ - __pcap_file = strtok(_pcap_file[0], ","); - while (__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) { - _pcap_file[num_threads++] = __pcap_file; - __pcap_file = strtok(NULL, ","); + if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */ + num_threads = 0; /* setting number of threads = number of interfaces */ + __pcap_file = strtok(_pcap_file[0], ","); + while (__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) { + _pcap_file[num_threads++] = __pcap_file; + __pcap_file = strtok(NULL, ","); + } + } else { + if(num_threads > MAX_NUM_READER_THREADS) num_threads = MAX_NUM_READER_THREADS; + for(thread_id = 1; thread_id < num_threads; thread_id++) + _pcap_file[thread_id] = _pcap_file[0]; } - } else { - if(num_threads > MAX_NUM_READER_THREADS) num_threads = MAX_NUM_READER_THREADS; - for(thread_id = 1; thread_id < num_threads; thread_id++) - _pcap_file[thread_id] = _pcap_file[0]; - } #ifdef linux - for(thread_id = 0; thread_id < num_threads; thread_id++) - core_affinity[thread_id] = -1; - - if(num_cores > 1 && bind_mask != NULL) { - char *core_id = strtok(bind_mask, ":"); - thread_id = 0; - while (core_id != NULL && thread_id < num_threads) { - core_affinity[thread_id++] = atoi(core_id) % num_cores; - core_id = strtok(NULL, ":"); + for(thread_id = 0; thread_id < num_threads; thread_id++) + core_affinity[thread_id] = -1; + + if(num_cores > 1 && bind_mask != NULL) { + char *core_id = strtok(bind_mask, ":"); + thread_id = 0; + while (core_id != NULL && thread_id < num_threads) { + core_affinity[thread_id++] = atoi(core_id) % num_cores; + core_id = strtok(NULL, ":"); + } } - } #endif + } #ifdef DEBUG_TRACE if(trace) fclose(trace); @@ -1354,6 +1374,7 @@ static int info_pair_cmp (const void *_a, const void *_b) { struct info_pair *a = (struct info_pair *)_a; struct info_pair *b = (struct info_pair *)_b; + return b->count - a->count; } @@ -2243,6 +2264,193 @@ void automataUnitTest() { ndpi_free_automa(automa); } +/* *********************************************** */ + +/** + * @brief Produce port based pbf filter for port array + * and saves it in .json format + */ + +void bpf_filter_produce_filter(int port_array[], int size, char *filePath){ + char *prefix = "bpf_filter_"; + char _filterFilePath[1024]; + char *fileName; + FILE *fp = NULL; + char filter[1024]; + char buf[10]; + int produced = 0; + int i = 0; + + printf("producing bpf filter...\n"); + + strcpy(filter, "not (dst port "); + + while(i < size && port_array[i] != INIT_VAL){ + if(i+1 == size || port_array[i+1] == INIT_VAL) + snprintf(buf, sizeof(buf), "%d", port_array[i]); + else + snprintf(buf, sizeof(buf), "%d or ", port_array[i]); + strncat(filter, buf, sizeof(buf)); + i++; + + produced = 1; + } + + strncat(filter, ")", sizeof(")")); + + + fileName = basename(filePath); + snprintf(_filterFilePath, sizeof(_filterFilePath), "%s%s", prefix, fileName); + + if((fp = fopen(_filterFilePath,"w")) == NULL) { + printf("Error creating .json file %s\n", _filterFilePath); + exit(-1); + } + + json_object *jObj_bpfFilter = json_object_new_object(); + if(produced) + json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); + else + json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string("")); + + fprintf(fp,"%s\n",json_object_to_json_string(jObj_bpfFilter)); + fclose(fp); + + printf("created: %s\n", _filterFilePath); + +} + +/* *********************************************** */ +/** + * @brief Initialize port array + */ + +void bpf_filter_port_array_init(int array[], int size){ + int i; + for(i=0; i FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)){ + + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ + printf("ERROR: invalid json file. Use -x flag only for .json files generated with -b flag.\n"); + exit(-1); + } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(filterPorts, PORT_ARRAY_SIZE, port); + } + } + } + + json_object_put(jObj); /* free memory */ + + bpf_filter_produce_filter(filterPorts, PORT_ARRAY_SIZE, filePath); + +} +#endif + + +/* *********************************************** */ + + /** @brief MAIN FUNCTION **/ @@ -2256,6 +2464,14 @@ int main(int argc, char **argv) { parseOptions(argc, argv); + if(bpf_filter_flag){ +#ifdef HAVE_JSON_C + produceBpfFilters(_diagnoseFilePath); + return 0; +#endif + } + + if((!json_flag) && (!quiet_mode)) { printf("\n-----------------------------------------------------------\n" "* NOTE: This is demo app to show *some* nDPI features.\n" diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 6bed00854..0a465a3c0 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -43,6 +43,10 @@ #define AGGRESSIVE_PERCENT 95.00 #define DIR_SRC 10 #define DIR_DST 20 +#define PORT_ARRAY_SIZE 20 +#define FLOWS_PACKETS_TRESHOLD 0.9 +#define FLOWS_PERCENT_TRESHOLD 1.0 +#define INIT_VAL -1 // flow tracking typedef struct ndpi_flow_info { -- cgit v1.2.3 From 592b769f67a0257582f49e079e2b49db772eeb7a Mon Sep 17 00:00:00 2001 From: MaYuming Date: Sun, 25 Jun 2017 11:15:59 +0800 Subject: fix lync over ICE detection --- src/lib/protocols/stun.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 8c42f56c9..37feb2871 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -98,7 +98,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) - && ((payload[offset+4] == 0x31) || (payload[offset+4] == 0x34)) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -266,7 +265,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); - } + } return; } } -- cgit v1.2.3 From a40507b8b27399ab674b504a861c3ec69a7fd063 Mon Sep 17 00:00:00 2001 From: MaYuming Date: Sun, 25 Jun 2017 16:58:50 +0800 Subject: fix compiler error about json --- example/ndpiReader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 09b909c22..8d8ad85fe 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2270,7 +2270,7 @@ void automataUnitTest() { * @brief Produce port based pbf filter for port array * and saves it in .json format */ - +#ifdef HAVE_JSON_C void bpf_filter_produce_filter(int port_array[], int size, char *filePath){ char *prefix = "bpf_filter_"; char _filterFilePath[1024]; @@ -2319,7 +2319,7 @@ void bpf_filter_produce_filter(int port_array[], int size, char *filePath){ printf("created: %s\n", _filterFilePath); } - +#endif /* *********************************************** */ /** * @brief Initialize port array -- cgit v1.2.3 From dbb9724c4ef528cb329c4518d496940b0e640913 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 27 Jun 2017 11:38:44 +0200 Subject: added fix protocol https://github.com/ntop/nDPI/issues/372 --- src/include/ndpi_define.h | 10 +++--- src/include/ndpi_protocol_ids.h | 5 +-- src/include/ndpi_protocols.h | 2 ++ src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 8 +++++ src/lib/protocols/fix.c | 73 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/fix.pcap | Bin 0 -> 135714 bytes tests/result/fix.pcap.out | 14 ++++++++ 8 files changed, 106 insertions(+), 7 deletions(-) create mode 100644 src/lib/protocols/fix.c create mode 100644 tests/pcap/fix.pcap create mode 100644 tests/result/fix.pcap.out diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h index b632712a1..4878ff748 100644 --- a/src/include/ndpi_define.h +++ b/src/include/ndpi_define.h @@ -1,6 +1,6 @@ /* * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -180,15 +180,15 @@ #define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 #ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ + if(mod != NULL) { \ mod->ndpi_debug_print_file=__FILE__; \ mod->ndpi_debug_print_function=__FUNCTION__; \ mod->ndpi_debug_print_line=__LINE__; \ (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ + } \ } #else /* NDPI_ENABLE_DEBUG_MESSAGES */ #ifdef WIN32 diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1e088ceaa..4c5d6539c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -267,12 +267,13 @@ #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ - #define NDPI_PROTOCOL_SOMEIP 229 +#define NDPI_PROTOCOL_FIX 230 + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOMEIP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 2ac9485ab..65a2bb116 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -197,6 +197,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -341,4 +342,5 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3af5881b7..14288d3a3 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -45,6 +45,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/edonkey.c \ protocols/fasttrack.c \ protocols/fiesta.c \ + protocols/fix.c \ protocols/filetopia.c \ protocols/florensia.c \ protocols/ftp_control.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8ff3855af..18d96394f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1626,6 +1626,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX, + no_master, + no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -2720,6 +2725,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* TINC */ init_tinc_dissector(ndpi_struct, &a, detection_bitmask); + /* FIX */ + init_fix_dissector(ndpi_struct, &a, detection_bitmask); + /*** Put false-positive sensitive protocols at the end ***/ /* SKYPE */ diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c new file mode 100644 index 000000000..b96454c3f --- /dev/null +++ b/src/lib/protocols/fix.c @@ -0,0 +1,73 @@ +/* + * fix.c + * + * Copyright (C) 2017 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocols.h" + +#ifdef NDPI_PROTOCOL_FIX + +void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + if(packet->tcp) { + // 8= + if(packet->payload[0] == 0x38 && packet->payload[1] == 0x3d) { + // FIX. + if(packet->payload[2] == 0x46 && + packet->payload[3] == 0x49 && + packet->payload[4] == 0x58 && + packet->payload[5] == 0x2e) { + + NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); + return; + } + // 0. 9= + if(packet->payload[2] == 0x4f && + packet->payload[3] == 0x01 && + packet->payload[4] == 0x39 && + packet->payload[5] == 0x3d) { + + NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + } + /* exclude FIX */ + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIX); +} + + +void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("FIX", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_FIX, + ndpi_search_fix, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + + +#endif diff --git a/tests/pcap/fix.pcap b/tests/pcap/fix.pcap new file mode 100644 index 000000000..0b6b37b55 Binary files /dev/null and b/tests/pcap/fix.pcap differ diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out new file mode 100644 index 000000000..66707122e --- /dev/null +++ b/tests/result/fix.pcap.out @@ -0,0 +1,14 @@ +FIX 1261 115514 12 + + 1 TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][18 pkts/1938 bytes <-> 18 pkts/1358 bytes] + 2 TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][4 pkts/342 bytes <-> 2 pkts/303 bytes] + 3 TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] + 4 TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][111 pkts/16881 bytes <-> 111 pkts/7680 bytes] + 5 TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][201 pkts/21246 bytes <-> 200 pkts/13460 bytes] + 6 TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][5 pkts/577 bytes <-> 5 pkts/484 bytes] + 7 TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][6 pkts/513 bytes <-> 4 pkts/522 bytes] + 8 TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][9 pkts/961 bytes <-> 9 pkts/700 bytes] + 9 TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][6 pkts/441 bytes <-> 4 pkts/477 bytes] + 10 TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] + 11 TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][228 pkts/26333 bytes <-> 228 pkts/13920 bytes] + 12 TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][35 pkts/3022 bytes <-> 35 pkts/2342 bytes] -- cgit v1.2.3 From 4a1ced37099d32867cf531b8eb1bb31f9f3db558 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Tue, 27 Jun 2017 12:10:50 +0200 Subject: Removes invalid char in SOME/IP proto name --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 18d96394f..a2f957ce9 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1573,7 +1573,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, no_master, - no_master, "SOME/IP", NDPI_PROTOCOL_CATEGORY_RPC, + no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, -- cgit v1.2.3 From e857c5fb41b8bbfbc61efcba1b787eeaa87dc089 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 30 Jun 2017 09:52:26 +0200 Subject: extended bpf filter produced by -x flag to include hosts --- example/ndpiReader.c | 323 ++++++++++++++++++++++++++++++++++++++++----------- example/ndpi_util.h | 1 + 2 files changed, 255 insertions(+), 69 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8d8ad85fe..4f54e4793 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1309,7 +1309,10 @@ static void json_open_stats_file() { } static void json_close_stats_file() { - fprintf(stats_fp,"%s\n",json_object_to_json_string(jArray_topStats)); + json_object *jObjFinal = json_object_new_object(); + json_object_object_add(jObjFinal,"duration.in.seconds",json_object_new_int(pcap_analysis_duration)); + json_object_object_add(jObjFinal,"statistics", jArray_topStats); + fprintf(stats_fp,"%s\n",json_object_to_json_string(jObjFinal)); fclose(stats_fp); } #endif @@ -1538,6 +1541,7 @@ static void saveTopStats(json_object **jObj_group, json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"ip.total",json_object_new_int64(s->num_addr)); json_object_object_add(jObj_stat,"ip.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); + json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); json_object_array_add(jArray_stats,jObj_stat); i++; @@ -1850,9 +1854,6 @@ static void printResults(u_int64_t tot_usec) { if(stats_flag) { #ifdef HAVE_JSON_C - u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats); - u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats); - json_object *jObj_stats = json_object_new_object(); char timestamp[64]; @@ -1860,6 +1861,9 @@ static void printResults(u_int64_t tot_usec) { json_object_object_add(jObj_stats, "time", json_object_new_string(timestamp)); saveScannerStats(&jObj_stats, scannerHosts); + + u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats); + u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats); saveTopStats(&jObj_stats, topSrcStats, DIR_SRC, cumulative_stats.ndpi_flow_count, total_src_addr); saveTopStats(&jObj_stats, topDstStats, DIR_DST, cumulative_stats.ndpi_flow_count, total_dst_addr); @@ -2267,36 +2271,63 @@ void automataUnitTest() { /* *********************************************** */ /** - * @brief Produce port based pbf filter for port array - * and saves it in .json format + * @brief Produce bpf filter to filter ports and hosts, + * save it in .json format */ #ifdef HAVE_JSON_C -void bpf_filter_produce_filter(int port_array[], int size, char *filePath){ +void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath){ + FILE *fp = NULL; char *prefix = "bpf_filter_"; char _filterFilePath[1024]; char *fileName; - FILE *fp = NULL; - char filter[1024]; - char buf[10]; + char filter[2048]; + char portBuf[10]; + char hostBuf[64]; int produced = 0; int i = 0; printf("producing bpf filter...\n"); - strcpy(filter, "not (dst port "); - while(i < size && port_array[i] != INIT_VAL){ - if(i+1 == size || port_array[i+1] == INIT_VAL) - snprintf(buf, sizeof(buf), "%d", port_array[i]); - else - snprintf(buf, sizeof(buf), "%d or ", port_array[i]); - strncat(filter, buf, sizeof(buf)); - i++; + if(port_array[0] != INIT_VAL){ + + strcpy(filter, "not (src port "); + while(i < p_size && port_array[i] != INIT_VAL){ + if(i+1 == p_size || port_array[i+1] == INIT_VAL) + snprintf(portBuf, sizeof(portBuf), "%d", port_array[i]); + else + snprintf(portBuf, sizeof(portBuf), "%d or ", port_array[i]); + strncat(filter, portBuf, sizeof(portBuf)); + i++; + } + + strncat(filter, ")", sizeof(")")); produced = 1; } - strncat(filter, ")", sizeof(")")); + + if(host_array[0] != NULL){ + + if(port_array[0] != INIT_VAL) + strncat(filter, " and not (host ", sizeof(" and not (host ")); + else + strcpy(filter, "not (host "); + + i=0; + + while(i < h_size && host_array[i] != NULL){ + if(i+1 == h_size || host_array[i+1] == NULL) + snprintf(hostBuf, sizeof(hostBuf), "%s", host_array[i]); + else + snprintf(hostBuf, sizeof(hostBuf), "%s or ", host_array[i]); + strncat(filter, hostBuf, sizeof(hostBuf)); + i++; + } + + strncat(filter, ")", sizeof(")")); + produced = 1; + } fileName = basename(filePath); @@ -2307,19 +2338,22 @@ void bpf_filter_produce_filter(int port_array[], int size, char *filePath){ exit(-1); } + json_object *jObj_bpfFilter = json_object_new_object(); + if(produced) - json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); + json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); else json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string("")); fprintf(fp,"%s\n",json_object_to_json_string(jObj_bpfFilter)); fclose(fp); - printf("created: %s\n", _filterFilePath); + printf("created: %s\n", _filterFilePath); } #endif + /* *********************************************** */ /** * @brief Initialize port array @@ -2333,7 +2367,41 @@ void bpf_filter_port_array_init(int array[], int size){ /* *********************************************** */ /** - * @brief Add port to port array + * @brief Initialize host array + */ + +void bpf_filter_host_array_init(const char *array[48], int size){ + int i; + for(i=0; i treshold) + * and have (#flows > %1 of total flows) to the srcPortArray + * to filter + */ +#ifdef HAVE_JSON_C +void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPortArray[], int size){ + int j; + + for(j=0; j FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)){ + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ + fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(srcPortArray, size, port); + } + } +} +#endif + +/* *********************************************** */ + +/* + * @brief add scanner hosts which have more than 1000 + * flows per second to the srcHostArray to filter + */ +#ifdef HAVE_JSON_C +void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const char *srcHostArray[48], int size){ + int j; + + for(j=0; j 1000){ + if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0){ + fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + const char *host_address = json_object_get_string(jObj_host_address); + + bpf_filter_host_array_add(srcHostArray, size, host_address); + + } + } +} +#endif + +/* *********************************************** */ + +/* + * @brief add ports which have more than 1000 flows per + * second to the srcHostArray to filter + */ #ifdef HAVE_JSON_C -static void produceBpfFilters(char *filePath){ +void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration, int srcPortArray[], int size){ + int j; + + for(j=0; j 1000){ + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ + fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(srcPortArray, size, port); + } + } +} +#endif + +/* *********************************************** */ + +#ifdef HAVE_JSON_C +static void produceBpfFilter(char *filePath){ int fsock; struct stat statbuf; void *fmap; - struct json_object *jObj; /* entire json object from file */ - int filterPorts[PORT_ARRAY_SIZE]; /* ports to filter */ + int filterSrcPorts[PORT_ARRAY_SIZE]; /* ports to filter */ + const char *filterSrcHosts[48]; /* hosts to filter */ + json_object *jObj; /* entire json object from file */ + json_object *jObj_duration; + json_object *jObj_statistics; /* json array */ + json_bool res; + int duration; + int typeCheck; int array_len; - int typeCheck; /* jObj should be a json array */ int i; @@ -2381,69 +2572,63 @@ static void produceBpfFilters(char *filePath){ } if((jObj = json_tokener_parse(fmap)) == NULL){ - printf("ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); + fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - if((typeCheck = json_object_is_type(jObj, json_type_array)) == 0){ - printf("ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); + + if((res = json_object_object_get_ex(jObj, "duration.in.seconds", &jObj_duration)) == 0){ + fprintf(stderr,"ERROR: can't get \"duration.in.seconds\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } + duration = json_object_get_int(jObj_duration); + + + if((res = json_object_object_get_ex(jObj, "statistics", &jObj_statistics)) == 0){ + fprintf(stderr,"ERROR: can't get \"statistics\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + + if((typeCheck = json_object_is_type(jObj_statistics, json_type_array)) == 0){ + fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + array_len = json_object_array_length(jObj_statistics); + + bpf_filter_port_array_init(filterSrcPorts, PORT_ARRAY_SIZE); + bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); - bpf_filter_port_array_init(filterPorts, PORT_ARRAY_SIZE); - array_len = json_object_array_length(jObj); for(i=0; i FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)){ - if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ - printf("ERROR: invalid json file. Use -x flag only for .json files generated with -b flag.\n"); - exit(-1); - } - int port = json_object_get_int(jObj_port); - - bpf_filter_port_array_add(filterPorts, PORT_ARRAY_SIZE, port); - } + if((res = json_object_object_get_ex(stats, "top.src.ip.stats", &val)) == 0){ + fprintf(stderr,"ERROR: can't get \"top.src.ip.stats\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); } + getHostBasedSourcePortsToFilter(val, duration, filterSrcPorts, PORT_ARRAY_SIZE); + } + bpf_filter_produce_filter(filterSrcPorts, PORT_ARRAY_SIZE, filterSrcHosts, HOST_ARRAY_SIZE, filePath); + json_object_put(jObj); /* free memory */ - - bpf_filter_produce_filter(filterPorts, PORT_ARRAY_SIZE, filePath); - } #endif @@ -2466,7 +2651,7 @@ int main(int argc, char **argv) { if(bpf_filter_flag){ #ifdef HAVE_JSON_C - produceBpfFilters(_diagnoseFilePath); + produceBpfFilter(_diagnoseFilePath); return 0; #endif } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 0a465a3c0..f6d315748 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -44,6 +44,7 @@ #define DIR_SRC 10 #define DIR_DST 20 #define PORT_ARRAY_SIZE 20 +#define HOST_ARRAY_SIZE 20 #define FLOWS_PACKETS_TRESHOLD 0.9 #define FLOWS_PERCENT_TRESHOLD 1.0 #define INIT_VAL -1 -- cgit v1.2.3 From 5bf6be7eb80991c7525da2485599ad8c972fbbb5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 30 Jun 2017 11:32:23 -0400 Subject: Improved checks on libnuma --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 1507cc43b..eec6878f5 100644 --- a/configure.ac +++ b/configure.ac @@ -40,7 +40,7 @@ SHORT_MACHINE=`uname -m | cut -b1-3` if test $SHORT_MACHINE = "arm"; then LIBNUMA="" else - LIBNUMA="-lnuma" + AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) fi if test -f $PCAP_HOME/libpcap/libpcap.a; then : -- cgit v1.2.3 From 9bfab472e4a40db84768952d11f0866e181d0b65 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 6 Jul 2017 08:29:21 +0200 Subject: Win fix --- src/include/ndpi_win32.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index 175ecd57d..8a952b293 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -63,6 +63,8 @@ typedef unsigned __int64 u_int64_t; #define gmtime_r(a, b) memcpy(b, gmtime(a), sizeof(struct tm)) +#define in_addr_t unsigned long + extern unsigned long waitForNextEvent(unsigned long ulDelay /* ms */); #define sleep(a /* sec */) waitForNextEvent(1000*a /* ms */) -- cgit v1.2.3 From d66e473a2c1d336e024c4d8bcefb3785e16ffd5e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 6 Jul 2017 09:28:15 +0200 Subject: Code cleanup Updated test results Renamed SOMEIP -> someip --- example/ndpiReader.c | 451 +++++++++++++++--------------- src/lib/Makefile.am | 2 +- src/lib/protocols/SOMEIP.c | 223 --------------- src/lib/protocols/someip.c | 223 +++++++++++++++ tests/result/KakaoTalk_talk.pcap.out | 4 +- tests/result/http_ipv6.pcap.out | 8 +- tests/result/mpeg.pcap.out | 2 +- tests/result/ocs.pcap.out | 5 +- tests/result/quickplay.pcap.out | 12 +- tests/result/skype.pcap.out | 314 ++++++++++----------- tests/result/wechat.pcap.out | 19 +- tests/result/whatsapp_login_call.pcap.out | 6 +- 12 files changed, 635 insertions(+), 634 deletions(-) delete mode 100644 src/lib/protocols/SOMEIP.c create mode 100644 src/lib/protocols/someip.c diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4f54e4793..a93147421 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -95,16 +95,16 @@ static time_t capture_until = 0; static u_int32_t num_flows; struct info_pair{ - char addr[48]; - char proto[48]; /*app level protocol*/ - int count; + char addr[48]; + char proto[48]; /*app level protocol*/ + int count; }; typedef struct node_a{ - char addr[48]; - int count; - char proto[48]; /*app level protocol*/ - struct node_a *left, *right; + char addr[48]; + int count; + char proto[48]; /*app level protocol*/ + struct node_a *left, *right; }addr_node; struct port_stats { @@ -436,7 +436,7 @@ static void parseOptions(int argc, char **argv) { pcap_analysis_duration = atol(optarg); break; - case 'x': + case 'x': #ifndef HAVE_JSON_C printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); #else @@ -552,7 +552,7 @@ static void parseOptions(int argc, char **argv) { } } - if(!bpf_filter_flag){ + if(!bpf_filter_flag) { if(do_capture) { quiet_mode = 1; @@ -847,7 +847,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int32_t dport){ +void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int32_t dport) { struct single_flow_info *f; HASH_FIND_STR(*scanners, saddr, f); @@ -874,7 +874,7 @@ void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int HASH_FIND_INT(f->ports, &dport, pp); - if(pp == NULL){ + if(pp == NULL) { pp = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); if(!pp) return; pp->port = dport; @@ -897,7 +897,7 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { return 0; while (*rootp != (addr_node *)0) { /* Knuth's T1: */ - if((r = strcmp(key, ((*rootp)->addr))) == 0){ /* T2: */ + if((r = strcmp(key, ((*rootp)->addr))) == 0) { /* T2: */ return ++((*rootp)->count); } @@ -940,48 +940,48 @@ void freeIpTree(addr_node *root) { /* *********************************************** */ -void updateTopIpAddress(const char *addr, const char *proto, int count, struct info_pair top[], int size){ - int update = 0; - int r; - int i; - int min_i = 0; - int min = count; - struct info_pair pair; +void updateTopIpAddress(const char *addr, const char *proto, int count, struct info_pair top[], int size) { + int update = 0; + int r; + int i; + int min_i = 0; + int min = count; + struct info_pair pair; - if(count == 0) return; + if(count == 0) return; - strncpy(pair.addr, addr, sizeof(pair.addr)); - strncpy(pair.proto, proto, sizeof(pair.proto)); - pair.count = count; + strncpy(pair.addr, addr, sizeof(pair.addr)); + strncpy(pair.proto, proto, sizeof(pair.proto)); + pair.count = count; - for(i=0; inum_addr++; if(count) { - s->cumulative_addr++; - updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + s->cumulative_addr++; + updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); } s->num_pkts += num_pkts, s->num_bytes += num_bytes, s->num_flows++; @@ -1030,7 +1030,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ -static void deleteScanners(struct single_flow_info *scanners){ +static void deleteScanners(struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; @@ -1064,33 +1064,33 @@ static void deletePortsStats(struct port_stats *stats) { */ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; - u_int16_t sport, dport; - char saddr[48], daddr[48]; - char proto[48]; - u_int16_t thread_id = *(int *)user_data; - int r; + struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; + u_int16_t sport, dport; + char saddr[48], daddr[48]; + char proto[48]; + u_int16_t thread_id = *(int *)user_data; + int r; - sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); - strncpy(saddr, flow->src_name, sizeof(saddr)); - strncpy(daddr, flow->dst_name, sizeof(daddr)); + sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); + strncpy(saddr, flow->src_name, sizeof(saddr)); + strncpy(daddr, flow->dst_name, sizeof(daddr)); - /* get app level protocol */ - if(flow->detected_protocol.master_protocol) - ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol, proto, sizeof(proto)); - else - strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.app_protocol),sizeof(proto)); + /* get app level protocol */ + if(flow->detected_protocol.master_protocol) + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol, proto, sizeof(proto)); + else + strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.app_protocol),sizeof(proto)); - if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) - && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)){ + if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) + && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)) { - updateScanners(&scannerHosts, saddr, dport); - } + updateScanners(&scannerHosts, saddr, dport); + } - updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); - updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); + updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); } } @@ -1135,7 +1135,7 @@ static void on_protocol_discovered(struct ndpi_workflow * workflow, const u_int16_t thread_id = (uintptr_t) udata; - if(verbose > 1){ + if(verbose > 1) { if(enable_protocol_guess) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), @@ -1299,13 +1299,13 @@ static void json_init() { } static void json_open_stats_file() { - if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) - || - (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { - printf("Error creating/opening file %s\n", _statsFilePath); - stats_flag = 0; - } - else file_first_time = 0; + if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) + || + (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { + printf("Error creating/opening file %s\n", _statsFilePath); + stats_flag = 0; + } + else file_first_time = 0; } static void json_close_stats_file() { @@ -1375,10 +1375,10 @@ static int scanners_port_sort(void *_a, void *_b) { static int info_pair_cmp (const void *_a, const void *_b) { - struct info_pair *a = (struct info_pair *)_a; - struct info_pair *b = (struct info_pair *)_b; + struct info_pair *a = (struct info_pair *)_a; + struct info_pair *b = (struct info_pair *)_b; - return b->count - a->count; + return b->count - a->count; } /* *********************************************** */ @@ -1406,14 +1406,14 @@ static void deleteTopStats(struct top_stats *stats) { /** * @brief Get port based top statistics */ -static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ +static int getTopStats(struct top_stats **topStats, struct port_stats *stats) { struct top_stats *s; struct port_stats *sp, *tmp; struct info_pair inf; u_int64_t total_ip_addrs = 0; /* stats are ordered by packet number */ - HASH_ITER(hh, stats, sp, tmp){ + HASH_ITER(hh, stats, sp, tmp) { s = (struct top_stats *)malloc(sizeof(struct top_stats)); memset(s, 0, sizeof(struct top_stats)); @@ -1425,7 +1425,7 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); inf = sp->top_ip_addrs[0]; - if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT){ + if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT) { strncpy(s->top_ip, inf.addr, sizeof(s->top_ip)); strncpy(s->proto, inf.proto, sizeof(s->proto)); } @@ -1442,7 +1442,7 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ /* *********************************************** */ #ifdef HAVE_JSON_C -static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners){ +static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; json_object *jArray_stats = json_object_new_array(); @@ -1496,7 +1496,7 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int direction, u_int64_t total_flow_count, - u_int64_t total_ip_addr){ + u_int64_t total_ip_addr) { struct top_stats *s, *tmp; json_object *jArray_stats = json_object_new_array(); @@ -1505,14 +1505,14 @@ static void saveTopStats(json_object **jObj_group, /* stats for packet burst diagnose */ HASH_ITER(hh, stats, s, tmp) { - if(s->top_ip[0] != '\0'){ + if(s->top_ip[0] != '\0') { json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); json_object_object_add(jObj_stat,"flows.percent",json_object_new_double((s->num_flows*100.0)/total_flow_count)); if(s->num_pkts) json_object_object_add(jObj_stat,"flows/packets", - json_object_new_double(((double)s->num_flows)/s->num_pkts)); + json_object_new_double(((double)s->num_flows)/s->num_pkts)); else json_object_object_add(jObj_stat,"flows.num_packets",json_object_new_double(0.0)); json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); @@ -1526,7 +1526,7 @@ static void saveTopStats(json_object **jObj_group, } json_object_object_add(*jObj_group, (direction == DIR_SRC) ? - "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_stats); + "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_stats); jArray_stats = json_object_new_array(); i=0; @@ -1550,7 +1550,7 @@ static void saveTopStats(json_object **jObj_group, } json_object_object_add(*jObj_group, (direction == DIR_SRC) ? - "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); + "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); } #endif @@ -1568,10 +1568,10 @@ void printPortStats(struct port_stats *stats) { qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); for(j=0; jtop_ip_addrs[j].count != 0) { - printf("\t\t%-36s ~ %.2f%%\n", s->top_ip_addrs[j].addr, - ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); - } + if(s->top_ip_addrs[j].count != 0) { + printf("\t\t%-36s ~ %.2f%%\n", s->top_ip_addrs[j].addr, + ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); + } } printf("\n"); @@ -1879,9 +1879,9 @@ static void printResults(u_int64_t tot_usec) { #endif } - if(verbose == 3 || stats_flag){ - deletePortsStats(srcStats), deletePortsStats(dstStats); - srcStats = NULL, dstStats = NULL; + if(verbose == 3 || stats_flag) { + deletePortsStats(srcStats), deletePortsStats(dstStats); + srcStats = NULL, dstStats = NULL; } @@ -2164,7 +2164,7 @@ void * processing_thread(void *_thread_id) { if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); pcap_loop: - runPcapLoop(thread_id); + runPcapLoop(thread_id); if(playlist_fp[thread_id] != NULL) { /* playlist: read next file */ char filename[256]; @@ -2242,11 +2242,11 @@ void test_lib() { /* Printing cumulative results */ printResults(tot_usec); -if(stats_flag){ + if(stats_flag) { #ifdef HAVE_JSON_C - json_close_stats_file(); + json_close_stats_file(); #endif -} + } for(thread_id = 0; thread_id < num_threads; thread_id++) { if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) @@ -2275,40 +2275,39 @@ void automataUnitTest() { * save it in .json format */ #ifdef HAVE_JSON_C -void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath){ +void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath) { FILE *fp = NULL; char *prefix = "bpf_filter_"; char _filterFilePath[1024]; char *fileName; char filter[2048]; - char portBuf[10]; - char hostBuf[64]; int produced = 0; int i = 0; - printf("producing bpf filter...\n"); - - - if(port_array[0] != INIT_VAL){ - + if(port_array[0] != INIT_VAL) { + int l; + strcpy(filter, "not (src port "); - while(i < p_size && port_array[i] != INIT_VAL){ + while(i < p_size && port_array[i] != INIT_VAL) { + l = strlen(filter); + if(i+1 == p_size || port_array[i+1] == INIT_VAL) - snprintf(portBuf, sizeof(portBuf), "%d", port_array[i]); + snprintf(&filter[l], sizeof(filter)-l, "%d", port_array[i]); else - snprintf(portBuf, sizeof(portBuf), "%d or ", port_array[i]); - strncat(filter, portBuf, sizeof(portBuf)); + snprintf(&filter[l], sizeof(filter)-l, "%d or ", port_array[i]); i++; } - strncat(filter, ")", sizeof(")")); + l = strlen(filter); + snprintf(&filter[l], sizeof(filter)-l, "%s", ")"); produced = 1; } - if(host_array[0] != NULL){ - + if(host_array[0] != NULL) { + int l; + if(port_array[0] != INIT_VAL) strncat(filter, " and not (host ", sizeof(" and not (host ")); else @@ -2316,40 +2315,40 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar i=0; - while(i < h_size && host_array[i] != NULL){ + while(i < h_size && host_array[i] != NULL) { + l = strlen(filter); + if(i+1 == h_size || host_array[i+1] == NULL) - snprintf(hostBuf, sizeof(hostBuf), "%s", host_array[i]); + snprintf(&filter[l], sizeof(filter)-l, "%s", host_array[i]); else - snprintf(hostBuf, sizeof(hostBuf), "%s or ", host_array[i]); - strncat(filter, hostBuf, sizeof(hostBuf)); + snprintf(&filter[l], sizeof(filter)-l, "%s or ", host_array[i]); + i++; } - - strncat(filter, ")", sizeof(")")); + + l = strlen(filter); + snprintf(&filter[l], sizeof(filter)-l, "%s", ")"); produced = 1; } - fileName = basename(filePath); - snprintf(_filterFilePath, sizeof(_filterFilePath), "%s%s", prefix, fileName); + snprintf(_filterFilePath, sizeof(_filterFilePath), "%s.bpf", filePath); if((fp = fopen(_filterFilePath,"w")) == NULL) { printf("Error creating .json file %s\n", _filterFilePath); exit(-1); } - json_object *jObj_bpfFilter = json_object_new_object(); if(produced) - json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); + json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); else json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string("")); fprintf(fp,"%s\n",json_object_to_json_string(jObj_bpfFilter)); fclose(fp); - printf("created: %s\n", _filterFilePath); } #endif @@ -2359,7 +2358,7 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar * @brief Initialize port array */ -void bpf_filter_port_array_init(int array[], int size){ +void bpf_filter_port_array_init(int array[], int size) { int i; for(i=0; i FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)){ - if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ - fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); - exit(-1); - } - int port = json_object_get_int(jObj_port); - bpf_filter_port_array_add(srcPortArray, size, port); + if((flows_packets > FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)) { + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { + fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(srcPortArray, size, port); } + } } #endif @@ -2471,33 +2470,33 @@ void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPor * flows per second to the srcHostArray to filter */ #ifdef HAVE_JSON_C -void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const char *srcHostArray[48], int size){ - int j; +void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const char *srcHostArray[48], int size) { + int j; - for(j=0; j 1000){ - if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0){ - fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); - exit(-1); - } - const char *host_address = json_object_get_string(jObj_host_address); + if((tot_flows_number/duration) > 1000) { + if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0) { + fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + const char *host_address = json_object_get_string(jObj_host_address); - bpf_filter_host_array_add(srcHostArray, size, host_address); + bpf_filter_host_array_add(srcHostArray, size, host_address); - } } + } } #endif @@ -2508,39 +2507,39 @@ void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const * second to the srcHostArray to filter */ #ifdef HAVE_JSON_C -void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration, int srcPortArray[], int size){ - int j; +void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration, int srcPortArray[], int size) { + int j; - for(j=0; j 1000){ - if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ - fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); - exit(-1); - } - int port = json_object_get_int(jObj_port); - bpf_filter_port_array_add(srcPortArray, size, port); + if((flows_number/duration) > 1000) { + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { + fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(srcPortArray, size, port); } + } } #endif /* *********************************************** */ #ifdef HAVE_JSON_C -static void produceBpfFilter(char *filePath){ +static void produceBpfFilter(char *filePath) { int fsock; struct stat statbuf; void *fmap; @@ -2556,40 +2555,40 @@ static void produceBpfFilter(char *filePath){ int i; - if((fsock = open(filePath, O_RDONLY)) == -1){ - fprintf(stderr,"error opening file %s\n", filePath); - exit(-1); + if((fsock = open(filePath, O_RDONLY)) == -1) { + fprintf(stderr,"error opening file %s\n", filePath); + exit(-1); } - if(fstat(fsock, &statbuf) == -1){ - fprintf(stderr,"error getting file stat\n"); - exit(-1); + if(fstat(fsock, &statbuf) == -1) { + fprintf(stderr,"error getting file stat\n"); + exit(-1); } - if((fmap = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, fsock, 0)) == MAP_FAILED){ - fprintf(stderr,"error mmap is failed\n"); - exit(-1); + if((fmap = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, fsock, 0)) == MAP_FAILED) { + fprintf(stderr,"error mmap is failed\n"); + exit(-1); } - if((jObj = json_tokener_parse(fmap)) == NULL){ + if((jObj = json_tokener_parse(fmap)) == NULL) { fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - if((res = json_object_object_get_ex(jObj, "duration.in.seconds", &jObj_duration)) == 0){ + if((res = json_object_object_get_ex(jObj, "duration.in.seconds", &jObj_duration)) == 0) { fprintf(stderr,"ERROR: can't get \"duration.in.seconds\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } duration = json_object_get_int(jObj_duration); - if((res = json_object_object_get_ex(jObj, "statistics", &jObj_statistics)) == 0){ + if((res = json_object_object_get_ex(jObj, "statistics", &jObj_statistics)) == 0) { fprintf(stderr,"ERROR: can't get \"statistics\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - if((typeCheck = json_object_is_type(jObj_statistics, json_type_array)) == 0){ + if((typeCheck = json_object_is_type(jObj_statistics, json_type_array)) == 0) { fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } @@ -2600,25 +2599,25 @@ static void produceBpfFilter(char *filePath){ bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); - for(i=0; i - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your omessage_typeion) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_SOMEIP - -enum SOMEIP_MESSAGE_TYPES { - REQUEST = 0x00, - REQUEST_NO_RETURN = 0x01, - NOTIFICATION = 0x02, - REQUEST_ACK = 0x40, - REQUEST_NO_RETURN_ACK = 0x41, - NOTIFICATION_ACK = 0x42, - RESPONSE = 0x80, - ERROR = 0x81, - RESPONSE_ACK = 0xc0, - ERROR_ACK = 0xc1 -}; - -enum SOMEIP_RETURN_CODES { - E_OK = 0x00, - E_NOT_OK = 0x01, - E_UNKNOWN_SERVICE = 0x02, - E_UNKNOWN_METHOD = 0x03, - E_NOT_READY = 0x04, - E_NOT_REACHABLE = 0x05, - E_TIMEOUT = 0x06, - E_WRONG_PROTOCOL_VERSION = 0x07, - E_WRONG_INTERFACE_VERSION = 0x08, - E_MALFORMED_MESSAGE = 0x09, - E_WRONG_MESSAGE_TYPE = 0x0a, - E_RETURN_CODE_LEGAL_THRESHOLD = 0x40 //return codes from 0x40 (inclusive) and upwards are illegal. -}; - -enum SPECIAL_MESSAGE_IDS { - MSG_MAGIC_COOKIE = 0xffff0000, - MSG_MAGIC_COOKIE_ACK = 0xffff8000, - MSG_SD = 0xffff8100 -}; - -enum PROTOCOL_VERSION{ - LEGAL_PROTOCOL_VERSION = 0x01 -}; - -enum MAGIC_COOKIE_CONSTANTS{ - MC_REQUEST_ID = 0xDEADBEEF, - MC_LENGTH = 0x08, - MC_INTERFACE_VERSION = 0x01 -}; - -enum DEFAULT_PROTOCOL_PORTS{ - PORT_DEFAULT_CLIENT = 30491, - PORT_DEFAULT_SERVER = 30501, - PORT_DEFAULT_SD = 30490 -}; - -/** - * Entry point when protocol is identified. - */ -static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); -} - -/** - * Dissector function that searches SOME/IP headers - */ -void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) -{ - - //####Maybe check carrier protocols?#### - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - const struct ndpi_packet_struct *packet = &flow->packet; - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { - return; - } - - //we extract the Message ID and Request ID and check for special cases later - u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); - u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", - message_id, packet->payload_packet_len); - if (packet->payload_packet_len < 16) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### - - // we extract the remaining length - u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); - if (packet->payload_packet_len != (someip_len + 8)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); - if (protocol_version != LEGAL_PROTOCOL_VERSION){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - u_int8_t interface_version = (packet->payload[13]); - - u_int8_t message_type = (u_int8_t) (packet->payload[14]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); - - if ((message_type != REQUEST) && (message_type != REQUEST_NO_RETURN) && (message_type != NOTIFICATION) && (message_type != REQUEST_ACK) && - (message_type != REQUEST_NO_RETURN_ACK) && (message_type != NOTIFICATION_ACK) && (message_type != RESPONSE) && - (message_type != ERROR) && (message_type != RESPONSE_ACK) && (message_type != ERROR_ACK)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - u_int8_t return_code = (u_int8_t) (packet->payload[15]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); - if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - if (message_id == MSG_MAGIC_COOKIE){ - if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && - (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - } - - if (message_id == MSG_MAGIC_COOKIE_ACK){ - if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && - (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - } - - if (message_id == MSG_SD){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); - } - - //Filtering by port. - //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. - //This is is PURELY for demo purposes and the rest of the check must be filled in later on! - if (packet->l4_protocol == IPPROTO_UDP){ - if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - } - if (packet->l4_protocol == IPPROTO_TCP){ - if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - } - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; -} -/** - * Entry point for the ndpi library - */ -void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, - u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); - ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_SOMEIP, - ndpi_search_someip, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); - *id +=1; -} - -#endif // NDPI_PROTOCOL_SOMEIP - diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c new file mode 100644 index 000000000..714648417 --- /dev/null +++ b/src/lib/protocols/someip.c @@ -0,0 +1,223 @@ +/* + * someip.c + * + * Copyright (C) 2016 Sorin Zamfir + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your omessage_typeion) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_SOMEIP + +enum SOMEIP_MESSAGE_TYPES { + SOMEIP_REQUEST = 0x00, + SOMEIP_REQUEST_NO_RETURN = 0x01, + SOMEIP_NOTIFICATION = 0x02, + SOMEIP_REQUEST_ACK = 0x40, + SOMEIP_REQUEST_NO_RETURN_ACK = 0x41, + SOMEIP_NOTIFICATION_ACK = 0x42, + SOMEIP_RESPONSE = 0x80, + SOMEIP_ERROR = 0x81, + SOMEIP_RESPONSE_ACK = 0xc0, + SOMEIP_ERROR_ACK = 0xc1 +}; + +enum SOMEIP_RETURN_CODES { + E_OK = 0x00, + E_NOT_OK = 0x01, + E_UNKNOWN_SERVICE = 0x02, + E_UNKNOWN_METHOD = 0x03, + E_NOT_READY = 0x04, + E_NOT_REACHABLE = 0x05, + E_TIMEOUT = 0x06, + E_WRONG_PROTOCOL_VERSION = 0x07, + E_WRONG_INTERFACE_VERSION = 0x08, + E_MALFORMED_MESSAGE = 0x09, + E_WRONG_MESSAGE_TYPE = 0x0a, + E_RETURN_CODE_LEGAL_THRESHOLD = 0x40 //return codes from 0x40 (inclusive) and upwards are illegal. +}; + +enum SPECIAL_MESSAGE_IDS { + MSG_MAGIC_COOKIE = 0xffff0000, + MSG_MAGIC_COOKIE_ACK = 0xffff8000, + MSG_SD = 0xffff8100 +}; + +enum PROTOCOL_VERSION{ + LEGAL_PROTOCOL_VERSION = 0x01 +}; + +enum MAGIC_COOKIE_CONSTANTS{ + MC_REQUEST_ID = 0xDEADBEEF, + MC_LENGTH = 0x08, + MC_INTERFACE_VERSION = 0x01 +}; + +enum DEFAULT_PROTOCOL_PORTS{ + PORT_DEFAULT_CLIENT = 30491, + PORT_DEFAULT_SERVER = 30501, + PORT_DEFAULT_SD = 30490 +}; + +/** + * Entry point when protocol is identified. + */ +static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); +} + +/** + * Dissector function that searches SOME/IP headers + */ +void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + + //####Maybe check carrier protocols?#### + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + const struct ndpi_packet_struct *packet = &flow->packet; + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { + return; + } + + //we extract the Message ID and Request ID and check for special cases later + u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); + u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", + message_id, packet->payload_packet_len); + if (packet->payload_packet_len < 16) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### + + // we extract the remaining length + u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); + if (packet->payload_packet_len != (someip_len + 8)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + if (protocol_version != LEGAL_PROTOCOL_VERSION){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + u_int8_t interface_version = (packet->payload[13]); + + u_int8_t message_type = (u_int8_t) (packet->payload[14]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + + if ((message_type != SOMEIP_REQUEST) && (message_type != SOMEIP_REQUEST_NO_RETURN) && (message_type != SOMEIP_NOTIFICATION) && (message_type != SOMEIP_REQUEST_ACK) && + (message_type != SOMEIP_REQUEST_NO_RETURN_ACK) && (message_type != SOMEIP_NOTIFICATION_ACK) && (message_type != SOMEIP_RESPONSE) && + (message_type != SOMEIP_ERROR) && (message_type != SOMEIP_RESPONSE_ACK) && (message_type != SOMEIP_ERROR_ACK)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + u_int8_t return_code = (u_int8_t) (packet->payload[15]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); + if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + if (message_id == MSG_MAGIC_COOKIE){ + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && + (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_MAGIC_COOKIE_ACK){ + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && + (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_SD){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); + } + + //Filtering by port. + //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. + //This is is PURELY for demo purposes and the rest of the check must be filled in later on! + if (packet->l4_protocol == IPPROTO_UDP){ + if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + } + if (packet->l4_protocol == IPPROTO_TCP){ + if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; +} +/** + * Entry point for the ndpi library + */ +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); + ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SOMEIP, + ndpi_search_someip, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + *id +=1; +} + +#endif // NDPI_PROTOCOL_SOMEIP + diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 61611d734..c01c64475 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,4 +1,5 @@ HTTP 5 280 1 +QQ 15 1727 1 SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 @@ -8,7 +9,6 @@ HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 -WeChat 15 1727 1 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes] @@ -23,7 +23,7 @@ WeChat 15 1727 1 11 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][22 pkts/5326 bytes <-> 18 pkts/5212 bytes] 13 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][746 pkts/93906 bytes <-> 742 pkts/104604 bytes] 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 4c3856606..8d2a0b46c 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 7e8dbf91c..1252983a7 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.229/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 6281738ec..d16dc31de 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -2,15 +2,16 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 SSL 20 2715 1 -Google 41 5525 6 +Google 40 5453 5 OCS 863 57552 7 +PlayStore 1 72 1 1 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] 4 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 5 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] - 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] + 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] 8 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] 9 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 71aca873f..87b488520 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,8 +1,8 @@ +QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 QuickPlay 133 96179 11 -WeChat 12 4781 5 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com] 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com] @@ -11,8 +11,8 @@ WeChat 12 4781 5 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com] 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com] 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com] @@ -21,7 +21,7 @@ WeChat 12 4781 5 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com] 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com] 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] - 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] + 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 5e5052e66..c2a8d8b77 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,13 +1,13 @@ -Unknown 381 48593 15 +Unknown 404 52712 16 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 +SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1941 297337 246 +Skype 1910 292610 244 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,153 +144,152 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] - 154 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] - 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] - 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] - 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 166 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] - 167 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 168 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] - 197 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] - 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 208 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 213 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] - 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 234 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 235 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 236 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 237 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 244 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] - 245 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] - 246 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 253 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] - 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] - 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] - 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 153 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] + 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 164 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 165 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 196 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 207 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 212 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 213 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 214 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 215 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 222 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 223 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 226 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 233 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] + 234 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 235 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 236 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 241 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 242 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 243 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 245 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 252 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -302,10 +301,11 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] - 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] - 13 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] - 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] + 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] + 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] + 14 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] + 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 426f79c1e..a80680e7c 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -5,13 +5,14 @@ MDNS 116 10672 4 NTP 1 90 1 NetBIOS 12 1579 2 DHCP 1 342 1 +QQ 26 9402 2 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -Google 113 24811 15 +YouTube 36 9047 2 +Google 92 20878 15 LLMNR 12 944 6 -WeChat 1277 615827 51 -GoogleDrive 15 5114 2 +WeChat 1251 606425 49 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] @@ -19,7 +20,7 @@ GoogleDrive 15 5114 2 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com] + 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com] 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes -> 0 pkts/0 bytes] 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] @@ -51,7 +52,7 @@ GoogleDrive 15 5114 2 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.217/QUIC.GoogleDrive][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] @@ -61,7 +62,7 @@ GoogleDrive 15 5114 2 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] - 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com] + 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com] 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] @@ -73,7 +74,7 @@ GoogleDrive 15 5114 2 58 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] - 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com] 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com] @@ -89,7 +90,7 @@ GoogleDrive 15 5114 2 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com] 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com] 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.217/DNS.GoogleDrive][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] @@ -112,7 +113,7 @@ GoogleDrive 15 5114 2 97 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 98 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes -> 0 pkts/0 bytes] 99 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] + 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] 101 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] 102 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index d044c712f..360cbc096 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -8,9 +8,9 @@ Facebook 70 9464 14 Dropbox 4 2176 1 Apple 127 28102 20 WhatsApp 182 25154 2 -AppleiTunes 85 28087 2 Spotify 3 258 1 WhatsAppVoice 706 91156 4 +AppleStore 85 28087 2 1 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] 2 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes -> 0 pkts/0 bytes] @@ -26,7 +26,7 @@ WhatsAppVoice 706 91156 4 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 14 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] @@ -62,7 +62,7 @@ WhatsAppVoice 706 91156 4 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 50 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes] 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] 54 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From cfa9a79f67c089718b3bf3b61f24be1412a80936 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 7 Jul 2017 12:50:06 +0200 Subject: fix for OpenBSD compile error https://github.com/ntop/nDPI/issues/417 --- example/ndpiReader.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a93147421..dbcfd1844 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -62,7 +62,9 @@ static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interfac static FILE *playlist_fp[MAX_NUM_READER_THREADS] = { NULL }; /**< Ingress playlist */ static FILE *results_file = NULL; static char *results_path = NULL; +#ifndef __OpenBSD__ static char *_bpf_filter = NULL; /**< bpf filter */ +#endif static char *_protoFilePath = NULL; /**< Protocol file path */ static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C -- cgit v1.2.3 From c5bc91145f9ce6553678b1ea3a6c0ddc1e6afdfb Mon Sep 17 00:00:00 2001 From: Campus Date: Sun, 9 Jul 2017 18:10:10 +0200 Subject: removed warning compilation for - warning: passing argument 3 of 'pcap_compile' from incompatible pointer type --- example/ndpiReader.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index dbcfd1844..f2fefa0a1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -60,17 +60,17 @@ /** Client parameters **/ static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interfaces */ static FILE *playlist_fp[MAX_NUM_READER_THREADS] = { NULL }; /**< Ingress playlist */ -static FILE *results_file = NULL; -static char *results_path = NULL; +static FILE *results_file = NULL; +static char *results_path = NULL; #ifndef __OpenBSD__ -static char *_bpf_filter = NULL; /**< bpf filter */ +static const char *_bpf_filter = NULL; /**< bpf filter */ #endif -static char *_protoFilePath = NULL; /**< Protocol file path */ -static char *_statsFilePath = NULL; /**< Top stats file path */ +static char *_protoFilePath = NULL; /**< Protocol file path */ +static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C -static char *_diagnoseFilePath = NULL; /**< Top stats file path */ -static char *_jsonFilePath = NULL; /**< JSON file path */ -static FILE *stats_fp = NULL; /**< for Top Stats JSON file */ +static char *_diagnoseFilePath = NULL; /**< Top stats file path */ +static char *_jsonFilePath = NULL; /**< JSON file path */ +static FILE *stats_fp = NULL; /**< for Top Stats JSON file */ #endif #ifdef HAVE_JSON_C static json_object *jArray_known_flows, *jArray_unknown_flows; -- cgit v1.2.3 From 6d7f5552de5cf88a6dc994b0d2a93dadbbe23509 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 13 Jul 2017 16:22:34 +0200 Subject: changed name from _bpf_filter to bpfFilter to avoid compilation error in OpenBSD caused by redefinition by https://github.com/openbsd/src/blob/master/sys/net/bpf.h#L296 --- example/ndpiReader.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index f2fefa0a1..e2dfc9d14 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -62,9 +62,7 @@ static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interfac static FILE *playlist_fp[MAX_NUM_READER_THREADS] = { NULL }; /**< Ingress playlist */ static FILE *results_file = NULL; static char *results_path = NULL; -#ifndef __OpenBSD__ -static const char *_bpf_filter = NULL; /**< bpf filter */ -#endif +static char * bpfFilter = NULL; /**< bpf filter */ static char *_protoFilePath = NULL; /**< Protocol file path */ static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C @@ -449,7 +447,7 @@ static void parseOptions(int argc, char **argv) { case 'f': case '6': - _bpf_filter = optarg; + bpfFilter = optarg; break; case 'g': @@ -1944,16 +1942,16 @@ static int getNextPcapFileFromPlaylist(u_int16_t thread_id, char filename[], u_i */ static void configurePcapHandle(pcap_t * pcap_handle) { - if(_bpf_filter != NULL) { + if(bpfFilter != NULL) { struct bpf_program fcode; - if(pcap_compile(pcap_handle, &fcode, _bpf_filter, 1, 0xFFFFFF00) < 0) { + if(pcap_compile(pcap_handle, &fcode, bpfFilter, 1, 0xFFFFFF00) < 0) { printf("pcap_compile error: '%s'\n", pcap_geterr(pcap_handle)); } else { if(pcap_setfilter(pcap_handle, &fcode) < 0) { printf("pcap_setfilter error: '%s'\n", pcap_geterr(pcap_handle)); } else - printf("Successfully set BPF filter to '%s'\n", _bpf_filter); + printf("Successfully set BPF filter to '%s'\n", bpfFilter); } } } -- cgit v1.2.3 From 0b72c2fce393113fc11f61810326d57047225f63 Mon Sep 17 00:00:00 2001 From: Micah Lyle Date: Fri, 14 Jul 2017 14:55:03 -0700 Subject: Fixed tcp ssl case where client cert got set but server did not --- src/lib/protocols/ssl.c | 63 ++++++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 24 deletions(-) diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5860abed7..d6e1ffd7e 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -47,7 +47,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st if(packet->tcp != NULL) { switch(protocol) { - + case NDPI_PROTOCOL_SSL: case NDPI_PROTOCOL_SSL_NO_CERT: { @@ -57,7 +57,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st */ u_int16_t sport = ntohs(packet->tcp->source); u_int16_t dport = ntohs(packet->tcp->dest); - + if((sport == 465) || (dport == 465)) protocol = NDPI_PROTOCOL_MAIL_SMTPS; else if((sport == 993) || (dport == 993) @@ -70,7 +70,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st break; } } - + return protocol; } @@ -98,14 +98,14 @@ static void ndpi_int_ssl_add_connection(struct ndpi_detection_module_struct *ndp ((ch) >= '{' && (ch) <= '~')) static void stripCertificateTrailer(char *buffer, int buffer_len) { - + int i, is_puny; - + // printf("->%s<-\n", buffer); - + for(i = 0; i < buffer_len; i++) { // printf("%c [%d]\n", buffer[i], buffer[i]); - + if((buffer[i] != '.') && (buffer[i] != '-') && (buffer[i] != '_') @@ -120,12 +120,12 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { /* check for punycode encoding */ is_puny = check_punycode_string(buffer, buffer_len); - + // not a punycode string - need more checks if(is_puny == 0) { - + if(i > 0) i--; - + while(i > 0) { if(!ndpi_isalpha(buffer[i])) { buffer[i] = '\0'; @@ -134,8 +134,8 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { } else break; } - - for(i = buffer_len; i > 0; i--) { + + for(i = buffer_len; i > 0; i--) { if(buffer[i] == '.') break; else if(ndpi_isdigit(buffer[i])) buffer[i] = '\0', buffer_len = i; @@ -325,18 +325,21 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG printf("***** [SSL] %s\n", certificate); #endif - u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, wait a few more packets */ + if((flow->protos.ssl.client_certificate[0] != '\0') && (flow->protos.ssl.server_certificate[0] == '\0')) { + return (rc); + } + u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), NDPI_PROTOCOL_SSL); - if(subproto != NDPI_PROTOCOL_UNKNOWN) { - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(rc); /* Fix courtesy of Gianluca Costa */ - } - + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(rc); /* Fix courtesy of Gianluca Costa */ + } #ifdef NDPI_PROTOCOL_TOR - if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) - return(rc); + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) + return(rc); #endif } @@ -346,11 +349,23 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */) || (flow->protos.ssl.server_certificate[0] != '\0') /* || (flow->protos.ssl.client_certificate[0] != '\0') */ - ) - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + ) { + if (flow->protos.ssl.client_certificate[0] != '\0') { + u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, flow->protos.ssl.client_certificate, + strlen(flow->protos.ssl.client_certificate), NDPI_PROTOCOL_SSL); + if (subproto != NDPI_PROTOCOL_UNKNOWN) { + /* We would've only made it here if at some point we went into the if clause above where we wait a + * few packets if we have a subprotocol client cert match but hadn't seen a server cert at that point. */ + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(2); /* Returning 2 is because we had a client certificate match + * (since we use what would've been the return code from getSSLCertificate) */ } } - + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + } + } + } return(0); } -- cgit v1.2.3 From 2e13e44b9cac363414bf6523864499820115ec8d Mon Sep 17 00:00:00 2001 From: Micah Lyle Date: Fri, 14 Jul 2017 18:19:49 -0700 Subject: Added testing scripts and commited files that only had the server diff on the right --- tests/do_line_diff.py | 46 +++++++++++++++++++++++++ tests/line_diff.py | 45 +++++++++++++++++++++++++ tests/result/6in4tunnel.pcap.out | 2 +- tests/result/Instagram.pcap.out | 8 ++--- tests/result/KakaoTalk_chat.pcap.out | 6 ++-- tests/result/facebook.pcap.out | 2 +- tests/result/netflix.pcap.out | 32 +++++++++--------- tests/result/viber_mobile.pcap.out | 6 ++-- tests/result/webex.pcap.out | 4 +-- tests/result/wechat.pcap.out | 56 +++++++++++++++---------------- tests/result/whatsapp_login_call.pcap.out | 2 +- 11 files changed, 150 insertions(+), 59 deletions(-) create mode 100755 tests/do_line_diff.py create mode 100755 tests/line_diff.py diff --git a/tests/do_line_diff.py b/tests/do_line_diff.py new file mode 100755 index 000000000..6db65a133 --- /dev/null +++ b/tests/do_line_diff.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python + +""" +do_line_diff.py - Interactively runs all tests, and on any test where line_diff.py +showed an output, lets the user check the output and replace the test file with the output +file if they think it's safe to do so (in the sense that the test is actually passing). This +script was first used when enhancing the ssl protocol to not immediately stop detection upon +only detecting a client certificate. When server certificates were added, the this script +was helpful in checking which lines of which tests had appended server certificate info +to the line. +""" + +import os +import sys +import time +import subprocess + +program_base_args = ["../example/ndpiReader", "-p", "../example/protos.txt", "-q", "-i"] +line_diff_base_args = ["./line_diff.py"] +temp_output = "/tmp/reader.out" +result_folder = "result/" +pcap_folder = "pcap/" +pcap_file_list = os.listdir(pcap_folder) + +def find_pcap(result_file): + for pcap_file in pcap_file_list: + if pcap_file == result_file[:-4]: + return pcap_file + +for result_file in os.listdir(result_folder): + pcap_file = find_pcap(result_file) + program_args = program_base_args + [pcap_folder + pcap_file, "-w", temp_output, "-v", "1"] + program_output = subprocess.call(program_args) + line_diff_args = line_diff_base_args + [result_folder + result_file, temp_output] + line_diff_output = subprocess.check_output(line_diff_args, universal_newlines=True) + if len(line_diff_output) > 0: + print("File output " + result_file + " had line diff output. Here it is:") + print(line_diff_output) + replace = "" + while replace.lower() != 'y' and replace.lower() != 'n': + replace = input("Would you like to replace the file? ('y' or 'n') ") + if replace == 'y': + subprocess.check_output(["cp", temp_output, result_folder + result_file]) + print("") + elif replace == 'n': + break \ No newline at end of file diff --git a/tests/line_diff.py b/tests/line_diff.py new file mode 100755 index 000000000..1b42f1f2f --- /dev/null +++ b/tests/line_diff.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python +""" +line_diff.py - Simple tool that compares two files with the same number of lines and prints the +characters (if any) on the right line (moving left to right) that are present that +weren't present in the left line +""" + +import sys + +left_file = sys.argv[1] +right_file = sys.argv[2] + +left_lines = [] +right_lines = [] + +with open(left_file) as left: + for line in left.readlines(): + left_lines.append(line.strip()) +with open(right_file) as right: + for line in right.readlines(): + right_lines.append(line.strip()) + +if len(left_lines) != len(right_lines): + print("Files didn't have the same number of lines, exiting...") + sys.exit(0) + +for i in range(len(left_lines)): + left_contents = left_lines[i] + right_contents = right_lines[i] + if len(left_contents) > len(right_contents): + print("Line " + str(i) + " has longer left contents than right contents.") + print("Left contents: " + left_contents) + print("Right contents: " + right_contents) + break + else: + left_list = list(left_contents) + right_list = list(right_contents) + while len(left_list) > 0: + if right_list.pop(0) != left_list.pop(0): + print("Line " + str(i) + ": Right contents that are not a prefix of left contents.") + print("Left contents: " + left_contents) + print("Right contents: " + right_contents) + break + if len(right_list) > 0: + print("Line " + str(i) + ": Right contents have extra characters: " + ''.join(right_list)) diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 187ee661a..d170a55aa 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,7 +4,7 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com][server: *.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com] 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][client: mail.tomasu.net][server: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 2122cff4a..cb0788864 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -15,7 +15,7 @@ Instagram 363 255094 16 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][14 pkts/924 bytes <-> 20 pkts/28115 bytes] 9 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com] - 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net] + 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] @@ -29,12 +29,12 @@ Instagram 363 255094 16 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net] - 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net] - 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net] + 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net][server: a248.e.akamai.net] + 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][16 pkts/22931 bytes <-> 9 pkts/594 bytes] 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com] 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes] - 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net] + 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net][server: a248.e.akamai.net] 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com] 31 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 616f59fb2..cdc055e8c 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -41,8 +41,8 @@ KakaoTalk 55 9990 15 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][2 pkts/112 bytes <-> 3 pkts/168 bytes] 32 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] - 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com] - 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com] - 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com] + 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com][server: *.facebook.com] + 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com][server: *.facebook.com] + 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com][server: *.facebook.com] 37 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com] 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][2 pkts/139 bytes <-> 2 pkts/112 bytes] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index 231b9d4c4..cb7d91585 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -1,4 +1,4 @@ Facebook 60 30511 2 - 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com] + 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com][server: *.facebook.com] 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][client: www.facebook.com] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 03983bcb4..bdc64329b 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -24,16 +24,16 @@ Amazon 2 126 1 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141] 19 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com] - 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com] - 22 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com] - 23 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com] - 24 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com] - 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com] - 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com] + 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com][server: api.netflix.com] + 22 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 23 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com][server: api.netflix.com] + 24 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com][server: api.netflix.com] + 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][client: api-global.netflix.com] - 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com] - 29 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com] - 30 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com] + 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 29 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 30 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net] 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net] 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net] @@ -54,14 +54,14 @@ Amazon 2 126 1 48 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][33 pkts/2732 bytes <-> 25 pkts/30064 bytes] 49 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141] 50 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes -> 0 pkts/0 bytes] - 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com] + 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com][server: api.netflix.com] 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com] - 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com] + 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com][server: api.netflix.com] 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][client: api-global.netflix.com] 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com] 56 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com] - 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com] - 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com] - 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com] - 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com] - 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net] + 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net][server: secure.cdn.nflximg.net] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 097363152..c11180994 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -29,7 +29,7 @@ Amazon 8 528 1 14 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 16 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes -> 0 pkts/0 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com][server: *.facebook.com] 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] 20 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] @@ -48,7 +48,7 @@ Amazon 8 528 1 33 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/141 bytes][Host: easytomessage.com] 34 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes -> 0 pkts/0 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][17 pkts/2087 bytes <-> 14 pkts/5520 bytes][client: googleads.g.doubleclick.net] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][17 pkts/2087 bytes <-> 14 pkts/5520 bytes][client: googleads.g.doubleclick.net][server: *.g.doubleclick.net] 37 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][5 pkts/520 bytes <-> 4 pkts/563 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] @@ -72,7 +72,7 @@ Amazon 8 528 1 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][1 pkts/75 bytes <-> 1 pkts/203 bytes][Host: e9.whatsapp.net] 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][12 pkts/2322 bytes <-> 10 pkts/6919 bytes][client: e.crashlytics.com][server: *.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][8 pkts/1187 bytes <-> 8 pkts/856 bytes] - 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][17 pkts/3286 bytes <-> 16 pkts/11246 bytes][client: mail.google.com] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][17 pkts/3286 bytes <-> 16 pkts/11246 bytes][client: mail.google.com][server: mail.google.com] 61 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/144 bytes <-> 2 pkts/192 bytes][Host: sis.jpush.io] 63 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 7f5f06d7c..6b130dd20 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -46,7 +46,7 @@ Amazon 3 174 1 38 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] 39 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] - 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com] + 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] 44 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes -> 0 pkts/0 bytes] @@ -54,7 +54,7 @@ Amazon 3 174 1 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] 47 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] 48 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] - 49 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com] + 49 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] 50 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] 51 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] 52 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index a80680e7c..401404d8a 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -20,7 +20,7 @@ WeChat 1251 606425 49 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com] + 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes -> 0 pkts/0 bytes] 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] @@ -29,25 +29,25 @@ WeChat 1251 606425 49 13 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][3 pkts/802 bytes <-> 3 pkts/198 bytes] 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] - 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com] - 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com] - 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com] - 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com] - 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com] - 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com] - 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com] - 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com] + 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] + 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com] + 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com] + 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com] + 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com] + 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] 25 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] - 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com] - 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] + 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] + 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 30 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com] - 32 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com] - 33 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com] - 34 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com] + 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] + 32 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com] + 33 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com] + 34 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] 35 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] @@ -62,7 +62,7 @@ WeChat 1251 606425 49 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] - 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com] + 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] @@ -76,24 +76,24 @@ WeChat 1251 606425 49 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com] - 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com] + 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com] + 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com] 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com] - 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com] - 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com] - 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com] - 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com] + 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com] + 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com] + 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com] + 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] + 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com] 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com] - 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com] - 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com] - 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com] + 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] + 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com] + 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com] + 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com] 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] - 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] + 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 360cbc096..6105015fc 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -53,7 +53,7 @@ AppleStore 85 28087 2 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 42 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com] + 42 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] 43 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 44 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] 45 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] -- cgit v1.2.3 From 6e85b9344298dbba49d06951360c5e3c464d92ba Mon Sep 17 00:00:00 2001 From: Micah Lyle Date: Mon, 17 Jul 2017 18:06:07 -0700 Subject: Implementation for extra packet processing if desired --- example/ndpi_util.c | 40 ++++++++++++--- example/ndpi_util.h | 5 +- src/include/ndpi_api.h | 121 ++++++++++++++++++++++++++------------------ src/include/ndpi_typedefs.h | 6 ++- src/lib/ndpi_main.c | 54 ++++++++++++++++++-- src/lib/protocols/ssl.c | 63 ++++++++++++++++------- 6 files changed, 207 insertions(+), 82 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 75bab6319..b0955d8d4 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -158,10 +158,10 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { if(fa->hashval < fb->hashval) return(-1); else if(fa->hashval > fb->hashval) return(1); /* Flows have the same hash */ - + if(fa->vlan_id < fb->vlan_id ) return(-1); else { if(fa->vlan_id > fb->vlan_id ) return(1); } if(fa->protocol < fb->protocol ) return(-1); else { if(fa->protocol > fb->protocol ) return(1); } - + if( ( (fa->src_ip == fb->src_ip ) @@ -178,12 +178,12 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { ) ) return(0); - + if(fa->src_ip < fb->src_ip ) return(-1); else { if(fa->src_ip > fb->src_ip ) return(1); } if(fa->src_port < fb->src_port) return(-1); else { if(fa->src_port > fb->src_port) return(1); } if(fa->dst_ip < fb->dst_ip ) return(-1); else { if(fa->dst_ip > fb->dst_ip ) return(1); } if(fa->dst_port < fb->dst_port) return(-1); else { if(fa->dst_port > fb->dst_port) return(1); } - + return(0); /* notreached */ } @@ -453,7 +453,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } - if(flow->detection_completed) { + if(flow->detection_completed && !flow->check_extra_packets) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { if (workflow->__flow_giveup_callback != NULL) workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); @@ -516,7 +516,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->src2dst_packets++, flow->src2dst_bytes += rawsize; else flow->dst2src_packets++, flow->dst2src_bytes += rawsize; - + flow->last_seen = time; } else { // flow is NULL workflow->stats.total_discarded_bytes++; @@ -524,7 +524,28 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, } /* Protocol already detected */ - if(flow->detection_completed) return(flow->detected_protocol); + if(flow->detection_completed) { + if(flow->check_extra_packets && ndpi_flow != NULL && ndpi_flow->check_extra_packets) { + if(ndpi_flow->num_extra_packets_checked == 0 && ndpi_flow->max_extra_packets_to_check == 0) { + /* Protocols can set this, but we set it here in case they didn't */ + ndpi_flow->max_extra_packets_to_check = MAX_EXTRA_PACKETS_TO_CHECK; + } + if(ndpi_flow->num_extra_packets_checked < ndpi_flow->max_extra_packets_to_check) { + ndpi_process_extra_packet(workflow->ndpi_struct, ndpi_flow, + iph ? (uint8_t *)iph : (uint8_t *)iph6, + ipsize, time, src, dst); + if (ndpi_flow->check_extra_packets == 0) { + flow->check_extra_packets = 0; + ndpi_free_flow_info_half(flow); + } + } + } else if (ndpi_flow != NULL) { + /* If this wasn't NULL we should do the half free */ + /* TODO: When half_free is deprecated, get rid of this */ + ndpi_free_flow_info_half(flow); + } + return(flow->detected_protocol); + } flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, @@ -535,12 +556,15 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) { /* New protocol detected or give up */ flow->detection_completed = 1; + /* Check if we should keep checking extra packets */ + if (ndpi_flow->check_extra_packets) + flow->check_extra_packets = 1; if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); process_ndpi_collected_info(workflow, flow); - } + } return(flow->detected_protocol); } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index f6d315748..45101cf10 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -36,6 +36,7 @@ #define MAX_IDLE_TIME 30000 #define IDLE_SCAN_BUDGET 1024 #define NUM_ROOTS 512 +#define MAX_EXTRA_PACKETS_TO_CHECK 7 #define MAX_NDPI_FLOWS 200000000 #define TICK_RESOLUTION 1000 #define MAX_NUM_IP_ADDRESS 5 /* len of ip address array */ @@ -56,7 +57,7 @@ typedef struct ndpi_flow_info { u_int32_t dst_ip; u_int16_t src_port; u_int16_t dst_port; - u_int8_t detection_completed, protocol, bidirectional; + u_int8_t detection_completed, protocol, bidirectional, check_extra_packets; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; char src_name[48], dst_name[48]; @@ -64,7 +65,7 @@ typedef struct ndpi_flow_info { u_int64_t last_seen; u_int64_t src2dst_bytes, dst2src_bytes; u_int32_t src2dst_packets, dst2src_packets; - + // result only, not used for flow identification ndpi_protocol detected_protocol; diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index b2c6b6952..03a73d66b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -42,20 +42,20 @@ extern "C" { #define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1 #define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0 - + /** * Check if a string is encoded with punycode * ( https://tools.ietf.org/html/rfc3492 ) * * @par buff = pointer to the string to ckeck * @par len = len of the string - * @return 1 if the string is punycoded; + * @return 1 if the string is punycoded; * else 0 * */ int check_punycode_string(char * buff , int len); - + /** * Get the size of the flow struct * @@ -64,16 +64,16 @@ extern "C" { */ u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void); - + /** - * Get the size of the id struct + * Get the size of the id struct * * @return the size of the id struct - * + * */ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void); - + /** * nDPI personal allocation and free functions **/ @@ -98,7 +98,7 @@ extern "C" { */ char* ndpi_strnstr(const char *s, const char *find, size_t slen); - + /** * Returns the nDPI protocol id for IP-based protocol detection * @@ -106,7 +106,7 @@ extern "C" { * @par pin = IP host address (MUST BE in network byte order): * See man(7) ip for details * @return the nDPI protocol ID - * + * */ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin); @@ -117,9 +117,9 @@ extern "C" { * @par ndpi_mod = the struct created for the protocol detection * @par match = the struct passed to match the protocol * - */ + */ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_match *match); - + /** * Returns a new initialized detection module * @@ -127,7 +127,7 @@ extern "C" { * */ struct ndpi_detection_module_struct *ndpi_init_detection_module(void); - + /** * Frees the memory allocated in the specified flow * @@ -136,7 +136,7 @@ extern "C" { */ void ndpi_free_flow(struct ndpi_flow_struct *flow); - + /** * Enables cache support. * In nDPI is used for some protocol (i.e. Skype) @@ -148,7 +148,7 @@ extern "C" { */ void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, char* host, u_int port); - + /** * Destroys the detection module * @@ -180,7 +180,7 @@ extern "C" { const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, u_int8_t b_save_bitmask_unknow, u_int8_t b_add_detection_bitmask); - + /** * Sets the protocol bitmask2 @@ -192,7 +192,7 @@ extern "C" { void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct, const NDPI_PROTOCOL_BITMASK * detection_bitmask); - + /** * Function to be called before we give up with detection for a given flow. * This function reduces the NDPI_UNKNOWN_PROTOCOL detection @@ -200,12 +200,35 @@ extern "C" { * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module * @return the detected protocol even if the flow is not completed; - * + * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - + /** + * Processes an extra packet in order to get more information for a given protocol + * (like SSL getting both client and server certificate even if we already know after + * seeing the client certificate what the protocol is) + * + * @par ndpi_struct = the detection module + * @par flow = pointer to the connection state machine + * @par packet = unsigned char pointer to the Layer 3 (IP header) + * @par packetlen = the length of the packet + * @par current_tick = the current timestamp for the packet + * @par src = pointer to the source subscriber state machine + * @par dst = pointer to the destination subscriber state machine + * @return void + * + */ + void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst); + + /** * Processes one packet and returns the ID of the detected protocol. * This is the MAIN PACKET PROCESSING FUNCTION. @@ -228,7 +251,7 @@ extern "C" { struct ndpi_id_struct *src, struct ndpi_id_struct *dst); - + /** * Get the main protocol of the passed flows for the detected module * @@ -241,13 +264,13 @@ extern "C" { u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - + /** * Query the pointer to the layer 4 packet * * @par l3 = pointer to the layer 3 data * @par l3_len = length of the layer 3 data - * @par l4_return = address to the pointer of the layer 4 data if return value == 0, else undefined + * @par l4_return = address to the pointer of the layer 4 data if return value == 0, else undefined * @par l4_len_return = length of the layer 4 data if return value == 0, else undefined * @par l4_protocol_return = protocol of the layer 4 data if return value == 0, undefined otherwise * @par flags = limit operation on ipv4 or ipv6 packets. Possible values: NDPI_DETECTION_ONLY_IPV4 - NDPI_DETECTION_ONLY_IPV6 - 0 (any) @@ -261,13 +284,13 @@ extern "C" { /** * Search and return the protocol based on matched ports - * + * * @par ndpi_struct = the detection module * @par shost = source address in host byte order * @par sport = source port number * @par dhost = destination address in host byte order * @par dport = destination port number - * @return the struct ndpi_protocol that match the port base protocol + * @return the struct ndpi_protocol that match the port base protocol * */ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct/* , u_int8_t proto */, @@ -276,17 +299,17 @@ extern "C" { u_int32_t dhost, u_int16_t dport); - + /** * Search and return the protocol guessed that is undetected - * + * * @par ndpi_struct = the detection module * @par proto = the l4 protocol number * @par shost = source address in host byte order * @par sport = source port number * @par dhost = destination address in host byte order * @par dport = destination port number - * @return the struct ndpi_protocol that match the port base protocol + * @return the struct ndpi_protocol that match the port base protocol * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, @@ -299,7 +322,7 @@ extern "C" { /** * Check if the string passed match with a protocol - * + * * @par ndpi_struct = the detection module * @par string_to_match = the string to match * @par string_to_match_len = the length of the string @@ -315,7 +338,7 @@ extern "C" { /** * Check if the host passed match with a protocol - * + * * @par ndpi_struct = the detection module * @par flow = the flow where match the host * @par string_to_match = the string to match @@ -333,7 +356,7 @@ extern "C" { /** * Check if the string content passed match with a protocol - * + * * @par ndpi_struct = the detection module * @par flow = the flow where match the host * @par string_to_match = the string to match @@ -348,7 +371,7 @@ extern "C" { u_int string_to_match_len, u_int16_t master_protocol_id); - + /** * Check if the string -bigram_to_match- match with a bigram of -automa- * @@ -358,11 +381,11 @@ extern "C" { * @return 0 * */ - int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, + int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, char *bigram_to_match); - + /** * Write the protocol name in the buffer -buf- as master_protocol.protocol * @@ -392,7 +415,7 @@ extern "C" { * @return the protocol category */ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto); - + /** * Get the protocol name associated to the ID * @@ -414,13 +437,13 @@ extern "C" { */ ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t proto); - + /** * Return the string name of the protocol breed * * @par ndpi_struct = the detection module * @par breed_id = the breed ID associated to the protocol - * @return the string name of the breed ID + * @return the string name of the breed ID * */ char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol_breed_t breed_id); @@ -431,7 +454,7 @@ extern "C" { * * @par ndpi_mod = the detection module * @par proto = the ID of the protocol - * @return the string name of the breed ID + * @return the string name of the breed ID * */ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto); @@ -443,7 +466,7 @@ extern "C" { * @par ndpi_mod = the detection module */ void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod); - + /** * Read a file and load the protocols @@ -467,12 +490,12 @@ extern "C" { * Get the total number of the supported protocols * * @par ndpi_mod = the detection module - * @return the number of protocols + * @return the number of protocols * */ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod); - + /** * Get the nDPI version release * @@ -503,7 +526,7 @@ extern "C" { */ ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); - + /** * Get the HTTP url * @@ -526,7 +549,7 @@ extern "C" { char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); #endif - + #ifdef NDPI_PROTOCOL_TOR /** * Check if the flow could be detected as TOR protocol @@ -536,7 +559,7 @@ extern "C" { * @par certificate = the ssl certificate * @return 1 if the flow is TOR; * 0 else - * + * */ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate); @@ -547,7 +570,7 @@ extern "C" { * Init Aho-Corasick automata * * @return The requested automata, or NULL if an error occurred - * + * */ void* ndpi_init_automa(void); @@ -556,7 +579,7 @@ extern "C" { * Free Aho-Corasick automata allocated with ndpi_init_automa(); * * @par The automata initialized with ndpi_init_automa(); - * + * */ void ndpi_free_automa(void *_automa); @@ -568,7 +591,7 @@ extern "C" { * @par The (sub)string to search * @par The number associated with this string * @return 0 in case of no error, or -1 if an error occurred. - * + * */ int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num); @@ -579,7 +602,7 @@ extern "C" { * @par The automata initialized with ndpi_init_automa(); * @par The (sub)string to search * @return 0 in case of no error, or -1 if an error occurred. - * + * */ int ndpi_add_string_to_automa(void *_automa, char *str); @@ -588,7 +611,7 @@ extern "C" { * Finalize the automa (necessary before start searching) * * @par The automata initialized with ndpi_init_automa(); - * + * */ void ndpi_finalize_automa(void *_automa); @@ -599,7 +622,7 @@ extern "C" { * @par The automata initialized with ndpi_init_automa(); * @par The (sub)string to search * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. - * + * */ int ndpi_match_string(void *_automa, char *string_to_match); @@ -611,7 +634,7 @@ extern "C" { * @par The (sub)string to search * @par The id associated with the matched string or 0 id not found. * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. - * + * */ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c10101d42..dd7bb89d9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -912,7 +912,7 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_host_protocol_id; - u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1; + u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; /* if ndpi_struct->direction_detect_disable == 1 @@ -920,6 +920,10 @@ struct ndpi_flow_struct { */ u_int32_t next_tcp_seq_nr[2]; + u_int8_t max_extra_packets_to_check; + u_int8_t num_extra_packets_checked; + int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); + /* the tcp / udp / other l4 value union used to reduce the number of bytes for tcp or udp protocol states diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a2f957ce9..de8c0cb7b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1631,7 +1631,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - + /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -1650,7 +1650,7 @@ static int ac_match_handler(AC_MATCH_t *m, void *param) { /* Return 1 for stopping to the first match. We might consider searching for the more - specific match, paying more cpu cycles. + specific match, paying more cpu cycles. */ *matching_protocol_id = m->patterns[0].rep.number; @@ -3439,6 +3439,50 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* ********************************************************************************* */ +void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick_l, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst) +{ + if(flow == NULL) + return; + + if(flow->server_id == NULL) flow->server_id = dst; /* Default */ + + /* need at least 20 bytes for ip header */ + if(packetlen < 20) { + return; + } + + flow->packet.tick_timestamp_l = current_tick_l; + flow->packet.tick_timestamp = (u_int32_t)current_tick_l/1000; + + /* parse packet */ + flow->packet.iph = (struct ndpi_iphdr *)packet; + /* we are interested in ipv4 packet */ + + /* set up the packet headers for the extra packet function to use if it wants */ + if(ndpi_init_packet_header(ndpi_struct, flow, packetlen) != 0) + return; + + /* detect traffic for tcp or udp only */ + flow->src = src, flow->dst = dst; + ndpi_connection_tracking(ndpi_struct, flow); + + /* call the extra packet function (which may add more data/info to flow) */ + if (flow->extra_packets_func) { + if ((flow->extra_packets_func(ndpi_struct, flow)) == 0) + flow->check_extra_packets = 0; + } + + flow->num_extra_packets_checked++; +} + +/* ********************************************************************************* */ + ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const unsigned char *packet, @@ -4635,7 +4679,7 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { int rc = str_len <= payload_len ? memcmp(payload, str, str_len) == 0 : 0; - + return rc; } @@ -4648,7 +4692,7 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; int rc; - + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { @@ -4658,7 +4702,7 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); - + ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); return(matching_protocol_id); diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index d6e1ffd7e..5afca5389 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -306,6 +306,46 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, return(0); /* Not found */ } +int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + /* consider only specific SSL packets (handshake) */ + if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { + char certificate[64]; + int rc; + certificate[0] = '\0'; + rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate)); + packet->ssl_certificate_num_checks++; + if (rc > 0) { + packet->ssl_certificate_detected++; + if (flow->protos.ssl.server_certificate[0] != '\0') + /* 0 means we're done processing extra packets (since we found what we wanted) */ + return 0; + } + /* Client hello, Server Hello, and certificate packets probably all checked in this case */ + if ((packet->ssl_certificate_num_checks >= 3) + && (flow->l4.tcp.seen_syn) + && (flow->l4.tcp.seen_syn_ack) + && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) + { + /* We're done processing extra packets since we've probably checked all possible cert packets */ + return 0; + } + } + /* 1 means keep looking for more packets */ + return 1; +} + +void sslInitExtraPacketProcessing(int caseNum, struct ndpi_flow_struct *flow) { + flow->check_extra_packets = 1; + /* 0 is the case for waiting for the server certificate */ + if (caseNum == 0) { + /* At most 7 packets should almost always be enough to find the server certificate if it's there */ + flow->max_extra_packets_to_check = 7; + flow->extra_packets_func = sslTryAndRetrieveServerCertificate; + } +} + int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -325,14 +365,15 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG printf("***** [SSL] %s\n", certificate); #endif - /* If we've detected the subprotocol from client certificate but haven't had a chance - * to see the server certificate yet, wait a few more packets */ - if((flow->protos.ssl.client_certificate[0] != '\0') && (flow->protos.ssl.server_certificate[0] == '\0')) { - return (rc); - } u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), NDPI_PROTOCOL_SSL); if(subproto != NDPI_PROTOCOL_UNKNOWN) { + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, set up extra packet processing to wait + * a few more packets. */ + if((flow->protos.ssl.client_certificate[0] != '\0') && (flow->protos.ssl.server_certificate[0] == '\0')) { + sslInitExtraPacketProcessing(0, flow); + } ndpi_set_detected_protocol(ndpi_struct, flow, subproto, ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); return(rc); /* Fix courtesy of Gianluca Costa */ @@ -350,18 +391,6 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s || (flow->protos.ssl.server_certificate[0] != '\0') /* || (flow->protos.ssl.client_certificate[0] != '\0') */ ) { - if (flow->protos.ssl.client_certificate[0] != '\0') { - u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, flow->protos.ssl.client_certificate, - strlen(flow->protos.ssl.client_certificate), NDPI_PROTOCOL_SSL); - if (subproto != NDPI_PROTOCOL_UNKNOWN) { - /* We would've only made it here if at some point we went into the if clause above where we wait a - * few packets if we have a subprotocol client cert match but hadn't seen a server cert at that point. */ - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(2); /* Returning 2 is because we had a client certificate match - * (since we use what would've been the return code from getSSLCertificate) */ - } - } ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } -- cgit v1.2.3 From 55d13629249fed5b3750a393b053e8a72a9caaa3 Mon Sep 17 00:00:00 2001 From: Micah Lyle Date: Tue, 18 Jul 2017 12:53:02 -0700 Subject: Updated tests to match new SSL server certificate fix/addition --- example/ndpi_util.c | 2 +- tests/result/dropbox.pcap.out | 6 +++--- tests/result/http_ipv6.pcap.out | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index b0955d8d4..96a88a8e5 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -536,7 +536,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ipsize, time, src, dst); if (ndpi_flow->check_extra_packets == 0) { flow->check_extra_packets = 0; - ndpi_free_flow_info_half(flow); + process_ndpi_collected_info(workflow, flow); } } } else if (ndpi_flow != NULL) { diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 81353f45f..57b68986f 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -4,9 +4,9 @@ Dropbox 1104 246122 16 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com] 2 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] - 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com] + 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com] 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] - 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com] + 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] 6 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] @@ -25,7 +25,7 @@ Dropbox 1104 246122 16 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] 23 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes -> 0 pkts/0 bytes] - 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com] + 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com][server: client-cf.dropbox.com] 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] 26 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 27 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 8d2a0b46c..16c73c8b0 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -11,8 +11,8 @@ ntop 80 36401 4 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] + 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] -- cgit v1.2.3 From bab373f9924eb091052bb53a38d44ede5bbe72d8 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Mon, 24 Jul 2017 12:06:13 +0200 Subject: Add nintendo protocol --- src/include/ndpi_protocol_ids.h | 3 ++- src/lib/ndpi_content_match.c.inc | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 4c5d6539c..2c12fb69c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -269,11 +269,12 @@ #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 +#define NDPI_PROTOCOL_NINTENDO 231 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_NINTENDO #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 528bf84a5..4475d640a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8239,6 +8239,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; -- cgit v1.2.3 From 7ec3af2156d48722941655951d363694bdcc5625 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 25 Jul 2017 16:45:22 +0200 Subject: Removed reference to ndpi_init_placeholder_proto() that is no longer necessary --- src/lib/ndpi_main.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a2f957ce9..21e43a8d3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -684,21 +684,6 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp /* ******************************************************************** */ -static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_port_range *ports_a, - ndpi_port_range *ports_b, - u_int16_t *no_master, - u_int16_t proto_id) -{ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, - no_master, - no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ -} - -/* ******************************************************************** */ - /* This function is used to map protocol name and default ports and it MUST be updated whenever a new protocol is added to NDPI. -- cgit v1.2.3 From be52d4e9ad7ce8ecefe4d009da49fbfa18bbe713 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 25 Jul 2017 16:56:15 +0200 Subject: Removed unused variable --- example/ndpiReader.c | 1 - 1 file changed, 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e2dfc9d14..bcab28568 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2277,7 +2277,6 @@ void automataUnitTest() { #ifdef HAVE_JSON_C void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath) { FILE *fp = NULL; - char *prefix = "bpf_filter_"; char _filterFilePath[1024]; char *fileName; char filter[2048]; -- cgit v1.2.3 From 41c720d951a21808ea82af063660eea53fd7ec05 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 26 Jul 2017 11:57:51 +0200 Subject: Added test file for skype conf call --- tests/pcap/skype-conference-call.pcap | Bin 0 -> 42911 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tests/pcap/skype-conference-call.pcap diff --git a/tests/pcap/skype-conference-call.pcap b/tests/pcap/skype-conference-call.pcap new file mode 100644 index 000000000..ae03f375d Binary files /dev/null and b/tests/pcap/skype-conference-call.pcap differ -- cgit v1.2.3 From c15f2bda97df15d7c225fe04cd1ef4d453b098b5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 26 Jul 2017 19:59:46 +0200 Subject: Implemented support for Nintendo (switch) gaming protocol --- src/include/ndpi_protocols.h | 2 ++ src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 13 ++++++-- src/lib/protocols/nintendo.c | 68 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/nintendo.pcap | Bin 0 -> 349345 bytes tests/result/http_ipv6.pcap.out | 8 ++--- tests/result/mpeg.pcap.out | 2 +- tests/result/nintendo.pcap.out | 25 +++++++++++++++ 8 files changed, 111 insertions(+), 8 deletions(-) create mode 100644 src/lib/protocols/nintendo.c create mode 100644 tests/pcap/nintendo.pcap create mode 100644 tests/result/nintendo.pcap.out diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 65a2bb116..c585a6551 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -343,4 +343,6 @@ void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); + #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index ce9424232..90eb38ecd 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -85,6 +85,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/mysql.c \ protocols/netbios.c \ protocols/netflow.c \ + protocols/nintendo.c \ protocols/nfs.c \ protocols/noe.c \ protocols/non_tcp_udp.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 21e43a8d3..d79eb3c20 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1556,11 +1556,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, no_master, no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ + ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, no_master, no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, @@ -1616,6 +1616,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NINTENDO, + no_master, + no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -2724,8 +2729,10 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); - /* ----------------------------------------------------------------- */ + /* NINTENDO */ + init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c new file mode 100644 index 000000000..d4f289d66 --- /dev/null +++ b/src/lib/protocols/nintendo.c @@ -0,0 +1,68 @@ +/* + * nintendo.c + * + * Copyright (C) 2017 by ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_NINTENDO + +static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t due_to_correlation) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_UNKNOWN); +} + + +void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(packet->udp != NULL) { + if(payload_len > 48) { + const char *payload = (const char *)packet->payload; + const char nintendo_pattern[] = { 0x32, 0xab, 0x98, 0x64, 0x02 }; + + if(memcmp(payload, nintendo_pattern, 5) == 0) { + NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Found nintendo.\n"); + ndpi_int_nintendo_add_connection(ndpi_struct, flow, 0); + return; + } + } + } + + NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Nintendo.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NINTENDO); +} + +void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("Nintendo", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_NINTENDO, + ndpi_search_nintendo, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + +#endif diff --git a/tests/pcap/nintendo.pcap b/tests/pcap/nintendo.pcap new file mode 100644 index 000000000..471fe212c Binary files /dev/null and b/tests/pcap/nintendo.pcap differ diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 8d2a0b46c..778097f5f 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 1252983a7..ea7c9d606 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.233/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out new file mode 100644 index 000000000..1b7caa48d --- /dev/null +++ b/tests/result/nintendo.pcap.out @@ -0,0 +1,25 @@ +ICMP 30 2100 2 +Amazon 76 10811 7 +Nintendo 890 320242 12 + + 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 231/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] + 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] + 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 231/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] + 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 231/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] + 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] + 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] + 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] + 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.231/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.231/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] + 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 231/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] + 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] + 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 231/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] + 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 231/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] + 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 231/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] + 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] -- cgit v1.2.3 From e6b594a626e5cfb5cd0410336f8c1e12966a27cd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 27 Jul 2017 00:18:15 +0200 Subject: Fixed TINC bug (cache usage) Merged MS Lync with Skype (Microsoft renamed MS Lync in Skype for Business) Renumbered Nintendo protocols in former MS Lync that was no longer used Fix for #425 --- src/include/ndpi_protocol_ids.h | 8 +- src/include/ndpi_typedefs.h | 7 +- src/lib/ndpi_main.c | 11 +- src/lib/protocols/rtp.c | 4 +- src/lib/protocols/skype.c | 14 +- src/lib/protocols/stun.c | 42 ++- src/lib/protocols/tinc.c | 124 ++++--- src/lib/third_party/src/libcache.c | 7 +- tests/result/1kxun.pcap.out | 4 +- tests/result/http_ipv6.pcap.out | 8 +- tests/result/mpeg.pcap.out | 2 +- tests/result/nintendo.pcap.out | 26 +- tests/result/skype.pcap.out | 588 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 290 ++++++++-------- 14 files changed, 568 insertions(+), 567 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2c12fb69c..c01484b74 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -209,7 +209,8 @@ #define NDPI_PROTOCOL_WHOIS_DAS 170 #define NDPI_PROTOCOL_COLLECTD 171 #define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MS_LYNC 173 +/* The Lync protocol is now skype for business and this the old id 173 can now be recycled */ +#define NDPI_PROTOCOL_NINTENDO 173 #define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ @@ -245,7 +246,6 @@ #define NDPI_PROTOCOL_1KXUN 205 #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ - #define NDPI_PROTOCOL_DNSCRYPT 208 #define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ #define NDPI_PROTOCOL_DEEZER 210 @@ -269,12 +269,12 @@ #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_NINTENDO 231 + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_NINTENDO +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c10101d42..93b1b8651 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -335,11 +335,11 @@ struct bt_announce { // 192 bytes #define TINC_CACHE_MAX_SIZE 10 -typedef struct { +PACK_ON struct tinc_cache_entry { u_int32_t src_address; u_int32_t dst_address; u_int16_t dst_port; -} tinc_cache_entry_t; +} PACK_OFF; #endif @@ -1071,10 +1071,9 @@ struct ndpi_flow_struct { #endif #ifdef NDPI_PROTOCOL_TINC u_int8_t tinc_state; - tinc_cache_entry_t tinc_cache_entry; + struct tinc_cache_entry tinc_cache_entry; #endif - /* internal structures to save functions calls */ struct ndpi_packet_struct packet; struct ndpi_flow_struct *flow; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d79eb3c20..8ed89e3ae 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1536,11 +1536,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC, - no_master, - no_master, "Lync", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, no_master, no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, @@ -2717,6 +2712,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* FIX */ init_fix_dissector(ndpi_struct, &a, detection_bitmask); + + /* NINTENDO */ + init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); /*** Put false-positive sensitive protocols at the end ***/ @@ -2729,9 +2727,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); - /* NINTENDO */ - init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); - /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 9bcaec941..80848f5ba 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -96,8 +96,8 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && (payloadType = isValidMSRTPType(payload[1] & 0xFF))) { if(payloadType == 1 /* RTP */) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MS_LYNC, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype for Business (former MS Lync)\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } else /* RTCP */ { NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found MS RTCP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 1a4c260c0..19de3c437 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -27,7 +27,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - + if(flow->host_server_name[0] != '\0') return; @@ -52,7 +52,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s } NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); return; - + // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; @@ -64,11 +64,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s && flow->l4.tcp.seen_syn && flow->l4.tcp.seen_syn_ack && flow->l4.tcp.seen_ack) { - if((payload_len == 8) || (payload_len == 3)) { - //printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); + + if((payload_len == 8) || (payload_len == 3) || (payload_len == 17)) { + // printf("[SKYPE] payload_len=%u\n", payload_len); + /* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */ NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); + } else { + // printf("NO [SKYPE] payload_len=%u\n", payload_len); } /* printf("[SKYPE] [id: %u][len: %d]\n", flow->l4.tcp.skype_packet_id, payload_len); */ @@ -91,7 +95,7 @@ void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct, struct } -void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("Skype", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SKYPE, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 37feb2871..d44d9c26e 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -18,7 +18,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . + * along with nDPI. If not, see . * */ #include "ndpi_protocols.h" @@ -49,12 +49,11 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * const u_int8_t * payload, const u_int16_t payload_length, u_int8_t *is_whatsapp, - u_int8_t *is_lync) { + u_int8_t *is_skype) { u_int16_t msg_type, msg_len; struct stun_packet_header *h = (struct stun_packet_header*)payload; u_int8_t can_this_be_whatsapp_voice = 1; - if(payload_length < sizeof(struct stun_packet_header)) { if(flow->num_stun_udp_pkts > 0) { *is_whatsapp = 1; @@ -80,15 +79,21 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * /* This can either be the standard RTCP or Ms Lync RTCP that - later will becomg Ms Lync RTP. In this case we need to + later will become Ms Lync RTP. In this case we need to be careful before deciding about the protocol before dissecting the packet + + MS Lync = Skype + https://en.wikipedia.org/wiki/Skype_for_Business */ while(offset < payload_length) { - u_int16_t attribute = ntohs(*((u_int16_t*)&payload[offset])); u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2])); + u_int16_t x = (len + 4) % 4; + if(x != 0) + len += 4-x; + switch(attribute) { case 0x0008: /* Message Integrity */ case 0x0020: /* XOR-MAPPED-ADDRESSES */ @@ -101,7 +106,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { - *is_lync = 1; + /* Either skype for business or "normal" skype with multiparty call */ + *is_skype = 1; return(NDPI_IS_STUN); } break; @@ -111,8 +117,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * && (payload[offset+4] == 0x00) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) - && (payload[offset+7] == 0x02)) { - *is_lync = 1; + && ((payload[offset+7] == 0x02) || (payload[offset+7] == 0x03)) + ) { + *is_skype = 1; return(NDPI_IS_STUN); } break; @@ -122,6 +129,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * can_this_be_whatsapp_voice = 0; break; } + offset += len + 4; } goto udp_stun_found; @@ -244,7 +252,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - u_int8_t is_whatsapp = 0, is_lync = 0; + u_int8_t is_whatsapp = 0, is_skype = 0; NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "search stun.\n"); @@ -257,10 +265,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n * improved by checking only the STUN packet of given length */ if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, - packet->payload_packet_len - 2, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - if(is_lync) { - NDPI_LOG(NDPI_PROTOCOL_MS_LYNC, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + packet->payload_packet_len - 2, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { + if(is_skype) { + NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); ndpi_int_stun_add_connection(ndpi_struct, @@ -272,10 +280,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, - packet->payload_packet_len, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - if(is_lync) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + packet->payload_packet_len, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { + if(is_skype) { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); ndpi_int_stun_add_connection(ndpi_struct, diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index a69d18759..cdd330bca 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -32,25 +32,25 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->udp != NULL) { if(ndpi_struct->tinc_cache != NULL) { - tinc_cache_entry_t tinc_cache_entry1 = { + struct tinc_cache_entry tinc_cache_entry1 = { .src_address = packet->iph->saddr, .dst_address = packet->iph->daddr, .dst_port = packet->udp->dest }; - tinc_cache_entry_t tinc_cache_entry2 = { + struct tinc_cache_entry tinc_cache_entry2 = { .src_address = packet->iph->daddr, .dst_address = packet->iph->saddr, .dst_port = packet->udp->source }; - if( cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)) == CACHE_NO_ERROR || - cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)) == CACHE_NO_ERROR) - { + if(cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)) == CACHE_NO_ERROR || + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)) == CACHE_NO_ERROR) { + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)); cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)); - // cache_free(ndpi_struct->tinc_cache); + /* cache_free(ndpi_struct->tinc_cache); */ NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc udp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); @@ -59,9 +59,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st return; - } - else if(packet->tcp != NULL) { - + } else if(packet->tcp != NULL) { if(payload_len == 0) { if(packet->tcp->syn == 1 && packet->tcp->ack == 0) { flow->tinc_cache_entry.src_address = packet->iph->saddr; @@ -72,58 +70,56 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st } switch(flow->tinc_state) { - case 0: - case 1: - if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { - u_int16_t i = 3; - while(i < payload_len && packet_payload[i++] != ' '); - if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { - flow->tinc_state++; - return; - } - } - break; - - case 2: - case 3: - if(payload_len > 11 && memcmp(packet_payload, "1 ", 2) == 0 && packet_payload[2] != ' ') { - u_int16_t i = 3; - u_int8_t numbers_left = 4; - while(numbers_left) { - while(packet_payload[i] >= '0' && packet_payload[i] <= '9') { - i++; - } - - if(packet_payload[i++] == ' ') { - numbers_left--; - } - else break; - } + case 0: + case 1: + if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + while(i < payload_len && packet_payload[i++] != ' '); + if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { + flow->tinc_state++; + return; + } + } + break; + + case 2: + case 3: + if(payload_len > 11 && memcmp(packet_payload, "1 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + u_int8_t numbers_left = 4; + while(numbers_left) { + while(packet_payload[i] >= '0' && packet_payload[i] <= '9') { + i++; + } + + if(packet_payload[i++] == ' ') { + numbers_left--; + } + else break; + } - if(numbers_left) break; + if(numbers_left) break; - while((packet_payload[i] >= '0' && packet_payload[i] <= '9') || - (packet_payload[i] >= 'A' && packet_payload[i] <= 'Z')) { - i++; - } + while((packet_payload[i] >= '0' && packet_payload[i] <= '9') || + (packet_payload[i] >= 'A' && packet_payload[i] <= 'Z')) { + i++; + } - if(packet_payload[i] == '\n') { - if(++flow->tinc_state > 3) { - if(ndpi_struct->tinc_cache == NULL) { - ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); - } - - cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); - - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); - } - return; - } - } - break; + if(packet_payload[i] == '\n') { + if(++flow->tinc_state > 3) { + if(ndpi_struct->tinc_cache == NULL) + ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); + + cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + } + return; + } + } + break; - default: break; + default: break; } } @@ -136,8 +132,8 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "tinc detection...\n"); - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { - if (packet->tcp_retransmission == 0) { + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { + if(packet->tcp_retransmission == 0) { ndpi_check_tinc(ndpi_struct, flow); } } @@ -146,11 +142,11 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct n void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_TINC, - ndpi_search_tinc, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); + NDPI_PROTOCOL_TINC, + ndpi_search_tinc, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index 0a2ce6f6a..af53c9813 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -130,9 +130,10 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { if((cache->map)[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; + while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && - !memcmp(hash_entry_map->entry->item, item, item_size)) { + !memcmp(hash_entry_map->entry->item, item, item_size)) { break; } @@ -141,7 +142,6 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { if(hash_entry_map) { cache_touch_entry(cache, hash_entry_map->entry); - return CACHE_NO_ERROR; } } @@ -256,8 +256,7 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { hash_entry_map = hash_entry_map->next; } - if(hash_entry_map) { - + if(hash_entry_map) { if(hash_entry_map_prev) { hash_entry_map_prev->next = hash_entry_map->next; } else { diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 6cbdc3f69..660bc2372 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -10,9 +10,9 @@ QQ 28 5216 2 SSL 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 +Skype 2 132 1 Google 3 176 1 LLMNR 89 6799 47 -Lync 2 132 1 1kxun 952 531718 21 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] @@ -48,7 +48,7 @@ Lync 2 132 1 31 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] 32 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] 33 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] 35 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] 36 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] 37 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 778097f5f..8d2a0b46c 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index ea7c9d606..1252983a7 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.233/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 1b7caa48d..e75fc17f3 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -1,25 +1,25 @@ ICMP 30 2100 2 -Amazon 76 10811 7 Nintendo 890 320242 12 +Amazon 76 10811 7 - 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 231/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] + 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] - 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 231/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] - 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 231/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] + 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] + 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.231/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] - 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.231/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] - 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 231/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] + 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] + 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] - 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 231/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] - 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 231/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] - 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 231/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] + 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] + 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] + 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index c2a8d8b77..2eee5ea71 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 404 52712 16 +Unknown 175 20913 11 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,305 +7,305 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1910 292610 244 +Skype 2139 324409 249 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 2 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] - 22 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] - 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] - 26 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] - 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] - 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] - 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] - 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] - 32 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] - 33 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] - 34 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] - 35 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 40 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 41 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 42 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 43 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 44 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 45 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 46 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 47 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 48 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 49 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 50 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 51 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 52 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 53 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 54 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 55 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 56 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 57 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 58 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 59 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 60 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 61 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] - 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 74 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 75 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 76 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 78 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 79 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] - 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 83 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 84 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] - 89 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] - 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] - 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] - 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] - 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] - 95 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] - 97 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] - 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] - 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] - 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] - 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] - 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] - 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] - 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] - 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] - 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] - 109 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] - 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] - 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] - 153 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] - 164 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 165 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] - 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] - 196 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 207 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 212 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 233 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 234 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 235 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 236 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 241 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 242 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 243 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] - 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] - 245 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 252 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] - 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] + 2 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] + 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 21 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 22 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] + 23 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 25 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] + 26 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] + 27 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] + 28 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 29 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] + 30 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] + 31 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] + 32 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] + 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] + 34 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] + 35 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 36 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] + 37 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 40 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 41 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 42 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 45 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 47 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 49 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 50 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 52 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 53 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 55 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 56 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 57 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 58 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 59 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 60 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 63 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 64 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 65 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] + 66 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 67 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 68 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 69 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] + 70 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 71 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 72 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 73 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 74 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 75 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 76 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 77 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 79 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 80 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 81 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 82 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 83 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] + 84 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 85 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 86 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 87 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 88 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 89 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 90 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] + 91 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] + 92 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] + 93 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 94 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] + 95 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] + 96 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] + 97 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 98 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 99 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 101 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 102 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 103 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 104 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] + 105 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] + 106 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] + 107 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] + 108 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] + 109 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] + 110 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] + 111 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 130 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] + 131 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] + 132 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 133 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] + 134 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 153 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 154 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 155 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 156 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 157 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 161 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 162 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] + 163 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 164 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 165 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 166 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 167 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 169 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 170 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 171 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 172 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 199 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 200 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 202 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 207 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 208 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 209 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 210 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 211 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 212 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 213 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 214 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 215 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 216 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 217 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 218 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 219 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 226 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 227 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 228 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 230 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 231 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 234 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 235 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 236 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 237 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] + 238 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 239 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 240 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 242 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 243 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 244 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 247 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 248 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 249 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 251 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 252 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 253 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 254 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 255 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 256 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 257 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 274 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 275 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 276 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 277 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 278 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 279 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 280 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 281 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 282 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] - 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] - 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] - 4 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] - 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] - 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] - 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] - 14 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] - 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] + 1 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] + 2 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 4 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] + 5 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] + 6 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] + 7 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] + 8 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 9 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] + 10 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 302fe5cae..e2991bcd6 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 186 61791 12 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1291 190136 223 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,144 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 118 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] - 137 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] - 146 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 179 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 185 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 188 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 211 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] - 220 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 221 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 222 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 227 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] - 229 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 233 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] + 119 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 138 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] + 139 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 141 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 142 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 143 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] + 144 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 145 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 146 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 147 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 148 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 180 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 181 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 185 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 186 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 187 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 188 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 189 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 190 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 191 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 192 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 193 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 202 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 203 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 205 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 207 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 208 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 209 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 210 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 211 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] + 213 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] + 217 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 218 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 219 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 220 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] + 222 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 223 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 224 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 227 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 228 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 229 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] + 230 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 231 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 232 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 235 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 251 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 252 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 253 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 254 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 255 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] Undetected flows: @@ -274,10 +276,8 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] 6 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] - 13 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] + 9 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 10 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] + 11 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 12 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 01649f097c1bc9593f2d2b63886add394040fed0 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 27 Jul 2017 13:15:37 +0200 Subject: results updated --- tests/do_line_diff.py | 46 ---------------------------- tests/line_diff.py | 45 --------------------------- tests/pcap/drda_db2.pcap | Bin tests/result/nintendo.pcap.out | 25 --------------- tests/result/skype-conference-call.pcap.out | 0 tests/result/skype.pcap.out | 6 ++-- 6 files changed, 3 insertions(+), 119 deletions(-) delete mode 100755 tests/do_line_diff.py delete mode 100755 tests/line_diff.py mode change 100755 => 100644 tests/pcap/drda_db2.pcap create mode 100644 tests/result/skype-conference-call.pcap.out diff --git a/tests/do_line_diff.py b/tests/do_line_diff.py deleted file mode 100755 index 6db65a133..000000000 --- a/tests/do_line_diff.py +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python - -""" -do_line_diff.py - Interactively runs all tests, and on any test where line_diff.py -showed an output, lets the user check the output and replace the test file with the output -file if they think it's safe to do so (in the sense that the test is actually passing). This -script was first used when enhancing the ssl protocol to not immediately stop detection upon -only detecting a client certificate. When server certificates were added, the this script -was helpful in checking which lines of which tests had appended server certificate info -to the line. -""" - -import os -import sys -import time -import subprocess - -program_base_args = ["../example/ndpiReader", "-p", "../example/protos.txt", "-q", "-i"] -line_diff_base_args = ["./line_diff.py"] -temp_output = "/tmp/reader.out" -result_folder = "result/" -pcap_folder = "pcap/" -pcap_file_list = os.listdir(pcap_folder) - -def find_pcap(result_file): - for pcap_file in pcap_file_list: - if pcap_file == result_file[:-4]: - return pcap_file - -for result_file in os.listdir(result_folder): - pcap_file = find_pcap(result_file) - program_args = program_base_args + [pcap_folder + pcap_file, "-w", temp_output, "-v", "1"] - program_output = subprocess.call(program_args) - line_diff_args = line_diff_base_args + [result_folder + result_file, temp_output] - line_diff_output = subprocess.check_output(line_diff_args, universal_newlines=True) - if len(line_diff_output) > 0: - print("File output " + result_file + " had line diff output. Here it is:") - print(line_diff_output) - replace = "" - while replace.lower() != 'y' and replace.lower() != 'n': - replace = input("Would you like to replace the file? ('y' or 'n') ") - if replace == 'y': - subprocess.check_output(["cp", temp_output, result_folder + result_file]) - print("") - elif replace == 'n': - break \ No newline at end of file diff --git a/tests/line_diff.py b/tests/line_diff.py deleted file mode 100755 index 1b42f1f2f..000000000 --- a/tests/line_diff.py +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env python -""" -line_diff.py - Simple tool that compares two files with the same number of lines and prints the -characters (if any) on the right line (moving left to right) that are present that -weren't present in the left line -""" - -import sys - -left_file = sys.argv[1] -right_file = sys.argv[2] - -left_lines = [] -right_lines = [] - -with open(left_file) as left: - for line in left.readlines(): - left_lines.append(line.strip()) -with open(right_file) as right: - for line in right.readlines(): - right_lines.append(line.strip()) - -if len(left_lines) != len(right_lines): - print("Files didn't have the same number of lines, exiting...") - sys.exit(0) - -for i in range(len(left_lines)): - left_contents = left_lines[i] - right_contents = right_lines[i] - if len(left_contents) > len(right_contents): - print("Line " + str(i) + " has longer left contents than right contents.") - print("Left contents: " + left_contents) - print("Right contents: " + right_contents) - break - else: - left_list = list(left_contents) - right_list = list(right_contents) - while len(left_list) > 0: - if right_list.pop(0) != left_list.pop(0): - print("Line " + str(i) + ": Right contents that are not a prefix of left contents.") - print("Left contents: " + left_contents) - print("Right contents: " + right_contents) - break - if len(right_list) > 0: - print("Line " + str(i) + ": Right contents have extra characters: " + ''.join(right_list)) diff --git a/tests/pcap/drda_db2.pcap b/tests/pcap/drda_db2.pcap old mode 100755 new mode 100644 diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index e75fc17f3..e69de29bb 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -1,25 +0,0 @@ -ICMP 30 2100 2 -Nintendo 890 320242 12 -Amazon 76 10811 7 - - 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] - 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] - 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] - 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] - 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] - 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] - 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] - 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] - 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] - 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] - 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] - 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] - 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] - 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] diff --git a/tests/result/skype-conference-call.pcap.out b/tests/result/skype-conference-call.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 2eee5ea71..db8d030c0 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -5,9 +5,9 @@ NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 2139 324409 249 +Skype 2147 325017 250 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -181,7 +181,7 @@ MS_OneDrive 387 198090 1 166 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] 167 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 169 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 169 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] 170 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] 171 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] 172 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] -- cgit v1.2.3 From f664aee00b9610509f8bb217a9c0c6c209e0ea91 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 27 Jul 2017 13:37:09 +0200 Subject: results updated 2 --- tests/result/nintendo.pcap.out | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index e69de29bb..149c9bb79 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -0,0 +1,25 @@ +ICMP 30 2100 2 +Nintendo 890 320242 12 +Amazon 76 10811 7 + + 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] + 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] + 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] + 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] + 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] + 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] + 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] + 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] + 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] + 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] + 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] + 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] + 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] + 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] \ No newline at end of file -- cgit v1.2.3 From 5f1131cae292188a66611be1569834c6e21c7a97 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 25 Jul 2017 13:51:14 +0000 Subject: ndpiReader: fix file_first_time/_statsFilePath defined but not used [-Werror=unused-variable] --- example/ndpiReader.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index bcab28568..36d217a30 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -64,8 +64,8 @@ static FILE *results_file = NULL; static char *results_path = NULL; static char * bpfFilter = NULL; /**< bpf filter */ static char *_protoFilePath = NULL; /**< Protocol file path */ -static char *_statsFilePath = NULL; /**< Top stats file path */ #ifdef HAVE_JSON_C +static char *_statsFilePath = NULL; /**< Top stats file path */ static char *_diagnoseFilePath = NULL; /**< Top stats file path */ static char *_jsonFilePath = NULL; /**< JSON file path */ static FILE *stats_fp = NULL; /**< for Top Stats JSON file */ @@ -78,7 +78,10 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; -static u_int8_t stats_flag = 0, file_first_time = 1, bpf_filter_flag = 0; +static u_int8_t stats_flag = 0, bpf_filter_flag = 0; +#ifdef HAVE_JSON_C +static u_int8_t file_first_time = 1; +#endif static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; -- cgit v1.2.3 From b021f5bce1810d58a3bcae42ea97242ed24bc41d Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 25 Jul 2017 14:03:10 +0000 Subject: ndpiReader.c fix ‘getTopStats/deleteTopStats/top_stats_sort/scanners_port_sort/scanners_sort/deleteScanners’ defined but not used [-Werror=unused-function] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/ndpiReader.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 36d217a30..e6281b617 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1033,6 +1033,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ +#ifdef HAVE_JSON_C static void deleteScanners(struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; @@ -1046,6 +1047,7 @@ static void deleteScanners(struct single_flow_info *scanners) { free(s); } } +#endif /* *********************************************** */ @@ -1358,6 +1360,7 @@ static int port_stats_sort(void *_a, void *_b) { /* *********************************************** */ +#ifdef HAVE_JSON_C static int scanners_sort(void *_a, void *_b) { struct single_flow_info *a = (struct single_flow_info *)_a; struct single_flow_info *b = (struct single_flow_info *)_b; @@ -1374,6 +1377,7 @@ static int scanners_port_sort(void *_a, void *_b) { return(b->num_flows - a->num_flows); } +#endif /* *********************************************** */ static int info_pair_cmp (const void *_a, const void *_b) @@ -1386,6 +1390,7 @@ static int info_pair_cmp (const void *_a, const void *_b) /* *********************************************** */ +#ifdef HAVE_JSON_C static int top_stats_sort(void *_a, void *_b) { struct top_stats *a = (struct top_stats*)_a; struct top_stats *b = (struct top_stats*)_b; @@ -1444,7 +1449,6 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats) { /* *********************************************** */ -#ifdef HAVE_JSON_C static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; -- cgit v1.2.3 From 5ebc85e705049983095e50d02577c4e39aad77fa Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Thu, 27 Jul 2017 12:09:15 +0000 Subject: ndpiReader.c: fix variable ‘fileName’ set but not used [-Werror=unused-but-set-variable] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/ndpiReader.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e6281b617..189321968 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2285,7 +2285,6 @@ void automataUnitTest() { void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath) { FILE *fp = NULL; char _filterFilePath[1024]; - char *fileName; char filter[2048]; int produced = 0; int i = 0; @@ -2337,7 +2336,6 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar produced = 1; } - fileName = basename(filePath); snprintf(_filterFilePath, sizeof(_filterFilePath), "%s.bpf", filePath); if((fp = fopen(_filterFilePath,"w")) == NULL) { -- cgit v1.2.3 From ad401c4192f9db7e5e1c6b9fa8b45b2cd9d3d657 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 28 Jul 2017 13:05:30 +0000 Subject: ndpi_main.c: fix unused variable 'rc' [-Werror,-Wunused-variable] --- src/lib/ndpi_main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 537893567..84e43e660 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4678,7 +4678,6 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - int rc; if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); -- cgit v1.2.3 From 9a809bf673712806f7bb6ed7c0d30ba697bbdcb6 Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 29 Jul 2017 06:55:50 +0200 Subject: Improved TeamViewer support --- src/lib/ndpi_content_match.c.inc | 4 ++++ src/lib/ndpi_main.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4475d640a..3896f3a08 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -627,6 +627,10 @@ static ndpi_network host_protocol_list[] = { { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_PROTOCOL_OCS }, + + /* Teamviewer 159.122.189.32-63 */ + { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, + /* IFLIX services -by www.vizuamatix.com R&D team */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 84e43e660..65c139c08 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1353,8 +1353,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, no_master, no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_a, 5938, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5938, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, no_master, no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, -- cgit v1.2.3 From fbfe3e004ce48ecf4d5287c003d4176a7f4c252e Mon Sep 17 00:00:00 2001 From: Konstantin Shalygin Date: Fri, 28 Jul 2017 09:32:52 +0700 Subject: Added Sony Playstation protocol. --- src/include/ndpi_protocol_ids.h | 8 +++----- src/lib/ndpi_content_match.c.inc | 4 ++++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c01484b74..25b1308bd 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -108,7 +108,7 @@ #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 #define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_QUAKE 72 #define NDPI_PROTOCOL_IP_VRRP 73 #define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_HALFLIFE2 75 @@ -269,12 +269,10 @@ #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 - - - +#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTATION #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4475d640a..c5085efc5 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8242,6 +8242,10 @@ ndpi_protocol_match host_match[] = { { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; -- cgit v1.2.3 From a90b97bc10a392b34344c89c59d059260c184b50 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 29 Jul 2017 23:44:47 +0200 Subject: fix wrong datalink type for Cisco PPP --- example/ndpi_util.c | 3 ++- tests/do.sh | 1 - tests/result/BGP_Cisco_hdlc_slarp.pcap.out | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 96a88a8e5..1fc3af15a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -652,8 +652,9 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = ntohs(chdlc->proto_code); break; - /* Cisco PPP with HDLC framing - 104 */ + /* Cisco PPP - 9 or 104 */ case DLT_C_HDLC: + case DLT_PPP: chdlc = (struct ndpi_chdlc *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */ type = ntohs(chdlc->proto_code); diff --git a/tests/do.sh b/tests/do.sh index 55f94a3e9..7516e5997 100755 --- a/tests/do.sh +++ b/tests/do.sh @@ -1,4 +1,3 @@ - READER="../example/ndpiReader -p ../example/protos.txt" RC=0 diff --git a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out index e69de29bb..719f185b6 100644 --- a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out +++ b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out @@ -0,0 +1,3 @@ +BGP 14 969 1 + + 1 TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][7 pkts/388 bytes <-> 7 pkts/581 bytes] -- cgit v1.2.3 From b1f6ac1a844f610167e6d8c682e3ff33aeee2502 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 29 Jul 2017 23:48:25 +0200 Subject: updated results --- tests/result/http_ipv6.pcap.out | 8 ++++---- tests/result/mpeg.pcap.out | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 16c73c8b0..c57e7b950 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 1252983a7..ea7c9d606 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.233/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] -- cgit v1.2.3 From 1d4eeaa32824d5b10b2a3e1ccf4245709a2374d1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Jul 2017 13:57:12 +0200 Subject: Removed invalid networks from google list --- src/lib/ndpi_content_match.c.inc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index a87dbb728..ae57ddf4c 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -754,10 +754,6 @@ static ndpi_network host_protocol_list[] = { Google Inc. / Google Switzerland GmbH / Google Ireland Limited origin AS15169, AS36384, AS41264, AS43515, AS36039, AS36040, AS36492 */ - - { 0x01000000 /* 1.0.0.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, - { 0x01010100 /* 1.1.1.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, - { 0x01020300 /* 1.2.3.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, { 0x08063000 /* 8.6.48.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, { 0x08080400 /* 8.8.4.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, { 0x08080800 /* 8.8.8.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, @@ -829,7 +825,7 @@ static ndpi_network host_protocol_list[] = { { 0xD8EF2000 /* 216.239.32.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, { 0xD8FCDC00 /* 216.252.220.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, - /* +/* Canonical Ltd (Ubuntu) origin AS41231 */ -- cgit v1.2.3 From 3ba3a08141f0c60ab8e970e744ecf7540319b093 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 2 Aug 2017 20:15:21 +0200 Subject: Implemented flow sort based on total bytes so that we can (with -v X) immediately spot elephants and mice --- example/ndpiReader.c | 65 ++- example/ndpi_util.c | 5 +- example/ndpi_util.h | 1 + tests/result/1kxun.pcap.out | 244 +++++----- tests/result/6in4tunnel.pcap.out | 18 +- tests/result/EAQ.pcap.out | 56 +-- tests/result/Instagram.pcap.out | 56 +-- tests/result/KakaoTalk_chat.pcap.out | 72 +-- tests/result/KakaoTalk_talk.pcap.out | 36 +- tests/result/Viber_session.pcap.out | 68 +-- tests/result/bittorrent.pcap.out | 46 +- tests/result/bittorrent_ip.pcap.out | 4 +- tests/result/coap_mqtt.pcap.out | 32 +- tests/result/dnscrypt.pcap.out | 8 +- tests/result/dropbox.pcap.out | 78 +-- tests/result/facebook.pcap.out | 4 +- tests/result/fix.pcap.out | 22 +- tests/result/http_ipv6.pcap.out | 20 +- tests/result/msnms.pcap.out | 10 +- tests/result/mssql_tds.pcap.out | 24 +- tests/result/netflix.pcap.out | 118 ++--- tests/result/nintendo.pcap.out | 40 +- tests/result/ocs.pcap.out | 38 +- tests/result/ookla.pcap.out | 4 +- tests/result/openvpn.pcap.out | 6 +- tests/result/pps.pcap.out | 194 ++++---- tests/result/quic.pcap.out | 18 +- tests/result/quickplay.pcap.out | 42 +- tests/result/rx.pcap.out | 10 +- tests/result/skype-conference-call.pcap.out | 3 + tests/result/skype.pcap.out | 584 +++++++++++------------ tests/result/skype_no_unknown.pcap.out | 528 ++++++++++---------- tests/result/starcraft_battle.pcap.out | 104 ++-- tests/result/teredo.pcap.out | 6 +- tests/result/tinc.pcap.out | 8 +- tests/result/tor.pcap.out | 22 +- tests/result/ubntac2.pcap.out | 6 +- tests/result/viber_mobile.pcap.out | 152 +++--- tests/result/vnc.pcap.out | 4 +- tests/result/waze.pcap.out | 58 +-- tests/result/webex.pcap.out | 114 ++--- tests/result/wechat.pcap.out | 202 ++++---- tests/result/weibo.pcap.out | 88 ++-- tests/result/whatsapp_login_call.pcap.out | 102 ++-- tests/result/whatsapp_login_chat.pcap.out | 18 +- tests/result/whatsapp_voice_and_message.pcap.out | 26 +- tests/result/youtube_quic.pcap.out | 6 +- 47 files changed, 1708 insertions(+), 1662 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 189321968..e0dda2cab 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -97,7 +97,15 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; -struct info_pair{ +struct flow_info { + struct ndpi_flow_info *flow; + u_int16_t thread_id; +}; + +static struct flow_info *all_flows; + + +struct info_pair { char addr[48]; char proto[48]; /*app level protocol*/ int count; @@ -167,7 +175,7 @@ static u_int16_t extcap_packet_filter = (u_int16_t)-1; // struct associated to a workflow for a thread struct reader_thread { - struct ndpi_workflow * workflow; + struct ndpi_workflow *workflow; pthread_t pthread; u_int64_t last_idle_scan_time; u_int32_t idle_scan_idx; @@ -331,6 +339,13 @@ int cmpProto(const void *_a, const void *_b) { return(strcmp(a->name, b->name)); } +int cmpFlows(const void *_a, const void *_b) { + struct flow_info *a = (struct flow_info*)_a; + struct flow_info *b = (struct flow_info*)_b; + + return((a->flow->src2dst_bytes + a->flow->dst2src_bytes) < (b->flow->src2dst_bytes + b->flow->dst2src_bytes) ? 1 : -1); +} + void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; @@ -555,8 +570,7 @@ static void parseOptions(int argc, char **argv) { } } - if(!bpf_filter_flag) { - + if(!bpf_filter_flag) { if(do_capture) { quiet_mode = 1; extcap_capture(); @@ -670,7 +684,7 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { /** * @brief Print the flow */ -static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { +static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t thread_id) { #ifdef HAVE_JSON_C json_object *jObj; #endif @@ -680,7 +694,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { return; if(!json_flag) { - fprintf(out, "\t%u", ++num_flows); + fprintf(out, "\t%u", id); fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); @@ -785,8 +799,11 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) return; - if((which == ndpi_preorder) || (which == ndpi_leaf)) /* Avoid walking the same node multiple times */ - printFlow(thread_id, flow); + if((which == ndpi_preorder) || (which == ndpi_leaf)) { + /* Avoid walking the same node multiple times */ + all_flows[num_flows].thread_id = thread_id, all_flows[num_flows].flow = flow; + num_flows++; + } } /** @@ -799,8 +816,11 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) return; - if((which == ndpi_preorder) || (which == ndpi_leaf)) /* Avoid walking the same node multiple times */ - printFlow(thread_id, flow); + if((which == ndpi_preorder) || (which == ndpi_leaf)) { + /* Avoid walking the same node multiple times */ + all_flows[num_flows].thread_id = thread_id, all_flows[num_flows].flow = flow; + num_flows++; + } } @@ -837,7 +857,6 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept if(enable_protocol_guess) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { node_guess_undetected_protocol(thread_id, flow); - // printFlow(thread_id, flow); } } @@ -885,6 +904,7 @@ void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int HASH_ADD_INT(f->ports, port, pp); } + else pp->num_flows++; } } @@ -1148,7 +1168,7 @@ static void on_protocol_discovered(struct ndpi_workflow * workflow, } } - printFlow(thread_id, flow); + // printFlow(thread_id, flow); } } @@ -1804,7 +1824,16 @@ static void printResults(u_int64_t tot_usec) { if((verbose == 1) || (verbose == 2)) { FILE *out = results_file ? results_file : stdout; + u_int32_t total_flows = 0; + + for(thread_id = 0; thread_id < num_threads; thread_id++) + total_flows += ndpi_thread_info[thread_id].workflow->num_allocated_flows; + if((all_flows = (struct flow_info*)malloc(sizeof(struct flow_info)*total_flows)) == NULL) { + printf("Fatal error: not enough memory\n"); + exit(-1); + } + if(!json_flag) fprintf(out, "\n"); num_flows = 0; @@ -1813,6 +1842,11 @@ static void printResults(u_int64_t tot_usec) { ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], node_print_known_proto_walker, &thread_id); } + qsort(all_flows, num_flows, sizeof(struct flow_info), cmpFlows); + + for(i=0; istats.protocol_counter[0 /* 0 = Unknown */] > 0) { if(!json_flag) { @@ -1834,6 +1868,13 @@ static void printResults(u_int64_t tot_usec) { ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], node_print_unknown_proto_walker, &thread_id); } } + + qsort(all_flows, num_flows, sizeof(struct flow_info), cmpFlows); + + for(i=0; indpi_struct, NDPI_LOG_ERROR, "[NDPI] %s(1): not enough memory\n", __FUNCTION__); return(NULL); - } + } else + workflow->num_allocated_flows++; memset(newflow, 0, sizeof(struct ndpi_flow_info)); newflow->hashval = hashval; @@ -544,6 +544,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, /* TODO: When half_free is deprecated, get rid of this */ ndpi_free_flow_info_half(flow); } + return(flow->detected_protocol); } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 45101cf10..5fe3dc66b 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -130,6 +130,7 @@ typedef struct ndpi_workflow { /* allocated by prefs */ void **ndpi_flows_root; struct ndpi_detection_module_struct *ndpi_struct; + u_int32_t num_allocated_flows; } ndpi_workflow_t; diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 660bc2372..a716fa8e4 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -15,135 +15,135 @@ Google 3 176 1 LLMNR 89 6799 47 1kxun 952 531718 21 - 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] - 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] - 3 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 4 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 5 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 6 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] - 7 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] - 8 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] - 9 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 10 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] - 11 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] - 12 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 13 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] - 14 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 16 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] - 17 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] - 18 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 19 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 20 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] - 22 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 23 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 25 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] - 26 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 28 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 30 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 31 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] - 32 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] - 33 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 36 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 37 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] - 38 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 39 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] - 40 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] - 41 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] - 42 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 43 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] - 44 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] - 45 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] - 46 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] - 47 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] - 48 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 49 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] - 50 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 51 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] - 52 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 53 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] - 54 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] - 55 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] - 56 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] - 57 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] - 58 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] - 59 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] - 60 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 61 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 63 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 64 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] - 65 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 66 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] - 67 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] - 68 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] - 69 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] - 71 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] - 72 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] - 73 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 74 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 75 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 76 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 77 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] - 78 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 79 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 80 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 81 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 82 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 83 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 84 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 85 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 86 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 87 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] - 88 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 89 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 90 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] - 91 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] - 92 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 93 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 94 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 95 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 96 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 97 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 99 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 100 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] - 101 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] - 102 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 103 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 104 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] - 105 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 106 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] - 107 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] - 108 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] + 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] + 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] + 3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] + 4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] + 5 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] + 6 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] + 7 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] + 8 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] + 9 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] + 10 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] + 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] + 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] + 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] + 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] + 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] + 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] + 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] + 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] + 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] + 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] + 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] + 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] + 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] + 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] + 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] + 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] + 32 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 36 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] + 37 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] + 39 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] + 40 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] + 41 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] + 42 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] + 45 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] + 46 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] + 47 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] + 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] + 50 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 51 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] + 53 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] + 55 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] + 56 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 57 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 58 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] + 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] + 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 61 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 62 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] + 63 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 64 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 65 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 66 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 67 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 68 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 69 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 70 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 71 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 72 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] + 73 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 74 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 75 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 76 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 77 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 78 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 79 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 80 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 81 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 82 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 83 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 84 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] + 85 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 86 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 87 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 90 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 91 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 92 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 93 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 94 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 95 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 96 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 97 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 98 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] + 99 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 101 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] + 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] + 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] + 105 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 106 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 108 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 110 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] - 111 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] - 112 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] - 113 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] - 114 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] - 115 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 110 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 112 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 113 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 114 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 115 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] Undetected flows: - 1 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][5 pkts/1795 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][5 pkts/1795 bytes -> 0 pkts/0 bytes] + 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] 4 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][1 pkts/359 bytes -> 0 pkts/0 bytes] - 7 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] - 8 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] - 11 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] - 12 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index d170a55aa..b32ab138a 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,13 +4,13 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com][server: *.facebook.com] - 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][client: mail.tomasu.net][server: mail.tomasu.net] - 4 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes -> 0 pkts/0 bytes] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][client: mail.tomasu.net][server: mail.tomasu.net] + 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com][server: *.facebook.com] + 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][23 pkts/3174 bytes <-> 23 pkts/3174 bytes] + 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes -> 0 pkts/0 bytes] - 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] - 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][23 pkts/3174 bytes <-> 23 pkts/3174 bytes] - 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] - 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com] - 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net] + 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com] + 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com] + 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] + 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes] + 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 663b6a9b5..187fced58 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -2,33 +2,33 @@ Google 23 11743 2 EAQ 174 10092 29 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br] - 2 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 3 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 4 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com] - 5 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 6 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 7 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 8 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 9 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 10 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 11 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 12 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 13 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 14 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 15 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 16 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 17 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 18 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 19 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 20 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 21 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com] + 3 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 4 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 5 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 6 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 7 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 8 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 9 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 10 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 11 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 12 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 13 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 14 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 15 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 16 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 17 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 18 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 19 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 20 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] 22 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] 23 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 24 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 25 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 26 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 27 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 28 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 29 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 30 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 31 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 24 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 25 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 26 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 27 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 28 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 29 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 30 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 31 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index cb0788864..9c7cc6395 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -6,37 +6,37 @@ Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 - 1 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net] - 3 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes -> 0 pkts/0 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 6 pkts/4118 bytes] - 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 5 pkts/4020 bytes] - 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][25 pkts/37100 bytes <-> 24 pkts/1584 bytes] - 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com] + 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] + 2 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com] + 3 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com] + 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com] + 5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com] + 6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][34 pkts/5555 bytes <-> 34 pkts/40133 bytes] + 7 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][25 pkts/37100 bytes <-> 24 pkts/1584 bytes] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][14 pkts/924 bytes <-> 20 pkts/28115 bytes] - 9 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com] - 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][103 pkts/150456 bytes <-> 47 pkts/3102 bytes] - 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com] - 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][client: telegraph-ash.instagram.com] - 16 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][34 pkts/5555 bytes <-> 34 pkts/40133 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][6 pkts/4699 bytes <-> 6 pkts/1345 bytes] + 9 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][16 pkts/22931 bytes <-> 9 pkts/594 bytes] + 10 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net][server: a248.e.akamai.net] + 11 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net][server: a248.e.akamai.net] + 12 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][6 pkts/4699 bytes <-> 6 pkts/1345 bytes] + 13 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] + 14 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] + 15 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 6 pkts/4118 bytes] + 16 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 5 pkts/4020 bytes] + 17 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com] + 18 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][client: telegraph-ash.instagram.com] + 19 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes -> 0 pkts/0 bytes] 20 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes -> 0 pkts/0 bytes] - 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] - 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net] - 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net][server: a248.e.akamai.net] - 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net] - 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][16 pkts/22931 bytes <-> 9 pkts/594 bytes] - 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com] + 21 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net] + 22 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com] + 23 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] + 24 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net] + 25 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net] + 26 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 27 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes] - 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net][server: a248.e.akamai.net] - 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com] - 31 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] + 29 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes -> 0 pkts/0 bytes] + 30 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] + 31 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes -> 0 pkts/0 bytes][Host: photos-b.ak.instagram.com] Undetected flows: diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index cdc055e8c..89a19fea5 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -8,41 +8,41 @@ HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 - 1 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/78 bytes <-> 1 pkts/166 bytes][Host: katalk.kakao.com] - 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] - 4 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes -> 0 pkts/0 bytes] - 5 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes -> 0 pkts/0 bytes] - 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/85 bytes <-> 1 pkts/144 bytes][Host: developers.facebook.com] - 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] - 8 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes -> 0 pkts/0 bytes] - 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][17 pkts/2231 bytes <-> 9 pkts/1695 bytes] - 10 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com] - 11 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com] - 12 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] - 13 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com] - 14 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com] - 15 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com] - 16 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com] - 17 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com] - 18 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] - 19 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] - 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com] - 21 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] - 22 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][server: *.facebook.com] - 23 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][server: *.facebook.com] - 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][9 pkts/1737 bytes <-> 9 pkts/672 bytes] + 1 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com][server: *.facebook.com] + 2 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com][server: *.facebook.com] + 3 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com][server: *.facebook.com] + 4 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][server: *.facebook.com] + 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com] + 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][server: *.facebook.com] + 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com] + 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][17 pkts/2231 bytes <-> 9 pkts/1695 bytes] + 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][9 pkts/1737 bytes <-> 9 pkts/672 bytes] + 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com] + 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com] + 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com] + 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][7 pkts/392 bytes <-> 7 pkts/392 bytes] + 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][2 pkts/112 bytes <-> 3 pkts/168 bytes] + 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][2 pkts/139 bytes <-> 2 pkts/112 bytes] + 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/78 bytes <-> 1 pkts/166 bytes][Host: katalk.kakao.com] + 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/85 bytes <-> 1 pkts/144 bytes][Host: developers.facebook.com] + 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/80 bytes <-> 1 pkts/138 bytes][Host: graph.facebook.com] + 19 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][1 pkts/87 bytes <-> 1 pkts/130 bytes][Host: 2.97.252.173.in-addr.arpa] + 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com] + 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com] + 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com] + 23 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] + 24 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com] - 26 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] - 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][1 pkts/87 bytes <-> 1 pkts/130 bytes][Host: 2.97.252.173.in-addr.arpa] - 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/80 bytes <-> 1 pkts/138 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][7 pkts/392 bytes <-> 7 pkts/392 bytes] + 26 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] + 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] + 28 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] + 29 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com] - 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][2 pkts/112 bytes <-> 3 pkts/168 bytes] - 32 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] - 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] - 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com][server: *.facebook.com] - 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com][server: *.facebook.com] - 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com][server: *.facebook.com] - 37 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com] - 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][2 pkts/139 bytes <-> 2 pkts/112 bytes] + 31 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] + 32 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] + 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes -> 0 pkts/0 bytes] + 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com] + 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] + 36 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][1 pkts/147 bytes -> 0 pkts/0 bytes] + 37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] + 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index c01c64475..8d4ec7074 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -10,23 +10,23 @@ Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 - 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes] - 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes] - 3 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] - 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][6 pkts/543 bytes <-> 5 pkts/945 bytes] - 5 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/79 bytes <-> 1 pkts/118 bytes][Host: mqtt.facebook.com] - 6 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes -> 0 pkts/0 bytes] - 7 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][15 pkts/2932 bytes <-> 14 pkts/1092 bytes] - 8 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes -> 0 pkts/0 bytes] - 9 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][23 pkts/4380 bytes <-> 22 pkts/5728 bytes] + 1 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][757 pkts/106335 bytes <-> 746 pkts/93906 bytes] + 2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][746 pkts/93906 bytes <-> 742 pkts/104604 bytes] + 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][22 pkts/5326 bytes <-> 18 pkts/5212 bytes] + 4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][23 pkts/4380 bytes <-> 22 pkts/5728 bytes] + 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][15 pkts/2932 bytes <-> 14 pkts/1092 bytes] + 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] + 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] + 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][6 pkts/543 bytes <-> 5 pkts/945 bytes] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][3 pkts/1044 bytes <-> 2 pkts/154 bytes] - 11 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] - 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][22 pkts/5326 bytes <-> 18 pkts/5212 bytes] - 13 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] - 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] - 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][746 pkts/93906 bytes <-> 742 pkts/104604 bytes] - 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] - 18 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][757 pkts/106335 bytes <-> 746 pkts/93906 bytes] - 19 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] + 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes] + 12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes -> 0 pkts/0 bytes] + 13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes] + 14 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/79 bytes <-> 1 pkts/118 bytes][Host: mqtt.facebook.com] + 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] + 16 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes -> 0 pkts/0 bytes] + 17 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] + 18 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] + 19 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 88d9589a3..679865a83 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -11,44 +11,44 @@ WhatsApp 5 412 1 Viber 4163 392492 4 Amazon 1 66 1 - 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/389 bytes <-> 5 pkts/368 bytes] - 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/428 bytes <-> 4 pkts/264 bytes] - 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] - 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][14 pkts/1058 bytes <-> 9 pkts/2287 bytes] - 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 8 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes -> 0 pkts/0 bytes] - 9 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 10 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][3 pkts/250 bytes <-> 3 pkts/349 bytes] - 12 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][15 pkts/1329 bytes <-> 9 pkts/750 bytes] - 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][4 pkts/254 bytes <-> 3 pkts/182 bytes] - 15 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 19 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] - 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][2 pkts/195 bytes <-> 3 pkts/229 bytes] - 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][21 pkts/2257 bytes <-> 13 pkts/1884 bytes] - 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][11 pkts/1043 bytes <-> 4 pkts/441 bytes][client: e.crashlytics.com] - 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][7 pkts/689 bytes <-> 5 pkts/472 bytes] - 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][15 pkts/1318 bytes <-> 6 pkts/573 bytes][client: mail.google.com] - 25 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][12 pkts/1116 bytes <-> 12 pkts/1732 bytes] - 27 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 28 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][2835 pkts/280455 bytes <-> 1308 pkts/110326 bytes] + 1 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][2835 pkts/280455 bytes <-> 1308 pkts/110326 bytes] + 2 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][21 pkts/2257 bytes <-> 13 pkts/1884 bytes] + 3 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][14 pkts/1058 bytes <-> 9 pkts/2287 bytes] + 4 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][12 pkts/1116 bytes <-> 12 pkts/1732 bytes] + 5 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][15 pkts/1329 bytes <-> 9 pkts/750 bytes] + 6 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][15 pkts/1318 bytes <-> 6 pkts/573 bytes][client: mail.google.com] + 7 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][11 pkts/1043 bytes <-> 4 pkts/441 bytes][client: e.crashlytics.com] + 8 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][12 pkts/1116 bytes <-> 4 pkts/303 bytes][client: settings.crashlytics.com] + 9 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][7 pkts/689 bytes <-> 5 pkts/472 bytes] + 10 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/389 bytes <-> 5 pkts/368 bytes] + 11 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/428 bytes <-> 4 pkts/264 bytes] + 12 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][3 pkts/250 bytes <-> 3 pkts/349 bytes] + 13 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][4 pkts/254 bytes <-> 3 pkts/182 bytes] + 14 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][2 pkts/195 bytes <-> 3 pkts/229 bytes] + 15 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] + 16 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 17 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 18 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 19 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 20 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 21 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 23 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 24 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes -> 0 pkts/0 bytes] + 25 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 27 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 28 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] 29 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 30 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes -> 0 pkts/0 bytes] - 31 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][12 pkts/1116 bytes <-> 4 pkts/303 bytes][client: settings.crashlytics.com] + 30 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] + 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] + 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] + 7 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 99ffd9a8b..2fa8b8679 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -1,26 +1,26 @@ BitTorrent 299 305728 24 - 1 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 2 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][3 pkts/409 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 4 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][2 pkts/583 bytes <-> 2 pkts/818 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][4 pkts/583 bytes <-> 4 pkts/975 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][4 pkts/640 bytes <-> 3 pkts/910 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 4 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][2 pkts/583 bytes <-> 2 pkts/818 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 5 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][3 pkts/582 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][3 pkts/510 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 7 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][3 pkts/442 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 8 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][3 pkts/440 bytes <-> 2 pkts/772 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 9 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 10 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 11 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][4 pkts/583 bytes <-> 4 pkts/975 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 12 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][3 pkts/582 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 13 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 14 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][4 pkts/640 bytes <-> 3 pkts/910 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 16 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 18 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][3 pkts/410 bytes <-> 3 pkts/851 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 22 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 23 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/430 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 24 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 7 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][3 pkts/410 bytes <-> 3 pkts/851 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][3 pkts/442 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][3 pkts/440 bytes <-> 2 pkts/772 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 11 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 12 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/430 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][3 pkts/409 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 19 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 21 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 22 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 24 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/bittorrent_ip.pcap.out b/tests/result/bittorrent_ip.pcap.out index ab6280fb7..5a08d2dee 100644 --- a/tests/result/bittorrent_ip.pcap.out +++ b/tests/result/bittorrent_ip.pcap.out @@ -1,4 +1,4 @@ BitTorrent 479 508018 2 - 1 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][25 pkts/36414 bytes <-> 23 pkts/1518 bytes] - 2 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][305 pkts/461770 bytes <-> 126 pkts/8316 bytes] + 1 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][305 pkts/461770 bytes <-> 126 pkts/8316 bytes] + 2 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][25 pkts/36414 bytes <-> 23 pkts/1518 bytes] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index b95d26565..979127b46 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -2,19 +2,19 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 7695 668291 4 - 1 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 2 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] - 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] - 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][918 pkts/76692 bytes <-> 1008 pkts/90434 bytes] - 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/147 bytes <-> 2 pkts/257 bytes] - 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][3 pkts/262 bytes <-> 3 pkts/205 bytes] - 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] - 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] - 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][921 pkts/76872 bytes <-> 1001 pkts/90056 bytes] - 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][924 pkts/77180 bytes <-> 1004 pkts/90329 bytes] - 15 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][1005 pkts/90274 bytes <-> 914 pkts/76454 bytes] - 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/158 bytes <-> 2 pkts/151 bytes] + 1 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][924 pkts/77180 bytes <-> 1004 pkts/90329 bytes] + 2 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][918 pkts/76692 bytes <-> 1008 pkts/90434 bytes] + 3 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][921 pkts/76872 bytes <-> 1001 pkts/90056 bytes] + 4 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][1005 pkts/90274 bytes <-> 914 pkts/76454 bytes] + 5 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 6 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 7 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 8 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 9 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][3 pkts/262 bytes <-> 3 pkts/205 bytes] + 10 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/147 bytes <-> 2 pkts/257 bytes] + 11 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/158 bytes <-> 2 pkts/151 bytes] + 12 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 13 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 14 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 15 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 16 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index 4ff120315..1ea162680 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -1,6 +1,6 @@ DNScrypt 111 44676 4 - 1 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] - 2 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][client: simplednscrypt.org] - 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] - 4 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][client: simplednscrypt.org] + 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][client: simplednscrypt.org] + 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][client: simplednscrypt.org] + 3 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] + 4 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 57b68986f..141e996eb 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -2,42 +2,42 @@ MDNS 16 1648 1 SSDP 140 61108 22 Dropbox 1104 246122 16 - 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com] - 2 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] - 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com] - 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] - 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] - 6 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] - 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] - 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] - 9 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] - 10 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com] - 19 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] - 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] - 23 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes -> 0 pkts/0 bytes] - 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com][server: client-cf.dropbox.com] - 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] - 26 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][28 pkts/12486 bytes <-> 26 pkts/14946 bytes][client: d.dropbox.com] + 1 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com][server: client-cf.dropbox.com] + 2 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][28 pkts/12486 bytes <-> 26 pkts/14946 bytes][client: d.dropbox.com] + 3 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes] + 4 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes] + 5 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes] + 6 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes] + 7 UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com] + 9 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] + 10 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] + 11 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] + 26 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 36 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] + 37 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] + 38 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com] + 39 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index cb7d91585..9cec4a412 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -1,4 +1,4 @@ Facebook 60 30511 2 - 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com][server: *.facebook.com] - 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][client: www.facebook.com] + 1 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][client: www.facebook.com] + 2 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com][server: *.facebook.com] diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out index 66707122e..6e83a3adf 100644 --- a/tests/result/fix.pcap.out +++ b/tests/result/fix.pcap.out @@ -1,14 +1,14 @@ FIX 1261 115514 12 - 1 TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][18 pkts/1938 bytes <-> 18 pkts/1358 bytes] - 2 TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][4 pkts/342 bytes <-> 2 pkts/303 bytes] - 3 TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] - 4 TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][111 pkts/16881 bytes <-> 111 pkts/7680 bytes] - 5 TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][201 pkts/21246 bytes <-> 200 pkts/13460 bytes] - 6 TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][5 pkts/577 bytes <-> 5 pkts/484 bytes] - 7 TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][6 pkts/513 bytes <-> 4 pkts/522 bytes] - 8 TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][9 pkts/961 bytes <-> 9 pkts/700 bytes] - 9 TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][6 pkts/441 bytes <-> 4 pkts/477 bytes] + 1 TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][228 pkts/26333 bytes <-> 228 pkts/13920 bytes] + 2 TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][201 pkts/21246 bytes <-> 200 pkts/13460 bytes] + 3 TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][111 pkts/16881 bytes <-> 111 pkts/7680 bytes] + 4 TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][35 pkts/3022 bytes <-> 35 pkts/2342 bytes] + 5 TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][18 pkts/1938 bytes <-> 18 pkts/1358 bytes] + 6 TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][9 pkts/961 bytes <-> 9 pkts/700 bytes] + 7 TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][5 pkts/577 bytes <-> 5 pkts/484 bytes] + 8 TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][6 pkts/513 bytes <-> 4 pkts/522 bytes] + 9 TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] 10 TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] - 11 TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][228 pkts/26333 bytes <-> 228 pkts/13920 bytes] - 12 TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][35 pkts/3022 bytes <-> 35 pkts/2342 bytes] + 11 TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][6 pkts/441 bytes <-> 4 pkts/477 bytes] + 12 TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][4 pkts/342 bytes <-> 2 pkts/303 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index c57e7b950..04b03c479 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -4,18 +4,18 @@ Google 62 15977 1 QUIC 3 502 1 ntop 80 36401 4 - 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] + 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] + 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][2 pkts/359 bytes <-> 1 pkts/143 bytes] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][2 pkts/359 bytes <-> 1 pkts/143 bytes] + 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] diff --git a/tests/result/msnms.pcap.out b/tests/result/msnms.pcap.out index 6cb0cd5fa..b07716c2a 100644 --- a/tests/result/msnms.pcap.out +++ b/tests/result/msnms.pcap.out @@ -1,8 +1,8 @@ MSN 364 56503 6 - 1 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes -> 0 pkts/0 bytes] - 2 TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][43 pkts/7166 bytes <-> 48 pkts/9557 bytes] - 3 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][2 pkts/163 bytes <-> 14 pkts/2737 bytes] + 1 TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][43 pkts/7166 bytes <-> 48 pkts/9557 bytes] + 2 TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][43 pkts/7062 bytes <-> 40 pkts/7349 bytes] + 3 TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][46 pkts/7655 bytes <-> 19 pkts/3761 bytes] 4 TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][41 pkts/2425 bytes <-> 55 pkts/6426 bytes] - 5 TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][46 pkts/7655 bytes <-> 19 pkts/3761 bytes] - 6 TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][43 pkts/7062 bytes <-> 40 pkts/7349 bytes] + 5 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][2 pkts/163 bytes <-> 14 pkts/2737 bytes] + 6 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index 01e00c815..fdc5184dd 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,14 +1,14 @@ MsSQL-TDS 38 16260 12 - 1 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/98 bytes <-> 1 pkts/71 bytes] - 2 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes -> 0 pkts/0 bytes] - 3 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes -> 0 pkts/0 bytes] - 4 TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes -> 0 pkts/0 bytes] - 5 TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes -> 0 pkts/0 bytes] - 6 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/614 bytes <-> 2 pkts/524 bytes] - 7 TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes -> 0 pkts/0 bytes] - 8 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][10 pkts/1552 bytes <-> 7 pkts/1521 bytes] - 9 TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes -> 0 pkts/0 bytes] - 10 TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes -> 0 pkts/0 bytes] - 11 TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes -> 0 pkts/0 bytes] - 12 TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes -> 0 pkts/0 bytes] + 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes -> 0 pkts/0 bytes] + 2 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][10 pkts/1552 bytes <-> 7 pkts/1521 bytes] + 3 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/614 bytes <-> 2 pkts/524 bytes] + 4 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes -> 0 pkts/0 bytes] + 5 TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes -> 0 pkts/0 bytes] + 6 TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes -> 0 pkts/0 bytes] + 7 TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes -> 0 pkts/0 bytes] + 8 TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes -> 0 pkts/0 bytes] + 9 TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes -> 0 pkts/0 bytes] + 10 TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes -> 0 pkts/0 bytes] + 11 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/98 bytes <-> 1 pkts/71 bytes] + 12 TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index bdc64329b..1e57cf28f 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -4,64 +4,64 @@ IGMP 1 60 1 NetFlix 6976 6151821 56 Amazon 2 126 1 - 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net] - 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com] - 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net] - 4 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] - 5 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] - 6 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] - 7 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com] - 8 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/81 bytes <-> 1 pkts/113 bytes][Host: a1907.dscg.akamai.net] - 9 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/85 bytes <-> 1 pkts/137 bytes][Host: sha2.san.akam.nflximg.net] - 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][21 pkts/1826 bytes <-> 32 pkts/43179 bytes] + 1 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141] + 2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140] + 3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133] + 4 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com] + 5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net][server: secure.cdn.nflximg.net] + 6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141] + 7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net] + 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com][server: api.netflix.com] + 9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][24 pkts/2040 bytes <-> 34 pkts/45136 bytes] 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][21 pkts/1868 bytes <-> 34 pkts/45139 bytes] - 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][24 pkts/2041 bytes <-> 25 pkts/30064 bytes] - 13 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2571 bytes <-> 22 pkts/28042 bytes] - 14 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140] - 15 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][32 pkts/2572 bytes <-> 23 pkts/26661 bytes] + 12 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net] + 13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][21 pkts/1826 bytes <-> 32 pkts/43179 bytes] + 14 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com][server: api.netflix.com] + 15 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net] 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2596 bytes <-> 29 pkts/37544 bytes] - 17 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][34 pkts/2879 bytes <-> 20 pkts/22373 bytes] - 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141] - 19 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com] - 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com][server: api.netflix.com] - 22 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] - 23 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com][server: api.netflix.com] - 24 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com][server: api.netflix.com] - 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] - 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] - 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][client: api-global.netflix.com] - 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] - 29 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] - 30 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] - 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net] - 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net] - 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net] - 34 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] - 35 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/80 bytes <-> 1 pkts/112 bytes][Host: a803.dscg.akamai.net] - 36 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/96 bytes <-> 1 pkts/224 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] - 37 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/79 bytes <-> 1 pkts/192 bytes][Host: appboot.netflix.com] - 38 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/84 bytes <-> 1 pkts/148 bytes][Host: artwork.akam.nflximg.net] - 39 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/83 bytes <-> 1 pkts/248 bytes][Host: ichnaea.geo.netflix.com] - 40 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes -> 0 pkts/0 bytes] - 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][24 pkts/2040 bytes <-> 34 pkts/45136 bytes] - 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][30 pkts/2610 bytes <-> 20 pkts/22422 bytes] - 43 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133] - 44 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][35 pkts/2920 bytes <-> 19 pkts/22428 bytes] - 45 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][36 pkts/3030 bytes <-> 21 pkts/25455 bytes] - 46 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][30 pkts/2553 bytes <-> 22 pkts/25510 bytes] - 47 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][34 pkts/2864 bytes <-> 21 pkts/25456 bytes] - 48 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][33 pkts/2732 bytes <-> 25 pkts/30064 bytes] - 49 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141] - 50 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes -> 0 pkts/0 bytes] - 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com][server: api.netflix.com] - 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com] - 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com][server: api.netflix.com] - 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][client: api-global.netflix.com] - 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com] - 56 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com] - 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] - 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] - 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] - 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] - 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net][server: secure.cdn.nflximg.net] + 17 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net] + 18 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com] + 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][33 pkts/2732 bytes <-> 25 pkts/30064 bytes] + 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][24 pkts/2041 bytes <-> 25 pkts/30064 bytes] + 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][31 pkts/2571 bytes <-> 22 pkts/28042 bytes] + 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com][server: api.netflix.com] + 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][32 pkts/2572 bytes <-> 23 pkts/26661 bytes] + 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][36 pkts/3030 bytes <-> 21 pkts/25455 bytes] + 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][34 pkts/2864 bytes <-> 21 pkts/25456 bytes] + 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][30 pkts/2553 bytes <-> 22 pkts/25510 bytes] + 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][client: api-global.netflix.com] + 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][35 pkts/2920 bytes <-> 19 pkts/22428 bytes] + 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][34 pkts/2879 bytes <-> 20 pkts/22373 bytes] + 31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][30 pkts/2610 bytes <-> 20 pkts/22422 bytes] + 32 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 33 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com] + 34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 35 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com][server: api.netflix.com] + 36 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net] + 37 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 38 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 39 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 40 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 41 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com] + 42 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com] + 43 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][client: api-global.netflix.com] + 44 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com][server: api.netflix.com] + 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com] + 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com] + 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] + 49 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] + 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com] + 51 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/83 bytes <-> 1 pkts/248 bytes][Host: ichnaea.geo.netflix.com] + 52 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] + 53 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] + 54 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/96 bytes <-> 1 pkts/224 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] + 55 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/79 bytes <-> 1 pkts/192 bytes][Host: appboot.netflix.com] + 56 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/84 bytes <-> 1 pkts/148 bytes][Host: artwork.akam.nflximg.net] + 57 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/85 bytes <-> 1 pkts/137 bytes][Host: sha2.san.akam.nflximg.net] + 58 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/81 bytes <-> 1 pkts/113 bytes][Host: a1907.dscg.akamai.net] + 59 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/80 bytes <-> 1 pkts/112 bytes][Host: a803.dscg.akamai.net] + 60 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes -> 0 pkts/0 bytes] + 61 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 149c9bb79..ec8d9b48e 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -2,24 +2,24 @@ ICMP 30 2100 2 Nintendo 890 320242 12 Amazon 76 10811 7 - 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] - 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] - 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] - 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] - 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] - 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] + 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] + 3 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] + 4 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] + 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] + 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 7 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] + 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] + 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] + 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] + 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] - 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] - 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] - 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] - 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] - 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] - 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] - 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] \ No newline at end of file + 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index d16dc31de..628f51607 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -6,25 +6,25 @@ Google 40 5453 5 OCS 863 57552 7 PlayStore 1 72 1 - 1 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] - 2 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] - 3 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] - 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] - 7 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] - 9 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] - 10 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com] - 11 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] - 12 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] - 13 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] - 14 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] - 15 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] - 16 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] - 17 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] - 18 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] + 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] + 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] + 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] + 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] + 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] + 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] + 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com] + 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] + 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] + 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] + 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] + 17 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] + 18 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] + 19 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] Undetected flows: diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 2d7c07ea9..4a3dd3c5a 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -1,4 +1,4 @@ Ookla 5086 4689745 2 - 1 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][12 pkts/2238 bytes <-> 8 pkts/2082 bytes] - 2 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] + 1 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] + 2 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][12 pkts/2238 bytes <-> 8 pkts/2082 bytes] diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 9234d3845..a84b6379a 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -1,5 +1,5 @@ OpenVPN 298 57111 3 - 1 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][49 pkts/7860 bytes <-> 34 pkts/5699 bytes] - 2 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][62 pkts/11508 bytes <-> 58 pkts/16664 bytes] - 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][44 pkts/7514 bytes <-> 51 pkts/7866 bytes] + 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][62 pkts/11508 bytes <-> 58 pkts/16664 bytes] + 2 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][44 pkts/7514 bytes <-> 51 pkts/7866 bytes] + 3 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][49 pkts/7860 bytes <-> 34 pkts/5699 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 9be4adae9..776e2a5c6 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,113 +5,113 @@ Google 2 1093 1 UPnP 1 130 1 iQIYI 1499 1849369 60 - 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7.206/HTTP.iQIYI][1 pkts/347 bytes -> 0 pkts/0 bytes] - 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] - 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] - 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 5 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 7 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 9 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7.206/HTTP.iQIYI][1 pkts/199 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 12 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] - 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 16 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes -> 0 pkts/0 bytes] - 17 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] - 18 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] - 19 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 20 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 21 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] - 22 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] - 23 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] - 24 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes -> 0 pkts/0 bytes] - 26 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] - 27 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 28 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 29 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes -> 0 pkts/0 bytes] - 31 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] - 32 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 33 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] - 34 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] - 35 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 36 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 37 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 38 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] - 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7.206/HTTP.iQIYI][2 pkts/398 bytes -> 0 pkts/0 bytes] - 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] + 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] + 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com] + 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66] + 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] + 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes -> 0 pkts/0 bytes] + 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] + 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] + 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.206/HTTP.iQIYI][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] + 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] + 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] + 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 14 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 15 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes -> 0 pkts/0 bytes] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] + 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] + 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] + 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] + 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] + 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes -> 0 pkts/0 bytes] + 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] + 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 51 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 52 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 53 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 54 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] - 55 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 56 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 58 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66] - 59 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com] - 60 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 61 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] - 63 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][5 pkts/875 bytes -> 0 pkts/0 bytes] - 64 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 65 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes -> 0 pkts/0 bytes] - 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes -> 0 pkts/0 bytes] - 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.206/HTTP.iQIYI][4 pkts/2953 bytes <-> 1 pkts/356 bytes] - 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] - 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] - 72 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] - 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] + 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] + 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] + 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 60 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] + 61 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7.206/HTTP.iQIYI][2 pkts/398 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes -> 0 pkts/0 bytes] + 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7.206/HTTP.iQIYI][1 pkts/347 bytes -> 0 pkts/0 bytes] + 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] + 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7.206/HTTP.iQIYI][1 pkts/199 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes -> 0 pkts/0 bytes] + 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] + 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 3 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] - 4 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] - 5 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] - 9 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 1 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][130 pkts/143912 bytes <-> 270 pkts/21334 bytes] + 2 UDP 192.168.115.8:22793 <-> 114.42.0.158:7716 [proto: 0/Unknown][229 pkts/18091 bytes <-> 109 pkts/120663 bytes] + 3 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] + 4 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] + 5 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] + 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] + 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 13 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] + 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 <-> 114.42.0.158:7716 [proto: 0/Unknown][229 pkts/18091 bytes <-> 109 pkts/120663 bytes] - 18 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] - 20 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 21 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 23 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][130 pkts/143912 bytes <-> 270 pkts/21334 bytes] + 24 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 26 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 27 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 28 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] 29 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] - 31 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 011be0b35..8e1404134 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -4,15 +4,15 @@ YouTube 85 76193 5 Google 11 10063 2 QUIC 3 364 1 - 1 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Host: i.ytimg.com] - 2 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Host: yt3.ggpht.com] - 3 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Host: mail.google.com] - 4 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][2 pkts/241 bytes <-> 1 pkts/123 bytes] - 5 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Host: www.google.com] - 6 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Host: www.youtube.com] - 7 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Host: www.youtube.com] - 8 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Host: fonts.gstatic.com] - 9 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Host: s.ytimg.com] + 1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Host: mail.google.com] + 2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Host: www.youtube.com] + 3 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Host: www.youtube.com] + 4 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Host: fonts.gstatic.com] + 5 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Host: s.ytimg.com] + 6 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Host: www.google.com] + 7 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Host: i.ytimg.com] + 8 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Host: yt3.ggpht.com] + 9 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][2 pkts/241 bytes <-> 1 pkts/123 bytes] Undetected flows: diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 87b488520..287047233 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -4,24 +4,24 @@ Google 2 378 1 Amazon 2 1469 1 QuickPlay 133 96179 11 - 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com] - 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com] - 3 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com] - 4 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com] - 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com] - 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com] - 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] - 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] - 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] - 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com] - 14 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com] - 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com] - 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com] - 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] - 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] - 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] + 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com] + 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com] + 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com] + 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com] + 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com] + 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com] + 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com] + 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com] + 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com] + 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com] + 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com] + 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] + 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] + 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] + 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] + 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] + 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] + 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com] + 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index 78c605549..3c37d1c31 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -1,7 +1,7 @@ RX 132 26475 5 - 1 UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][2 pkts/441 bytes <-> 1 pkts/78 bytes] - 2 UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][2 pkts/441 bytes <-> 1 pkts/78 bytes] - 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][18 pkts/1833 bytes <-> 9 pkts/8086 bytes] - 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][48 pkts/6808 bytes <-> 31 pkts/5568 bytes] - 5 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][10 pkts/2085 bytes <-> 10 pkts/1057 bytes] + 1 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][48 pkts/6808 bytes <-> 31 pkts/5568 bytes] + 2 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][18 pkts/1833 bytes <-> 9 pkts/8086 bytes] + 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][10 pkts/2085 bytes <-> 10 pkts/1057 bytes] + 4 UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][2 pkts/441 bytes <-> 1 pkts/78 bytes] + 5 UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][2 pkts/441 bytes <-> 1 pkts/78 bytes] diff --git a/tests/result/skype-conference-call.pcap.out b/tests/result/skype-conference-call.pcap.out index e69de29bb..4ae33d045 100644 --- a/tests/result/skype-conference-call.pcap.out +++ b/tests/result/skype-conference-call.pcap.out @@ -0,0 +1,3 @@ +Skype 200 39687 1 + + 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 125/Skype][133 pkts/24845 bytes <-> 67 pkts/14842 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index db8d030c0..891715428 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -5,307 +5,307 @@ NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 +SSL 96 8876 7 Dropbox 38 17948 5 -Skype 2147 325017 250 +Skype 2139 324409 249 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 - 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 2 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] - 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 21 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 22 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] - 23 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 25 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] - 26 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] - 27 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] - 28 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 29 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] - 30 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] - 31 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] - 32 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] + 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] + 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] + 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] + 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] + 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] + 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] + 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] + 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 15 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] + 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] + 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] + 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 25 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 26 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 27 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] + 28 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 29 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 30 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] + 31 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 32 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] - 34 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] - 35 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] - 36 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] - 37 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 40 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 41 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 42 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 43 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 44 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 45 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 46 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 47 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 48 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 49 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 50 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 51 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 52 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 53 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 54 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 55 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 56 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 57 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 58 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 59 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 60 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 61 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 63 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 64 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 65 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] - 66 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 67 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 68 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 69 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 70 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 71 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 72 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 73 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 74 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 75 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 76 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 78 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 79 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 80 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 81 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 82 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 83 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] - 84 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 85 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 86 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 87 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 88 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 89 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 90 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] - 91 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] - 92 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] - 93 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 94 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] - 95 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] - 96 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] - 97 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 98 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] - 99 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 101 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] - 102 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] - 103 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] - 104 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] - 105 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] - 106 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] - 107 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] - 108 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] - 109 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] - 110 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] - 111 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 130 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] - 131 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] - 132 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 133 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 134 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] - 153 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] - 154 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 155 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] - 156 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 157 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 161 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 162 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 163 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 164 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] - 165 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 166 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] - 167 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] - 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 169 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] - 170 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 171 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 172 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 199 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] - 200 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 202 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 206 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 207 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 208 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 209 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] - 210 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 211 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 212 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 213 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 214 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 215 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 216 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 217 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 218 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 219 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 34 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 35 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] + 36 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 37 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] + 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] + 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 48 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 49 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 50 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 51 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] + 52 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 53 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 54 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] + 55 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 56 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] + 57 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 58 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 59 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] + 60 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] + 61 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 62 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] + 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] + 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] + 71 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 72 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] + 73 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] + 74 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] + 75 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] + 76 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 77 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 78 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 79 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] + 80 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] + 81 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 82 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] + 83 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 84 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] + 85 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 86 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] + 87 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] + 88 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 89 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] + 90 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] + 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 92 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] + 93 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 94 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 95 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 96 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 97 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 98 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 99 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 100 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 101 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 102 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 103 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 104 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 105 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 106 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 107 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 108 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 109 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 112 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 113 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 114 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 115 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 116 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 117 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 118 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 119 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 120 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 121 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] + 122 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 123 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 124 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 132 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 133 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 134 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 135 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 221 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 226 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 227 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 228 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 230 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 231 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 234 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] - 235 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 236 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 237 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 238 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 239 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 240 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 242 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 243 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 244 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 247 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] - 248 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] - 249 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 251 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 252 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] - 253 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 254 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 255 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 256 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 257 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 274 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] - 275 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 276 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 277 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 278 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 279 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 280 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] - 281 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] - 282 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 275 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 276 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] - 2 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] - 5 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] + 1 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] + 2 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] + 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] + 4 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] + 5 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] 6 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] - 7 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] - 8 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 9 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] - 10 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] + 7 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] + 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index e2991bcd6..654974b9c 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -11,273 +11,273 @@ Skype 1291 190136 223 Apple 84 20699 2 MS_OneDrive 348 181687 1 - 1 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 2 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] - 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 16 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] - 17 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] - 18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] - 19 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] - 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] - 23 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] - 24 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 25 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] - 26 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 40 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 41 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 42 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 43 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 44 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 45 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 46 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 47 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 48 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 49 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 50 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 51 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 52 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 53 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 54 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 55 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 56 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 57 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 58 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] - 59 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] - 60 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] - 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] - 63 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 64 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 65 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 67 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 68 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 69 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 71 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] - 72 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 74 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] - 75 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 76 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] - 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] - 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] - 80 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 81 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 82 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 83 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] - 85 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 86 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 87 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 88 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] - 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] - 90 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] - 91 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] - 92 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] - 93 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] - 94 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] - 95 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] - 96 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] - 97 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] - 98 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 99 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 101 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 102 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 103 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 104 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 105 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 107 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 108 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 114 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes] - 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] - 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] - 119 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] - 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] - 138 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] - 139 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 141 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 142 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 143 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] - 144 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 145 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] - 146 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] - 147 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] - 148 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] + 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] + 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] + 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] + 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] + 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] + 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] + 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes] + 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] + 12 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] + 13 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 14 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] + 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] + 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] + 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] + 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] + 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] + 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] + 24 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] + 25 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] + 26 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] + 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] + 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] + 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] + 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] + 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] + 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] + 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] + 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] + 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] + 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] + 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] + 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] + 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] + 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 59 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 60 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] + 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 66 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 67 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 68 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 69 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 70 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 71 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 72 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 73 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 74 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 75 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 78 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 79 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 80 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 81 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 82 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 85 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 86 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] + 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] + 88 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 89 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] + 90 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] + 91 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 92 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] + 96 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 97 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] + 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 105 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 108 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] 175 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] 176 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 180 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 181 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 185 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 186 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 187 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 188 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] - 189 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 190 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 191 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 192 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 193 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 194 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 202 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 203 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 205 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 207 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 208 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 209 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 210 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 211 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 213 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] - 217 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] - 218 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 219 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] - 220 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] - 222 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 223 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 224 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 227 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 228 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 229 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] - 230 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] - 231 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 232 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 235 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 251 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 252 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 253 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 254 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 255 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 195 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][19 pkts/2794 bytes <-> 14 pkts/2303 bytes] - 2 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 0/Unknown][19 pkts/16968 bytes <-> 7 pkts/531 bytes] - 3 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][12 pkts/5655 bytes <-> 8 pkts/553 bytes] - 4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] - 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] - 6 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] - 7 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] - 9 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 10 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] - 11 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 12 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] + 1 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 0/Unknown][19 pkts/16968 bytes <-> 7 pkts/531 bytes] + 2 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] + 3 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] + 4 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][12 pkts/5655 bytes <-> 8 pkts/553 bytes] + 5 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][19 pkts/2794 bytes <-> 14 pkts/2303 bytes] + 6 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] + 7 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] + 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] + 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 237cdc40c..4892d6fd6 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -10,55 +10,55 @@ QUIC 6 475 1 Github 3 234 1 Starcraft 236 51494 6 - 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net] - 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net] - 3 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net] - 4 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net] - 5 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net] - 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][6 pkts/376 bytes <-> 7 pkts/526 bytes] - 7 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net] - 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa] - 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa] - 11 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 12 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes] - 13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] - 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] - 15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] - 18 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 20 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 21 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 22 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] - 24 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net] - 25 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] - 26 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net] - 27 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net] - 28 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] - 29 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] - 30 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] - 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com] - 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][3 pkts/243 bytes <-> 3 pkts/232 bytes] - 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net] - 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa] - 35 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa] - 36 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com] - 37 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com] - 38 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes] - 39 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes -> 0 pkts/0 bytes] - 40 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][126 pkts/9157 bytes <-> 89 pkts/41021 bytes] - 41 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] - 42 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] - 43 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net] - 44 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 45 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 46 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] - 47 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 48 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 49 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 50 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 51 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com] - 52 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] + 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com] + 2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][126 pkts/9157 bytes <-> 89 pkts/41021 bytes] + 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net] + 4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 5 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 6 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 7 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes -> 0 pkts/0 bytes] + 9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net] + 10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net] + 11 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net] + 12 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net] + 13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com] + 14 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net] + 15 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] + 16 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] + 17 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net] + 18 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net] + 19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net] + 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][6 pkts/376 bytes <-> 7 pkts/526 bytes] + 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com] + 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net] + 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][3 pkts/243 bytes <-> 3 pkts/232 bytes] + 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa] + 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com] + 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa] + 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa] + 28 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 29 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net] + 31 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 32 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 33 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 34 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 36 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 37 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 38 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes] + 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes] + 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa] + 42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 43 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 44 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 45 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] + 47 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] + 48 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 49 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] + 51 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 52 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index 82128ae62..0429c725a 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -1,7 +1,7 @@ Teredo 24 2574 5 - 1 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/206 bytes <-> 2 pkts/302 bytes] - 2 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] - 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][10 pkts/930 bytes <-> 4 pkts/374 bytes] + 1 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][10 pkts/930 bytes <-> 4 pkts/374 bytes] + 2 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/206 bytes <-> 2 pkts/302 bytes] + 3 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out index cd9506709..5f5a6f2e1 100644 --- a/tests/result/tinc.pcap.out +++ b/tests/result/tinc.pcap.out @@ -1,6 +1,6 @@ TINC 317 352291 4 - 1 TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][15 pkts/3169 bytes <-> 11 pkts/2932 bytes] - 2 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][14 pkts/3812 bytes <-> 13 pkts/3098 bytes] - 3 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][101 pkts/136966 bytes <-> 29 pkts/32550 bytes] - 4 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][29 pkts/30038 bytes <-> 105 pkts/139726 bytes] + 1 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][29 pkts/30038 bytes <-> 105 pkts/139726 bytes] + 2 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][101 pkts/136966 bytes <-> 29 pkts/32550 bytes] + 3 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][14 pkts/3812 bytes <-> 13 pkts/3098 bytes] + 4 TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][15 pkts/3169 bytes <-> 11 pkts/2932 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 4dd9a3974..9eb65c600 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -4,14 +4,14 @@ DHCPV6 6 906 1 Dropbox 10 1860 1 Tor 3676 3014362 7 - 1 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes -> 0 pkts/0 bytes] - 2 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][6 pkts/906 bytes -> 0 pkts/0 bytes] - 3 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][16 pkts/3691 bytes <-> 16 pkts/6740 bytes] - 4 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][16 pkts/4858 bytes <-> 18 pkts/6284 bytes] - 5 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][17 pkts/5489 bytes <-> 21 pkts/7031 bytes] - 6 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes] - 9 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes] - 10 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][15 pkts/3634 bytes <-> 14 pkts/6027 bytes] - 11 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][62 pkts/22715 bytes <-> 79 pkts/45823 bytes] + 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes] + 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes] + 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][62 pkts/22715 bytes <-> 79 pkts/45823 bytes] + 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][17 pkts/5489 bytes <-> 21 pkts/7031 bytes] + 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][16 pkts/4858 bytes <-> 18 pkts/6284 bytes] + 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][16 pkts/3691 bytes <-> 16 pkts/6740 bytes] + 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][15 pkts/3634 bytes <-> 14 pkts/6027 bytes] + 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes -> 0 pkts/0 bytes] + 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][6 pkts/906 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out index c4103cdf1..b45250ecf 100644 --- a/tests/result/ubntac2.pcap.out +++ b/tests/result/ubntac2.pcap.out @@ -1,10 +1,10 @@ UBNTAC2 8 1736 8 - 1 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 1 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 2 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 3 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 4 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 5 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 6 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 7 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index c11180994..5c294075d 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -13,85 +13,85 @@ WhatsApp 38 6756 3 Viber 10081 1413446 4 Amazon 8 528 1 - 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] - 2 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] - 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] - 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] - 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][1 pkts/75 bytes <-> 1 pkts/166 bytes][Host: mail.google.com] - 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] - 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/357 bytes] - 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/325 bytes] - 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 14 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 16 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes -> 0 pkts/0 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com][server: *.facebook.com] - 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 20 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes -> 0 pkts/0 bytes] - 22 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] - 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 26 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][4 pkts/328 bytes <-> 7 pkts/745 bytes] - 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes <-> 1 pkts/166 bytes][Host: s.jpush.cn] - 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/272 bytes][Host: e.crashlytics.com] - 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 31 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes -> 0 pkts/0 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][4 pkts/996 bytes <-> 4 pkts/996 bytes] - 33 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/141 bytes][Host: easytomessage.com] - 34 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][17 pkts/2087 bytes <-> 14 pkts/5520 bytes][client: googleads.g.doubleclick.net][server: *.g.doubleclick.net] - 37 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][5 pkts/520 bytes <-> 4 pkts/563 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/84 bytes <-> 1 pkts/282 bytes][Host: settings.crashlytics.com] - 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][2 pkts/498 bytes <-> 2 pkts/498 bytes] - 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/107 bytes <-> 1 pkts/139 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/334 bytes] - 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/120 bytes][Host: sis.jpush.io] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] - 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 50 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/136 bytes][Host: graph.facebook.com] - 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] - 53 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] - 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/87 bytes <-> 1 pkts/176 bytes][Host: googleads.g.doubleclick.net] - 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] - 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][22 pkts/3437 bytes <-> 14 pkts/2437 bytes] - 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][1 pkts/75 bytes <-> 1 pkts/203 bytes][Host: e9.whatsapp.net] - 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][12 pkts/2322 bytes <-> 10 pkts/6919 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][8 pkts/1187 bytes <-> 8 pkts/856 bytes] - 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][17 pkts/3286 bytes <-> 16 pkts/11246 bytes][client: mail.google.com][server: mail.google.com] - 61 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/144 bytes <-> 2 pkts/192 bytes][Host: sis.jpush.io] - 63 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][13 pkts/1401 bytes <-> 16 pkts/4545 bytes] - 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] - 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4192 pkts/515224 bytes <-> 5865 pkts/895629 bytes] - 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 68 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 69 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 71 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes -> 0 pkts/0 bytes] - 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][15 pkts/2237 bytes <-> 11 pkts/7820 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 1 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4192 pkts/515224 bytes <-> 5865 pkts/895629 bytes] + 2 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com][server: *.facebook.com] + 3 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][17 pkts/3286 bytes <-> 16 pkts/11246 bytes][client: mail.google.com][server: mail.google.com] + 4 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][15 pkts/2237 bytes <-> 11 pkts/7820 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 5 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][12 pkts/2322 bytes <-> 10 pkts/6919 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 6 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][17 pkts/2087 bytes <-> 14 pkts/5520 bytes][client: googleads.g.doubleclick.net][server: *.g.doubleclick.net] + 7 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][13 pkts/1401 bytes <-> 16 pkts/4545 bytes] + 8 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][22 pkts/3437 bytes <-> 14 pkts/2437 bytes] + 9 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] + 10 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] + 11 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes -> 0 pkts/0 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 12 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][8 pkts/1187 bytes <-> 8 pkts/856 bytes] + 13 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][4 pkts/996 bytes <-> 4 pkts/996 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][5 pkts/520 bytes <-> 4 pkts/563 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 15 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][4 pkts/328 bytes <-> 7 pkts/745 bytes] + 16 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][2 pkts/498 bytes <-> 2 pkts/498 bytes] + 17 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] + 18 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 20 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 21 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 23 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 24 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 25 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 26 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 27 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 28 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 29 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 30 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 31 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 32 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 33 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/357 bytes] + 34 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] + 35 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] + 36 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/334 bytes] + 37 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] + 38 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/325 bytes] + 39 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 41 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 42 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 43 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/84 bytes <-> 1 pkts/282 bytes][Host: settings.crashlytics.com] + 44 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/272 bytes][Host: e.crashlytics.com] + 45 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/144 bytes <-> 2 pkts/192 bytes][Host: sis.jpush.io] + 46 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 47 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 48 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes -> 0 pkts/0 bytes] + 52 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][1 pkts/75 bytes <-> 1 pkts/203 bytes][Host: e9.whatsapp.net] + 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/87 bytes <-> 1 pkts/176 bytes][Host: googleads.g.doubleclick.net] + 54 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/107 bytes <-> 1 pkts/139 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 55 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][1 pkts/75 bytes <-> 1 pkts/166 bytes][Host: mail.google.com] + 56 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes <-> 1 pkts/166 bytes][Host: s.jpush.cn] + 57 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/141 bytes][Host: easytomessage.com] + 58 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/136 bytes][Host: graph.facebook.com] + 59 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] + 60 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/120 bytes][Host: sis.jpush.io] + 62 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] + 63 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes -> 0 pkts/0 bytes] + 64 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes -> 0 pkts/0 bytes] + 65 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 72 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] Undetected flows: - 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] + 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] + 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] + 7 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index d469a61ac..488a3ed33 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -1,4 +1,4 @@ VNC 4551 329158 2 - 1 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][684 pkts/54893 bytes <-> 324 pkts/17720 bytes] - 2 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes] + 1 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes] + 2 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][684 pkts/54893 bytes <-> 324 pkts/17720 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 76335c434..fa340868a 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -7,38 +7,38 @@ SSL 8 432 2 Waze 484 289335 19 WhatsApp 15 1341 1 - 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][8 pkts/673 bytes <-> 7 pkts/668 bytes] - 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][server: *.world.waze.com] - 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][server: *.world.waze.com] - 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][server: *.world.waze.com] - 5 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 6 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][server: *.waze.com] - 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 9 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 10 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com] - 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][server: *.world.waze.com] - 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][server: *.world.waze.com] - 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][server: *.world.waze.com] - 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] - 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] - 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] + 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com] + 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net] + 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][server: *.world.waze.com] + 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][server: *.world.waze.com] + 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][server: *.world.waze.com] + 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][server: *.world.waze.com] + 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][server: *.world.waze.com] + 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][server: *.waze.com] + 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][server: *.waze.com] + 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][server: *.world.waze.com] + 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][server: *.world.waze.com] + 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][server: *.world.waze.com] + 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][server: *.waze.com] + 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com] + 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][7 pkts/1137 bytes <-> 6 pkts/1005 bytes] + 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 17 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][8 pkts/673 bytes <-> 7 pkts/668 bytes] 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] - 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] - 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] - 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net] - 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][7 pkts/1137 bytes <-> 6 pkts/1005 bytes] - 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][server: *.waze.com] - 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][server: *.waze.com] - 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] + 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] + 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] + 23 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 25 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][server: *.world.waze.com] - 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][server: *.world.waze.com] - 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com] + 30 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] Undetected flows: diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 6b130dd20..296e50889 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -6,60 +6,60 @@ Google 17 6375 1 Webex 1380 818407 43 Amazon 3 174 1 - 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] - 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes] - 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] - 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] - 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] - 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] - 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes] - 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] - 12 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] - 13 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] - 14 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] - 15 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 18 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 19 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] - 20 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 21 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes] - 22 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] - 23 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] - 24 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][7 pkts/1280 bytes <-> 6 pkts/453 bytes] - 25 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] - 26 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] - 28 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 29 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] - 30 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] - 31 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] - 32 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 33 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][4 pkts/299 bytes <-> 4 pkts/216 bytes] - 34 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 35 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 36 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] - 37 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com] - 38 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] - 39 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] - 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] - 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] - 44 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes -> 0 pkts/0 bytes] - 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes] - 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] - 47 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] - 48 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] - 49 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] - 50 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] - 51 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] - 52 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] - 53 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] - 54 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] - 55 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] - 57 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] + 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] + 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] + 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] + 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] + 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] + 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] + 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] + 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes -> 0 pkts/0 bytes] + 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] + 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] + 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] + 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] + 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] + 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] + 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] + 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] + 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] + 21 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 23 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] + 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] + 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] + 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] + 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] + 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] + 33 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] + 34 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] + 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com] + 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][7 pkts/1280 bytes <-> 6 pkts/453 bytes] + 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] + 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] + 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] + 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] + 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] + 42 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 43 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 44 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 45 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 46 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 47 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 48 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes] + 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] + 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] + 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][4 pkts/299 bytes <-> 4 pkts/216 bytes] + 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes] + 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes] + 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes] + 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 401404d8a..8a2781ce3 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -14,108 +14,108 @@ Google 92 20878 15 LLMNR 12 944 6 WeChat 1251 606425 49 - 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] - 3 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] - 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] - 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] - 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] - 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes -> 0 pkts/0 bytes] - 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] - 11 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 4 pkts/319 bytes] - 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] - 13 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][3 pkts/802 bytes <-> 3 pkts/198 bytes] - 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] - 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] + 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] + 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com] + 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com] + 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com] + 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com] + 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com] + 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com] + 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com] + 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com] + 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com] + 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com] + 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com] + 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com] + 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com] + 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] - 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com] - 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com] - 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com] - 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com] - 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 25 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] - 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] - 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] - 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] - 30 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com] - 32 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com] - 33 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com] - 34 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] - 35 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] - 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] - 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] - 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes -> 0 pkts/0 bytes] - 44 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] - 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] - 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] - 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] - 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] - 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] - 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] - 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 53 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] - 54 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan] - 55 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] - 56 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][5 pkts/290 bytes <-> 4 pkts/234 bytes] - 57 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 58 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] - 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] - 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] - 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com] - 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com] - 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com] - 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com] - 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com] - 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] - 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com] - 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] - 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com] - 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com] - 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com] - 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] - 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] - 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] - 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] - 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] - 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] - 84 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] - 85 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes -> 0 pkts/0 bytes] - 86 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes -> 0 pkts/0 bytes] - 87 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] - 88 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] - 89 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes -> 0 pkts/0 bytes] - 90 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] - 91 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes -> 0 pkts/0 bytes] - 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][10 pkts/660 bytes <-> 10 pkts/660 bytes] - 93 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 94 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 95 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 96 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] - 97 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes -> 0 pkts/0 bytes] - 99 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] - 101 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] - 102 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] + 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com] + 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] + 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] + 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] + 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] + 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] + 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] + 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] + 28 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 29 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 30 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com] + 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] + 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] + 36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes -> 0 pkts/0 bytes] + 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][10 pkts/660 bytes <-> 10 pkts/660 bytes] + 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] + 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] + 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][3 pkts/802 bytes <-> 3 pkts/198 bytes] + 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes -> 0 pkts/0 bytes] + 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes -> 0 pkts/0 bytes] + 45 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 46 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] + 48 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 51 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 52 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 53 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] + 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] + 57 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] + 58 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] + 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][5 pkts/290 bytes <-> 4 pkts/234 bytes] + 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 4 pkts/319 bytes] + 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] + 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] + 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] + 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] + 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] + 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] + 68 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] + 69 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] + 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 71 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 72 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] + 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] + 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 75 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] + 76 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] + 77 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] + 78 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 79 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan] + 80 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 81 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 82 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] + 83 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] + 84 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] + 85 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] + 86 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] + 87 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] + 88 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] + 89 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] + 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 91 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] + 92 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 93 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 94 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] + 95 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 96 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 97 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 98 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 99 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 100 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] + 101 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] + 102 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes -> 0 pkts/0 bytes] Undetected flows: diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 85674141e..9952d61a8 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -6,47 +6,47 @@ Amazon 2 132 1 QUIC 23 4118 2 Sina(Weibo) 418 258007 15 - 1 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 2 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 4 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 5 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn] - 6 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] - 7 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn] - 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][5 pkts/963 bytes <-> 4 pkts/981 bytes] - 9 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 10 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com] - 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn] - 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn] - 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn] - 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn] - 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn] - 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com] - 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 18 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com] - 21 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] - 22 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 23 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 24 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/76 bytes <-> 1 pkts/166 bytes][Host: login.taobao.com] - 26 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com] - 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 30 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn] - 31 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com] - 33 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com] - 34 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com] - 35 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com] - 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][8 pkts/1301 bytes <-> 6 pkts/873 bytes] - 37 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn] - 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn] - 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes] - 42 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 43 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/81 bytes <-> 1 pkts/159 bytes][Host: u1.img.mobile.sina.cn] - 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com] + 1 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn] + 2 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn] + 3 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com] + 4 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn] + 5 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn] + 6 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn] + 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn] + 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][8 pkts/1301 bytes <-> 6 pkts/873 bytes] + 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][5 pkts/963 bytes <-> 4 pkts/981 bytes] + 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com] + 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn] + 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn] + 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com] + 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn] + 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn] + 16 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com] + 17 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/76 bytes <-> 1 pkts/166 bytes][Host: login.taobao.com] + 18 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/81 bytes <-> 1 pkts/159 bytes][Host: u1.img.mobile.sina.cn] + 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com] + 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com] + 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes] + 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com] + 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com] + 27 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 28 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 29 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 30 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 31 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 32 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com] + 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 37 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 38 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] + 40 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 42 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 43 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 6105015fc..d5d1e6eb6 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -12,60 +12,60 @@ Spotify 3 258 1 WhatsAppVoice 706 91156 4 AppleStore 85 28087 2 - 1 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes -> 0 pkts/0 bytes] - 3 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] - 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] - 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 8 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes -> 0 pkts/0 bytes] - 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 14 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] - 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] - 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 33 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] - 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] - 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][100 pkts/14711 bytes <-> 80 pkts/10163 bytes] - 36 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net] - 38 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] + 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] + 3 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][100 pkts/14711 bytes <-> 80 pkts/10163 bytes] + 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] + 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] + 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] + 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] + 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] + 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] + 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] + 11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes -> 0 pkts/0 bytes] + 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes] + 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes -> 0 pkts/0 bytes] + 15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 17 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 28 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 29 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] + 31 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] + 32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] + 33 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net] + 34 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] + 35 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 36 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 37 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 42 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] - 43 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 44 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 40 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 41 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 42 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 43 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 45 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 46 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 47 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 50 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] - 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes] - 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] - 54 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] - 55 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] - 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] - 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 51 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 52 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 53 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 54 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 55 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 56 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 57 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 14bacb23f..f94954c5f 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -5,12 +5,12 @@ Apple 50 23466 2 WhatsApp 32 3243 2 Spotify 1 86 1 - 1 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 2 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net] - 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] - 5 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] - 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] - 7 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes -> 0 pkts/0 bytes] - 8 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes -> 0 pkts/0 bytes] + 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] + 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] + 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes -> 0 pkts/0 bytes] + 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] + 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net] + 7 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index d417addc0..e368d33d9 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -1,16 +1,16 @@ Facebook 44 5916 8 WhatsApp 217 22139 5 - 1 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 2 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 3 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 4 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/840 bytes <-> 4 pkts/344 bytes] - 5 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 7 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][30 pkts/2539 bytes <-> 32 pkts/3070 bytes] - 8 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][24 pkts/3029 bytes <-> 22 pkts/1961 bytes] - 9 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] - 10 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] - 11 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] - 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][30 pkts/2539 bytes <-> 32 pkts/3070 bytes] + 2 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][24 pkts/3029 bytes <-> 22 pkts/1961 bytes] + 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] + 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] + 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 7 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 8 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 9 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 10 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 11 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 12 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 13 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] diff --git a/tests/result/youtube_quic.pcap.out b/tests/result/youtube_quic.pcap.out index 7c0bc9e80..e5a53ae38 100644 --- a/tests/result/youtube_quic.pcap.out +++ b/tests/result/youtube_quic.pcap.out @@ -1,6 +1,6 @@ YouTube 258 178495 1 Google 31 13144 2 - 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Host: googleads.g.doubleclick.net] - 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Host: pagead2.googlesyndication.com] - 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Host: yt3.ggpht.com] + 1 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Host: yt3.ggpht.com] + 2 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Host: googleads.g.doubleclick.net] + 3 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Host: pagead2.googlesyndication.com] -- cgit v1.2.3 From d79c5ffc24caa29faf14547b9ce903207af4dfe7 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Tue, 8 Aug 2017 15:48:27 -0300 Subject: Identation and comments only. --- .gitignore | 4 + src/include/ndpi_typedefs.h | 12 +- src/lib/ndpi_content_match.c.inc | 600 +++++++++++++++++++-------------------- 3 files changed, 310 insertions(+), 306 deletions(-) diff --git a/.gitignore b/.gitignore index f0534eae5..21a9463be 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,10 @@ *.la .libs .dirstamp +.autotools +.cproject +.project +.settings stamp-h1 /configure /config.guess diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d3c34452f..acb58fcb4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -730,12 +730,12 @@ typedef struct { } ndpi_port_range; typedef enum { - NDPI_PROTOCOL_SAFE = 0, /* Safe protocol with encryption */ - NDPI_PROTOCOL_ACCEPTABLE, /* Ok but not encrypted */ - NDPI_PROTOCOL_FUN, /* Pure fun protocol */ - NDPI_PROTOCOL_UNSAFE, /* Protocol with a safe version existing what should be used instead */ - NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Be prepared to troubles */ - NDPI_PROTOCOL_UNRATED /* No idea */ + NDPI_PROTOCOL_SAFE = 0, /* Surely doesn’t provide risks for the network. (e.g., a news site) */ + NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn’t provide risks, but could be malicious (e.g., Dropbox) */ + NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ + NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */ + NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Surely is dangerous (ex. Tor). Be prepared to troubles */ + NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */ } ndpi_protocol_breed_t; #define NUM_BREEDS (NDPI_PROTOCOL_UNRATED+1) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ae57ddf4c..f71de966e 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7974,277 +7974,277 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ - { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ - { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - - { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, - - { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - - { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - - { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ + { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ + { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + + { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + + { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net","Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, - { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - - { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoftonline.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office365.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocsp.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocdn.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net","OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".sonyentertainmentnetwork.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net","Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; @@ -8254,55 +8254,55 @@ ndpi_protocol_match host_match[] = { Mime-type content match match */ ndpi_protocol_match content_match[] = { - { "audio/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mpeg3", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mp4a", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/nsv", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "misc/ultravox", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".adobe.", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-fcs", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-shockwave-flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "video/flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "flv-application/octet-stream", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/futuresplash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/quicktime", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mp4", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-m4v", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-pn-realaudio", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.rn-realmedia", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-ms-", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asf", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asx", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-msvideo", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-wav", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.ms.wms-hdr.asfv1", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.apple.mpegurl", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "audio/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mpeg3", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mp4a", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/nsv", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "misc/ultravox", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".adobe.", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-fcs", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-shockwave-flash",NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "video/flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "flv-application/octet-stream", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/futuresplash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/quicktime", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mp4", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-m4v", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-pn-realaudio", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.rn-realmedia", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-ms-", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asf", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asx", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-msvideo", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-wav", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.ms.wms-hdr.asfv1", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; -- cgit v1.2.3 From 7cab6efcd58938833427b4b7005d33e8655f1f6c Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Tue, 8 Aug 2017 18:06:33 -0300 Subject: Issue 118 implementation (risk classification), indentation, and PasteBin&LinkedIn added. --- src/include/ndpi_protocol_ids.h | 473 ++++++++++++++++++++------------------- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 186 +++++++++------ 3 files changed, 355 insertions(+), 306 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 25b1308bd..56dcce032 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -30,249 +30,250 @@ #define __NDPI_PROTOCOLS_DEFAULT_H__ #define NDPI_DETECTION_SUPPORT_IPV6 -#define NDPI_PROTOCOL_SIZE 2 +#define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_UNKNOWN 0 #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_SOCRATES 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FILETOPIA 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_EPP 38 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_MOVE 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_PROTOCOL_SLACK 118 -#define NDPI_PROTOCOL_FACEBOOK 119 -#define NDPI_PROTOCOL_TWITTER 120 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 -#define NDPI_PROTOCOL_YOUTUBE 124 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_GOOGLE 126 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 -#define NDPI_PROTOCOL_CITRIX_ONLINE 139 -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 -#define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_CONTENT_WEBM 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MAIL_POP 2 +#define NDPI_PROTOCOL_MAIL_SMTP 3 +#define NDPI_PROTOCOL_MAIL_IMAP 4 +#define NDPI_PROTOCOL_DNS 5 +#define NDPI_PROTOCOL_IPP 6 +#define NDPI_PROTOCOL_HTTP 7 +#define NDPI_PROTOCOL_MDNS 8 +#define NDPI_PROTOCOL_NTP 9 +#define NDPI_PROTOCOL_NETBIOS 10 +#define NDPI_PROTOCOL_NFS 11 +#define NDPI_PROTOCOL_SSDP 12 +#define NDPI_PROTOCOL_BGP 13 +#define NDPI_PROTOCOL_SNMP 14 +#define NDPI_PROTOCOL_XDMCP 15 +#define NDPI_PROTOCOL_SMB 16 +#define NDPI_PROTOCOL_SYSLOG 17 +#define NDPI_PROTOCOL_DHCP 18 +#define NDPI_PROTOCOL_POSTGRES 19 +#define NDPI_PROTOCOL_MYSQL 20 +#define NDPI_PROTOCOL_HOTMAIL 21 +#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 +#define NDPI_PROTOCOL_MAIL_POPS 23 +#define NDPI_PROTOCOL_APPLEJUICE 24 +#define NDPI_PROTOCOL_DIRECTCONNECT 25 +#define NDPI_PROTOCOL_SOCRATES 26 +#define NDPI_PROTOCOL_COAP 27 +#define NDPI_PROTOCOL_VMWARE 28 +#define NDPI_PROTOCOL_MAIL_SMTPS 29 +#define NDPI_PROTOCOL_FILETOPIA 30 +#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ +#define NDPI_PROTOCOL_KONTIKI 32 +#define NDPI_PROTOCOL_OPENFT 33 +#define NDPI_PROTOCOL_FASTTRACK 34 +#define NDPI_PROTOCOL_GNUTELLA 35 +#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_BITTORRENT 37 +#define NDPI_PROTOCOL_EPP 38 +#define NDPI_CONTENT_AVI 39 +#define NDPI_CONTENT_FLASH 40 +#define NDPI_CONTENT_OGG 41 +#define NDPI_CONTENT_MPEG 42 +#define NDPI_CONTENT_QUICKTIME 43 +#define NDPI_CONTENT_REALMEDIA 44 +#define NDPI_CONTENT_WINDOWSMEDIA 45 +#define NDPI_CONTENT_MMS 46 +#define NDPI_PROTOCOL_XBOX 47 +#define NDPI_PROTOCOL_QQ 48 +#define NDPI_PROTOCOL_MOVE 49 +#define NDPI_PROTOCOL_RTSP 50 +#define NDPI_PROTOCOL_MAIL_IMAPS 51 +#define NDPI_PROTOCOL_ICECAST 52 +#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_PPSTREAM 54 +#define NDPI_PROTOCOL_ZATTOO 55 +#define NDPI_PROTOCOL_SHOUTCAST 56 +#define NDPI_PROTOCOL_SOPCAST 57 +#define NDPI_PROTOCOL_TVANTS 58 +#define NDPI_PROTOCOL_TVUPLAYER 59 +#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 +#define NDPI_PROTOCOL_QQLIVE 61 +#define NDPI_PROTOCOL_THUNDER 62 +#define NDPI_PROTOCOL_SOULSEEK 63 +#define NDPI_PROTOCOL_SSL_NO_CERT 64 +#define NDPI_PROTOCOL_IRC 65 +#define NDPI_PROTOCOL_AYIYA 66 +#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 +#define NDPI_PROTOCOL_MSN 68 +#define NDPI_PROTOCOL_OSCAR 69 +#define NDPI_PROTOCOL_YAHOO 70 +#define NDPI_PROTOCOL_BATTLEFIELD 71 +#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_IP_VRRP 73 +#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_HALFLIFE2 75 +#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 +#define NDPI_PROTOCOL_TELNET 77 +#define NDPI_PROTOCOL_STUN 78 +#define NDPI_PROTOCOL_IP_IPSEC 79 +#define NDPI_PROTOCOL_IP_GRE 80 +#define NDPI_PROTOCOL_IP_ICMP 81 +#define NDPI_PROTOCOL_IP_IGMP 82 +#define NDPI_PROTOCOL_IP_EGP 83 +#define NDPI_PROTOCOL_IP_SCTP 84 +#define NDPI_PROTOCOL_IP_OSPF 85 +#define NDPI_PROTOCOL_IP_IP_IN_IP 86 +#define NDPI_PROTOCOL_RTP 87 +#define NDPI_PROTOCOL_RDP 88 +#define NDPI_PROTOCOL_VNC 89 +#define NDPI_PROTOCOL_PCANYWHERE 90 +#define NDPI_PROTOCOL_SSL 91 +#define NDPI_PROTOCOL_SSH 92 +#define NDPI_PROTOCOL_USENET 93 +#define NDPI_PROTOCOL_MGCP 94 +#define NDPI_PROTOCOL_IAX 95 +#define NDPI_PROTOCOL_TFTP 96 +#define NDPI_PROTOCOL_AFP 97 +#define NDPI_PROTOCOL_STEALTHNET 98 +#define NDPI_PROTOCOL_AIMINI 99 +#define NDPI_PROTOCOL_SIP 100 +#define NDPI_PROTOCOL_TRUPHONE 101 +#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_DHCPV6 103 +#define NDPI_PROTOCOL_ARMAGETRON 104 +#define NDPI_PROTOCOL_CROSSFIRE 105 +#define NDPI_PROTOCOL_DOFUS 106 +#define NDPI_PROTOCOL_FIESTA 107 +#define NDPI_PROTOCOL_FLORENSIA 108 +#define NDPI_PROTOCOL_GUILDWARS 109 +#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 /*avoid large declarations in the future*/ +#define NDPI_PROTOCOL_KERBEROS 111 +#define NDPI_PROTOCOL_LDAP 112 +#define NDPI_PROTOCOL_MAPLESTORY 113 +#define NDPI_PROTOCOL_MSSQL_TDS 114 +#define NDPI_PROTOCOL_PPTP 115 +#define NDPI_PROTOCOL_WARCRAFT3 116 +#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 +#define NDPI_PROTOCOL_SLACK 118 +#define NDPI_PROTOCOL_FACEBOOK 119 +#define NDPI_PROTOCOL_TWITTER 120 +#define NDPI_PROTOCOL_DROPBOX 121 +#define NDPI_PROTOCOL_GMAIL 122 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_YOUTUBE 124 +#define NDPI_PROTOCOL_SKYPE 125 +#define NDPI_PROTOCOL_GOOGLE 126 +#define NDPI_PROTOCOL_DCERPC 127 +#define NDPI_PROTOCOL_NETFLOW 128 +#define NDPI_PROTOCOL_SFLOW 129 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_CITRIX 132 +#define NDPI_PROTOCOL_NETFLIX 133 +#define NDPI_PROTOCOL_LASTFM 134 +#define NDPI_PROTOCOL_WAZE 135 +#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 +#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 +#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 +#define NDPI_PROTOCOL_CITRIX_ONLINE 139 +#define NDPI_PROTOCOL_APPLE 140 +#define NDPI_PROTOCOL_WEBEX 141 +#define NDPI_PROTOCOL_WHATSAPP 142 +#define NDPI_PROTOCOL_APPLE_ICLOUD 143 +#define NDPI_PROTOCOL_VIBER 144 +#define NDPI_PROTOCOL_APPLE_ITUNES 145 +#define NDPI_PROTOCOL_RADIUS 146 +#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 +#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ +#define NDPI_PROTOCOL_TUENTI 149 +#define NDPI_PROTOCOL_LOTUS_NOTES 150 +#define NDPI_PROTOCOL_SAP 151 +#define NDPI_PROTOCOL_GTP 152 +#define NDPI_PROTOCOL_UPNP 153 +#define NDPI_PROTOCOL_LLMNR 154 +#define NDPI_PROTOCOL_REMOTE_SCAN 155 +#define NDPI_PROTOCOL_SPOTIFY 156 +#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ +#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ +#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ +#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ +#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ +#define NDPI_PROTOCOL_WHOIS_DAS 170 +#define NDPI_PROTOCOL_COLLECTD 171 +#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ /* The Lync protocol is now skype for business and this the old id 173 can now be recycled */ -#define NDPI_PROTOCOL_NINTENDO 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 -#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ -#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_WECHAT 197 - -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -#define NDPI_PROTOCOL_DNSCRYPT 208 -#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ -#define NDPI_PROTOCOL_DEEZER 210 -#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ -#define NDPI_PROTOCOL_MICROSOFT 212 -#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 -#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 -#define NDPI_PROTOCOL_OCS 218 -#define NDPI_PROTOCOL_OFFICE_365 219 -#define NDPI_PROTOCOL_CLOUDFLARE 220 -#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 -#define NDPI_PROTOCOL_MQTT 222 -#define NDPI_PROTOCOL_RX 223 -#define NDPI_PROTOCOL_APPLESTORE 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ -#define NDPI_PROTOCOL_SOMEIP 229 -#define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ +#define NDPI_PROTOCOL_NINTENDO 173 +#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_ZMQ 177 +#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ +#define NDPI_PROTOCOL_REDIS 182 +#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_VHUA 184 +#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ +#define NDPI_PROTOCOL_VEVO 186 +#define NDPI_PROTOCOL_PANDORA 187 +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 +#define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 +#define NDPI_PROTOCOL_AMQP 192 +#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ +#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ +#define NDPI_PROTOCOL_WECHAT 197 +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_DNSCRYPT 208 +#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ +#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ +#define NDPI_PROTOCOL_MICROSOFT 212 +#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ +#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ +#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 +#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OFFICE_365 219 +#define NDPI_PROTOCOL_CLOUDFLARE 220 +#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 +#define NDPI_PROTOCOL_MQTT 222 +#define NDPI_PROTOCOL_RX 223 +#define NDPI_PROTOCOL_APPLESTORE 224 +#define NDPI_PROTOCOL_OPENDNS 225 +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ +#define NDPI_PROTOCOL_SOMEIP 229 +#define NDPI_PROTOCOL_FIX 230 +#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ +#define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ +#define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTATION +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LINKEDIN #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index acb58fcb4..9934039d4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -758,7 +758,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, /* Remote access and control */ NDPI_PROTOCOL_CATEGORY_CLOUD, /* Online cloud services */ NDPI_PROTOCOL_CATEGORY_NETWORK, /* Network infrastructure protocols */ - NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development */ + NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM, /* System level applications */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index f71de966e..f3334001f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7971,43 +7971,84 @@ static ndpi_network host_protocol_list[] = { HTTP: Server: field HTTPS: Server certificate name + + Risk classification criteria + ---------------------------- + + NDPI_PROTOCOL_SAFE + - Web sites (and CDNs) which are not commonly used to host malicious activities. + - OS update hosts. + - App stores. + + NDPI_PROTOCOL_ACCEPTABLE + - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), + but it is mostly used for normal purposes. + - Webmail sites, which can be used to phising. + - Encrypted administrative protocols, such as SSH. + - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). + - Ads services are commonly used to spread malware + (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) + + NDPI_PROTOCOL_FUN + - Social media sites and services. + - Communication used for fun purposes, like Snapchat, Tinder, etc. + - Audio and videostreamming services (e.g., Netflix). + - Game services. + + NDPI_PROTOCOL_UNSAFE + - Unencrypted administrative protocols, such as Telnet. + - Cloud hosted servers when accessed by default domains, such as *.amazonaws.com. + - "AWS Supports 41% of Malware Hosting Sites, More than Any Other Web Host or ISP" + http://www.thewhir.com/web-hosting-news/aws-supports-41-malware-hosting-sites-web-host-isp + - https://www.scmagazine.com/600-plus-cloud-repositories-spotted-hosting-malware-and-malicious-files/article/572205/ + - https://howtoremove.guide/remove-s3-amazonaws-virus/ + - Torrents. + + NDPI_PROTOCOL_POTENTIALLY_DANGEROUS + - Tor and other anonymization access. + - Sites commonly used to host malware and not as commonly used by "normal" users. (e.g., pastebin.com) + https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/ + + NDPI_PROTOCOL_UNRATED + - Avoid this class. + */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ - { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ - { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ + { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ + { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ + { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8015,44 +8056,44 @@ ndpi_protocol_match host_match[] = { { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8067,24 +8108,24 @@ ndpi_protocol_match host_match[] = { { "e4593.dspg.akamaiedge.net","Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8106,7 +8147,7 @@ ndpi_protocol_match host_match[] = { { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8140,35 +8181,35 @@ ndpi_protocol_match host_match[] = { { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8238,7 +8279,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8246,6 +8289,11 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; -- cgit v1.2.3 From 89f1e663fa89608641a3b1433d0d9face2c13d50 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 9 Aug 2017 15:57:15 +0200 Subject: update results --- tests/result/1kxun.pcap.out | 64 ++--- tests/result/EAQ.pcap.out | 54 ++-- tests/result/Instagram.pcap.out | 4 +- tests/result/KakaoTalk_chat.pcap.out | 14 +- tests/result/KakaoTalk_talk.pcap.out | 4 +- tests/result/Viber_session.pcap.out | 28 +- tests/result/bittorrent.pcap.out | 12 +- tests/result/coap_mqtt.pcap.out | 8 +- tests/result/dropbox.pcap.out | 40 +-- tests/result/http_ipv6.pcap.out | 20 +- tests/result/mpeg.pcap.out | 2 +- tests/result/netflix.pcap.out | 8 +- tests/result/pps.pcap.out | 56 ++-- tests/result/skype.pcap.out | 322 +++++++++++------------ tests/result/skype_no_unknown.pcap.out | 304 ++++++++++----------- tests/result/starcraft_battle.pcap.out | 32 +-- tests/result/ubntac2.pcap.out | 6 +- tests/result/viber_mobile.pcap.out | 58 ++-- tests/result/waze.pcap.out | 18 +- tests/result/webex.pcap.out | 30 +-- tests/result/wechat.pcap.out | 46 ++-- tests/result/weibo.pcap.out | 32 +-- tests/result/whatsapp_login_call.pcap.out | 70 ++--- tests/result/whatsapp_voice_and_message.pcap.out | 12 +- 24 files changed, 622 insertions(+), 622 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index a716fa8e4..c8cf1bf9b 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -53,8 +53,8 @@ LLMNR 89 6799 47 36 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] 37 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] 38 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] - 39 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] - 40 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] + 39 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] + 40 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] 41 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] 42 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] 43 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] @@ -76,51 +76,51 @@ LLMNR 89 6799 47 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 61 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 62 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] + 62 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] 63 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 64 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 64 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] 65 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] 66 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 67 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 68 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 67 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 68 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] 69 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 70 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] - 71 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 70 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 71 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] 72 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] - 73 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 74 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 75 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 73 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 74 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 75 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] 76 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] 77 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 78 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 79 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 79 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] 80 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 81 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 81 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] 82 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] 83 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] 84 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] 85 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 86 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 87 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 90 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 86 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 87 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 88 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 89 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 90 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] 91 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 92 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 93 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 94 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 95 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 96 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 97 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 98 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] - 99 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 101 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 92 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 93 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 94 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 95 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 96 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 97 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 98 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 99 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 101 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] - 105 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 105 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 106 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] 107 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] 108 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] @@ -142,8 +142,8 @@ Undetected flows: 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] - 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 11 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 187fced58..a760bac96 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -3,32 +3,32 @@ EAQ 174 10092 29 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br] 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com] - 3 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] 4 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 5 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 5 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] 6 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 7 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 8 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 9 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 10 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 11 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 12 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 13 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 14 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 15 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 16 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 17 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 18 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 19 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 20 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 21 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 22 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 23 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 24 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 25 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 26 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 27 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 28 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 29 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 30 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 31 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 7 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 8 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 9 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 10 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 11 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 12 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 13 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 14 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 15 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 16 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 17 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 18 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 19 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 20 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 22 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 23 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 24 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 25 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 26 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 27 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 28 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 29 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 30 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 31 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 9c7cc6395..aa3acf950 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -31,8 +31,8 @@ Instagram 363 255094 16 23 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] 24 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net] 25 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 26 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 27 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 26 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 27 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes] 29 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes -> 0 pkts/0 bytes] 30 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 89a19fea5..f8a2718d6 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -30,13 +30,13 @@ KakaoTalk 55 9990 15 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com] 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com] 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com] - 23 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] - 24 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] - 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com] - 26 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] - 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] - 28 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] - 29 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] + 23 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] + 24 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] + 25 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] + 26 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] + 27 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com] + 28 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] + 29 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com] 31 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] 32 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 8d4ec7074..0c65239f3 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -27,6 +27,6 @@ KakaoTalk_Voice 44 6196 2 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] 16 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes -> 0 pkts/0 bytes] 17 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes] - 18 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] - 19 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] + 18 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] + 19 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 679865a83..86869615f 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -27,28 +27,28 @@ Amazon 1 66 1 14 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][2 pkts/195 bytes <-> 3 pkts/229 bytes] 15 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] 16 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 17 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 18 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 17 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 19 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 20 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 20 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 21 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] 23 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] 24 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes -> 0 pkts/0 bytes] 25 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes -> 0 pkts/0 bytes] - 26 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 27 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 28 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 29 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 30 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 31 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 27 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 28 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 29 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 30 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 6 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] 7 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 2fa8b8679..03ed2de75 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -18,9 +18,9 @@ BitTorrent 299 305728 24 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 19 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 21 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 22 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 24 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 19 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 20 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 21 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 22 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 23 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 24 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 979127b46..25054b996 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -14,7 +14,7 @@ MQTT 7695 668291 4 10 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/147 bytes <-> 2 pkts/257 bytes] 11 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/158 bytes <-> 2 pkts/151 bytes] 12 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 13 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 14 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 15 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 16 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 13 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 14 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 15 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 16 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 141e996eb..502131736 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -12,31 +12,31 @@ Dropbox 1104 246122 16 8 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com] 9 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] 10 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] - 11 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] 16 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] 21 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] 25 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com] - 26 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 29 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 36 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com] 37 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com] 38 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 04b03c479..d257a8224 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,17 +5,17 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][2 pkts/359 bytes <-> 1 pkts/143 bytes] - 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index ea7c9d606..75d4d15f4 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.233/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.235/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 1e57cf28f..dc550277d 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -51,12 +51,12 @@ Amazon 2 126 1 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com] 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com] 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes -> 0 pkts/0 bytes] - 48 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] - 49 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] + 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] + 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com] 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com] 51 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/83 bytes <-> 1 pkts/248 bytes][Host: ichnaea.geo.netflix.com] - 52 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] - 53 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] + 52 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] + 53 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com] 54 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/96 bytes <-> 1 pkts/224 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] 55 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/79 bytes <-> 1 pkts/192 bytes][Host: appboot.netflix.com] 56 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][1 pkts/84 bytes <-> 1 pkts/148 bytes][Host: artwork.akam.nflximg.net] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 776e2a5c6..44b62be8f 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -31,8 +31,8 @@ iQIYI 1499 1849369 60 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 27 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 28 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] @@ -41,8 +41,8 @@ iQIYI 1499 1849369 60 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] @@ -60,12 +60,12 @@ iQIYI 1499 1849369 60 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 60 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] - 61 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 56 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 57 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 58 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 59 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] @@ -97,21 +97,21 @@ Undetected flows: 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 891715428..c85ea03fb 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -5,9 +5,9 @@ NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 2139 324409 249 +Skype 2147 325017 250 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -27,8 +27,8 @@ MS_OneDrive 387 198090 1 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 15 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] 17 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] @@ -53,10 +53,10 @@ MS_OneDrive 387 198090 1 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] - 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 41 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 42 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 43 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 44 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] @@ -78,8 +78,8 @@ MS_OneDrive 387 198090 1 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] - 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 66 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 67 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] @@ -105,31 +105,31 @@ MS_OneDrive 387 198090 1 90 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] 92 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] - 93 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 94 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 95 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 96 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 97 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 98 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 99 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 93 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 94 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 95 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 96 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 97 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 98 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 99 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] 100 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 101 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 101 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] 102 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 103 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 104 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 105 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 106 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 107 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 103 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 104 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 105 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 106 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 107 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] 108 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 109 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 112 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 113 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 112 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 113 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 114 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 115 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 116 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 117 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 116 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 117 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] 118 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] 119 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] 120 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] @@ -137,162 +137,162 @@ MS_OneDrive 387 198090 1 122 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] 123 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] 124 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] 127 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 133 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 134 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 135 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 132 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 133 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 134 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 135 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] 154 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] 155 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 165 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] 178 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] 180 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] 181 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] 184 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] 186 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] 202 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] 208 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 216 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 220 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 221 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] 235 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] 241 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 264 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 265 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 275 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 276 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 275 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 276 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] 281 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 654974b9c..5f33c2214 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -37,8 +37,8 @@ MS_OneDrive 348 181687 1 24 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] 25 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] 26 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] - 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 27 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 28 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] @@ -53,8 +53,8 @@ MS_OneDrive 348 181687 1 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 43 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 44 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] @@ -69,29 +69,29 @@ MS_OneDrive 348 181687 1 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] - 59 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 60 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 60 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] - 66 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 67 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 68 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 69 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 70 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 71 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 72 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 67 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 68 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 69 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 70 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 71 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 72 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] 73 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 74 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 75 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 74 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 75 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] 78 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 79 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 80 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 81 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 79 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 80 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 81 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 82 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] @@ -106,165 +106,165 @@ MS_OneDrive 348 181687 1 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] - 96 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 97 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 102 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 103 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] 105 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 108 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] 119 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] 153 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] 172 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] 186 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] 200 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] 216 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 242 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 243 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 246 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] 253 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 4892d6fd6..0334c7f4b 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -14,9 +14,9 @@ Starcraft 236 51494 6 2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][126 pkts/9157 bytes <-> 89 pkts/41021 bytes] 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net] 4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 5 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 5 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] 6 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 7 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] 8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes -> 0 pkts/0 bytes] 9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net] 10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net] @@ -24,8 +24,8 @@ Starcraft 236 51494 6 12 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net] 13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com] 14 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net] - 15 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] - 16 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] + 15 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] + 16 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net] 17 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net] 18 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net] 19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net] @@ -37,17 +37,17 @@ Starcraft 236 51494 6 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com] 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa] 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa] - 28 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] - 29 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] + 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net] - 31 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 32 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 33 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 34 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 36 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 37 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 38 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 31 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 32 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 34 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 35 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 37 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 38 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes] 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes] 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa] @@ -60,5 +60,5 @@ Starcraft 236 51494 6 48 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] 49 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] 50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] - 51 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] - 52 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] + 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out index b45250ecf..c4103cdf1 100644 --- a/tests/result/ubntac2.pcap.out +++ b/tests/result/ubntac2.pcap.out @@ -1,10 +1,10 @@ UBNTAC2 8 1736 8 - 1 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 1 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 2 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 3 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 4 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 5 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 6 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] 7 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 8 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 5c294075d..310df21a1 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -29,22 +29,22 @@ Amazon 8 528 1 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][5 pkts/520 bytes <-> 4 pkts/563 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] 15 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][4 pkts/328 bytes <-> 7 pkts/745 bytes] 16 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][2 pkts/498 bytes <-> 2 pkts/498 bytes] - 17 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] - 18 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] - 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] - 20 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 17 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 18 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] + 19 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 20 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] 21 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 23 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 23 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 24 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 25 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 25 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 26 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 27 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 28 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 29 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 30 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 31 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 32 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 27 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 28 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 29 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 30 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 31 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 32 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 33 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/357 bytes] 34 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] 35 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] @@ -53,16 +53,16 @@ Amazon 8 528 1 38 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/325 bytes] 39 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes -> 0 pkts/0 bytes] 40 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 41 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 42 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 41 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 42 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 43 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/84 bytes <-> 1 pkts/282 bytes][Host: settings.crashlytics.com] 44 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/272 bytes][Host: e.crashlytics.com] 45 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/144 bytes <-> 2 pkts/192 bytes][Host: sis.jpush.io] - 46 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 46 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] 47 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 48 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 49 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 50 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 48 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] 51 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes -> 0 pkts/0 bytes] 52 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][1 pkts/75 bytes <-> 1 pkts/203 bytes][Host: e9.whatsapp.net] 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/87 bytes <-> 1 pkts/176 bytes][Host: googleads.g.doubleclick.net] @@ -77,21 +77,21 @@ Amazon 8 528 1 62 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] 63 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes -> 0 pkts/0 bytes] 64 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes -> 0 pkts/0 bytes] - 65 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 67 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 68 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 69 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 65 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] 71 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] 72 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] Undetected flows: - 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 6 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] 7 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index fa340868a..d91976abc 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -29,15 +29,15 @@ WhatsApp 15 1341 1 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] - 23 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 24 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 25 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 27 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 31 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 296e50889..271af3669 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -21,25 +21,25 @@ Amazon 3 174 1 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] - 21 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 23 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] - 26 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] - 33 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] - 34 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] + 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] + 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][9 pkts/1357 bytes <-> 9 pkts/615 bytes] 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com] 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][7 pkts/1280 bytes <-> 6 pkts/453 bytes] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] @@ -48,12 +48,12 @@ Amazon 3 174 1 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] 42 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 43 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 44 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 45 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 46 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 43 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 44 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 45 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 47 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 48 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 48 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes] 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] @@ -61,5 +61,5 @@ Amazon 3 174 1 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes] 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes] 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes] - 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] - 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 56 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 57 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 8a2781ce3..c10ff1a0e 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -41,9 +41,9 @@ WeChat 1251 606425 49 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] - 28 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 29 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] - 30 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] + 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com] 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com] 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes -> 0 pkts/0 bytes] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] @@ -58,15 +58,15 @@ WeChat 1251 606425 49 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes -> 0 pkts/0 bytes] 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][15 pkts/810 bytes -> 0 pkts/0 bytes] 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes -> 0 pkts/0 bytes] - 45 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] - 46 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] + 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] 48 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 49 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 50 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 51 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 52 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 53 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] @@ -81,8 +81,8 @@ WeChat 1251 606425 49 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] - 68 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] - 69 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] + 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] + 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 71 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] 72 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] @@ -95,24 +95,24 @@ WeChat 1251 606425 49 79 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan] 80 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 81 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 82 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] - 83 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] + 82 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] + 83 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] 84 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 85 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] - 86 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] - 87 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] - 88 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] - 89 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] - 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 91 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] + 86 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] + 87 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] + 88 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 89 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] + 90 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] + 91 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] 92 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] 93 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 94 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] - 95 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 94 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 95 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] 96 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] 97 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 98 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 99 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 98 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 99 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 100 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 101 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] 102 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/54 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 9952d61a8..60054b31f 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -27,26 +27,26 @@ Sina(Weibo) 418 258007 15 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com] 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com] 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes] - 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 22 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 23 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com] 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com] - 27 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 28 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 27 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 28 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] 29 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 30 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 30 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] 31 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 32 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 32 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com] - 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] - 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 37 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 38 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] - 40 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 42 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 43 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 34 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 36 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] + 37 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 38 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 41 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 42 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] + 43 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index d5d1e6eb6..87f02b3e9 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -27,45 +27,45 @@ AppleStore 85 28087 2 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes -> 0 pkts/0 bytes] 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes -> 0 pkts/0 bytes] 15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 16 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 17 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 18 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 21 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 22 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 23 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 26 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 27 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 28 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 29 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] - 31 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] - 32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] + 31 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] + 32 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] 33 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net] - 34 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] - 35 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 34 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] 36 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] 37 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] 38 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 40 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 41 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 42 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 43 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 45 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 46 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 47 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 50 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 51 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 52 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 53 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 54 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 55 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 56 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 57 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 39 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 40 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 41 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 42 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 43 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 44 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 45 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 46 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 47 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 48 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 49 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 50 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 51 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 52 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 53 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 54 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 55 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 56 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 57 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index e368d33d9..fa0559df7 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -7,10 +7,10 @@ WhatsApp 217 22139 5 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/840 bytes <-> 4 pkts/344 bytes] - 7 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 8 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 7 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 9 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 10 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 11 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 12 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 13 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 10 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] -- cgit v1.2.3 From 0326442faf76f5415196b96a1f470e9343f87578 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 9 Aug 2017 18:14:41 +0200 Subject: add SoundCloud detection for https://github.com/ntop/nDPI/issues/396 --- src/include/ndpi_protocol_ids.h | 15 ++++++++------- src/lib/ndpi_content_match.c.inc | 16 +++++++++++++--- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 56dcce032..045f30a3a 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -30,9 +30,9 @@ #define __NDPI_PROTOCOLS_DEFAULT_H__ #define NDPI_DETECTION_SUPPORT_IPV6 -#define NDPI_PROTOCOL_SIZE 2 +#define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_UNKNOWN 0 #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN @@ -265,16 +265,17 @@ #define NDPI_PROTOCOL_OPENDNS 225 #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ +#define NDPI_PROTOCOL_PLAYSTORE 228 #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ +#define NDPI_PROTOCOL_PLAYSTATION 231 #define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ +#define NDPI_PROTOCOL_SOUNDCLOUD 234 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LINKEDIN +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOUNDCLOUD -#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) -#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) +#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) +#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) #endif diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index f3334001f..17802c2a0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -22,6 +22,13 @@ static ndpi_network host_protocol_list[] = { + /* + SoundCloud + */ + { 0x22FB2FEE /* 34.251.47.238 */, 32, NDPI_PROTOCOL_SOUNDCLOUD }, + { 0x23A06456 /* 35.160.100.86 */, 32, NDPI_PROTOCOL_SOUNDCLOUD }, + { 0x36C0CA58 /* 54.192.202.88 */, 32, NDPI_PROTOCOL_SOUNDCLOUD }, + /* Facebook, Inc. origin AS32934, AS54115 @@ -152,7 +159,6 @@ static ndpi_network host_protocol_list[] = { { 0x1B000000 /* 27.0.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, { 0x22C00000 /* 34.192.0.0/10 */, 10, NDPI_PROTOCOL_AMAZON }, { 0x23980000 /* 35.152.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, - { 0x23A00000 /* 35.160.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, { 0x23B00000 /* 35.176.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x2BFAC000 /* 43.250.192.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, { 0x2BFAC100 /* 43.250.193.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, @@ -845,7 +851,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1000 /* 91.108.16.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, - + /* BitTorrent */ @@ -860,7 +866,6 @@ static ndpi_network host_protocol_list[] = { { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, - /* Tor http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv @@ -8294,6 +8299,11 @@ ndpi_protocol_match host_match[] = { { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { NULL, 0 } }; -- cgit v1.2.3 From 93ceb14302f38c24fc5cfc67e7f6ae3b218e89c9 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Wed, 9 Aug 2017 14:08:28 -0300 Subject: few classification adjusts --- src/lib/ndpi_content_match.c.inc | 2 ++ src/lib/ndpi_main.c | 40 ++++++++++++++++++++-------------------- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 17802c2a0..c357cdbc0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7984,6 +7984,7 @@ static ndpi_network host_protocol_list[] = { - Web sites (and CDNs) which are not commonly used to host malicious activities. - OS update hosts. - App stores. + - Commonly used services in encrypted channels (SMTPS, POPS, etc) NDPI_PROTOCOL_ACCEPTABLE - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), @@ -7993,6 +7994,7 @@ static ndpi_network host_protocol_list[] = { - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). - Ads services are commonly used to spread malware (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) + - Commonly used services in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_FUN - Social media sites and services. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 65c139c08..3eb043db7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -704,17 +704,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_CONTROL, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_DATA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, no_master, no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_POP, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, @@ -724,7 +724,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_SMTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, no_master, no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, @@ -734,7 +734,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_IMAP, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, @@ -884,7 +884,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, @@ -999,7 +999,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1026,7 +1026,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IRC, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC, no_master, no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, @@ -1076,7 +1076,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD, no_master, no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1088,7 +1088,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STUN, no_master, custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1230,12 +1230,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS, no_master, no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA, no_master, no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1275,7 +1275,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_PPTP, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1426,7 +1426,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN, no_master, no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, @@ -1436,7 +1436,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, no_master, no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, @@ -1561,7 +1561,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GIT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT, no_master, no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ @@ -1586,7 +1586,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OOKLA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, no_master, no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ @@ -1596,12 +1596,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DNSCRYPT, no_master, no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TINC, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC, no_master, no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, @@ -1611,7 +1611,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NINTENDO, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO, no_master, no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, -- cgit v1.2.3 From d8ed5b10052f141624f4840fbfdb8f1f5f20f6fc Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Wed, 9 Aug 2017 14:17:07 -0300 Subject: final revision. --- src/lib/ndpi_content_match.c.inc | 4 ++-- src/lib/ndpi_main.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index c357cdbc0..54043d581 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7984,7 +7984,7 @@ static ndpi_network host_protocol_list[] = { - Web sites (and CDNs) which are not commonly used to host malicious activities. - OS update hosts. - App stores. - - Commonly used services in encrypted channels (SMTPS, POPS, etc) + - Commonly used services with passwords in encrypted channels (SMTPS, POPS, etc) NDPI_PROTOCOL_ACCEPTABLE - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), @@ -7994,7 +7994,6 @@ static ndpi_network host_protocol_list[] = { - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). - Ads services are commonly used to spread malware (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) - - Commonly used services in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_FUN - Social media sites and services. @@ -8010,6 +8009,7 @@ static ndpi_network host_protocol_list[] = { - https://www.scmagazine.com/600-plus-cloud-repositories-spotted-hosting-malware-and-malicious-files/article/572205/ - https://howtoremove.guide/remove-s3-amazonaws-virus/ - Torrents. + - Commonly used services with passwords in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_POTENTIALLY_DANGEROUS - Tor and other anonymization access. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3eb043db7..228b4606f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -704,7 +704,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_CONTROL, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, @@ -714,7 +714,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_POP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, @@ -734,7 +734,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_IMAP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, @@ -1275,7 +1275,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_PPTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, -- cgit v1.2.3 From 5a8aa3d72d8de124c10581368087ba45406af033 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Fri, 11 Aug 2017 13:38:46 -0300 Subject: Windows 10 detection from UA and indentation --- src/lib/protocols/http.c | 61 ++++++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 35e67a54d..aeb028798 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -154,15 +154,19 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct #endif static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) { - if(!strcmp(ua, "Windows NT 5.0")) ua = "Windows 2000"; - else if(!strcmp(ua, "Windows NT 5.1")) ua = "Windows XP"; - else if(!strcmp(ua, "Windows NT 5.2")) ua = "Windows Server 2003"; - else if(!strcmp(ua, "Windows NT 6.0")) ua = "Windows Vista"; - else if(!strcmp(ua, "Windows NT 6.1")) ua = "Windows 7"; - else if(!strcmp(ua, "Windows NT 6.2")) ua = "Windows 8"; - else if(!strcmp(ua, "Windows NT 6.3")) ua = "Windows 8.1"; - - // printf("==> %s\n", ua); + if ( !strcmp(ua, "Windows NT 5.0")) ua = "Windows 2000"; + else if(!strcmp(ua, "Windows NT 5.1")) ua = "Windows XP"; + else if(!strcmp(ua, "Windows NT 5.2")) ua = "Windows Server 2003"; + else if(!strcmp(ua, "Windows NT 6.0")) ua = "Windows Vista"; + else if(!strcmp(ua, "Windows NT 6.1")) ua = "Windows 7"; + else if(!strcmp(ua, "Windows NT 6.2")) ua = "Windows 8"; + else if(!strcmp(ua, "Windows NT 6.3")) ua = "Windows 8.1"; + else if(!strcmp(ua, "Windows NT 10.0")) ua = "Windows 10"; + + /* Good reference for future implementations: + * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ + + printf("==> %s\n", ua); snprintf((char*)flow->detected_os, sizeof(flow->detected_os), "%s", ua); } @@ -271,8 +275,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) { /** - Format: - Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) .... + Format examples: + Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) .... + Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 */ if(packet->user_agent_line.len > 7) { char ua[256]; @@ -302,22 +307,22 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(token && (token[0] == ' ')) token++; /* Skip space */ if(token - && ((strcmp(token, "U") == 0) - || (strncmp(token, "MSIE", 4) == 0))) { - token = strsep(&parent, ";"); - if(token && (token[0] == ' ')) token++; /* Skip space */ + && ((strcmp(token, "U") == 0) + || (strncmp(token, "MSIE", 4) == 0))) { + token = strsep(&parent, ";"); + if(token && (token[0] == ' ')) token++; /* Skip space */ - if(token && (strncmp(token, "Update", 6) == 0)) { - token = strsep(&parent, ";"); + if(token && (strncmp(token, "Update", 6) == 0)) { + token = strsep(&parent, ";"); - if(token && (token[0] == ' ')) token++; /* Skip space */ + if(token && (token[0] == ' ')) token++; /* Skip space */ - if(token && (strncmp(token, "AOL", 3) == 0)) { - token = strsep(&parent, ";"); + if(token && (strncmp(token, "AOL", 3) == 0)) { - if(token && (token[0] == ' ')) token++; /* Skip space */ - } - } + token = strsep(&parent, ";"); + if(token && (token[0] == ' ')) token++; /* Skip space */ + } + } } } @@ -566,9 +571,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { - /* This looks like Ookla: we don't give up with HTTP yet */ - flow->l4.tcp.http_stage = 1; - return; + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; } if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { @@ -787,14 +792,14 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct */ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { - /* In apache if you do "GET /\n\n" the response comes without any header */ + /* In Apache if you do "GET /\n\n" the response comes without any header */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP. (apache)\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); return; } - /* If we already detected the http request, we can add the connection and then check for the sub-protocol */ + /* If we already detected the HTTP request, we can add the connection and then check for the sub-protocol */ if(flow->http_detected) ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); -- cgit v1.2.3 From 449e06df77cd2dec2b942ce81c326733458419f7 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Fri, 11 Aug 2017 17:52:32 -0300 Subject: Code formating and some improvements on HTTP (issue 434) --- src/include/ndpi_typedefs.h | 7 +- src/lib/ndpi_main.c | 249 ++++++++++++++++++++++++++------------------ src/lib/protocols/http.c | 191 +++++++++++++++++++-------------- 3 files changed, 262 insertions(+), 185 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9934039d4..ccb031326 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -675,6 +675,7 @@ struct ndpi_packet_struct { u_int16_t protocol_stack_info; struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET]; + /* HTTP headers */ struct ndpi_int_one_line_struct host_line; struct ndpi_int_one_line_struct forwarded_line; struct ndpi_int_one_line_struct referer_line; @@ -690,7 +691,8 @@ struct ndpi_packet_struct { struct ndpi_int_one_line_struct http_x_session_type; struct ndpi_int_one_line_struct server_line; struct ndpi_int_one_line_struct http_method; - struct ndpi_int_one_line_struct http_response; + struct ndpi_int_one_line_struct http_response; /* the first "word" in this pointer is the response code in the packet (200, etc) */ + u_int8_t http_num_headers; /* number of found (valid) header lines in HTTP request or response */ u_int16_t l3_packet_len; u_int16_t l4_packet_len; @@ -958,6 +960,9 @@ struct ndpi_flow_struct { struct { ndpi_http_method method; char *url, *content_type; + u_int8_t num_request_headers, num_response_headers; + u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ + u_char response_status_code[4]; /* 200, 404, etc. */ } http; union { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 228b4606f..7d1e62df4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3793,151 +3793,195 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->http_method.len = 0; packet->http_response.ptr = NULL; packet->http_response.len = 0; + packet->http_num_headers=0; if((packet->payload_packet_len == 0) || (packet->payload == NULL) - || (end == 0) - ) + || (end == 0)) return; packet->line[packet->parsed_lines].ptr = packet->payload; packet->line[packet->parsed_lines].len = 0; for(a = 0; a < end-1 /* This because get_u_int16_t(packet->payload, a) reads 2 bytes */; a++) { - if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { + if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */ packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); - if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.1 200 ") && - memcmp(packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && - packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] > '0' && - packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] < '6') { - packet->http_response.ptr = &packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")]; - packet->http_response.len = packet->line[0].len - NDPI_STATICSTRING_LEN("HTTP/1.1 "); - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, - "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", - packet->http_response.len, packet->http_response.ptr); + /* First line of a HTTP response parsing. Expected a "HTTP/1.? ???" */ + if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.X 200 ") && + memcmp(packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && + packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] > '0' && /* response code between 000 and 699 */ + packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] < '6') { + + packet->http_response.ptr = &packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")]; + packet->http_response.len = packet->line[0].len - NDPI_STATICSTRING_LEN("HTTP/1.1 "); + packet->http_num_headers++; + + NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", + packet->http_response.len, packet->http_response.ptr); } + /* "Server:" header line in HTTP response */ if(packet->line[packet->parsed_lines].len > NDPI_STATICSTRING_LEN("Server:") + 1 - && memcmp(packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { - // some stupid clients omit a space and place the servername directly after the colon - if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') { - packet->server_line.ptr = - &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:") + 1]; - packet->server_line.len = - packet->line[packet->parsed_lines].len - (NDPI_STATICSTRING_LEN("Server:") + 1); - } else { - packet->server_line.ptr = &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")]; - packet->server_line.len = packet->line[packet->parsed_lines].len - NDPI_STATICSTRING_LEN("Server:"); - } + && memcmp(packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { + // some stupid clients omit a space and place the servername directly after the colon + if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') { + packet->server_line.ptr = + &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:") + 1]; + packet->server_line.len = + packet->line[packet->parsed_lines].len - (NDPI_STATICSTRING_LEN("Server:") + 1); + } else { + packet->server_line.ptr = &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")]; + packet->server_line.len = packet->line[packet->parsed_lines].len - NDPI_STATICSTRING_LEN("Server:"); + } + packet->http_num_headers++; } - + /* "Host:" header line in HTTP request */ if(packet->line[packet->parsed_lines].len > 6 - && memcmp(packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) { - // some stupid clients omit a space and place the hostname directly after the colon - if(packet->line[packet->parsed_lines].ptr[5] == ' ') { - packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6]; - packet->host_line.len = packet->line[packet->parsed_lines].len - 6; - } else { - packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[5]; - packet->host_line.len = packet->line[packet->parsed_lines].len - 5; - } + && memcmp(packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) { + // some stupid clients omit a space and place the hostname directly after the colon + if(packet->line[packet->parsed_lines].ptr[5] == ' ') { + packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6]; + packet->host_line.len = packet->line[packet->parsed_lines].len - 6; + } else { + packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[5]; + packet->host_line.len = packet->line[packet->parsed_lines].len - 5; + } + packet->http_num_headers++; } - + /* "X-Forwarded-For:" header line in HTTP request. Commonly used for HTTP proxies. */ if(packet->line[packet->parsed_lines].len > 17 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { - // some stupid clients omit a space and place the hostname directly after the colon - if(packet->line[packet->parsed_lines].ptr[16] == ' ') { - packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17]; - packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 17; - } else { - packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[16]; - packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 16; - } + && memcmp(packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { + // some stupid clients omit a space and place the hostname directly after the colon + if(packet->line[packet->parsed_lines].ptr[16] == ' ') { + packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17]; + packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 17; + } else { + packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[16]; + packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 16; + } + packet->http_num_headers++; } - + /* "Content-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 14 - && (memcmp(packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 - || memcmp(packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { - packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14]; - packet->content_line.len = packet->line[packet->parsed_lines].len - 14; + && (memcmp(packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 + || memcmp(packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { + packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14]; + packet->content_line.len = packet->line[packet->parsed_lines].len - 14; + packet->http_num_headers++; } - + /* "Content-Type:" header line in HTTP AGAIN. Probably a bogus response without space after ":" */ if(packet->line[packet->parsed_lines].len > 13 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { - packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13]; - packet->content_line.len = packet->line[packet->parsed_lines].len - 13; + && memcmp(packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { + packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13]; + packet->content_line.len = packet->line[packet->parsed_lines].len - 13; + packet->http_num_headers++; } - + /* "Accept:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { - packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8]; - packet->accept_line.len = packet->line[packet->parsed_lines].len - 8; + && memcmp(packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { + packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8]; + packet->accept_line.len = packet->line[packet->parsed_lines].len - 8; + packet->http_num_headers++; } - + /* "Referer:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 9 - && memcmp(packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { - packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9]; - packet->referer_line.len = packet->line[packet->parsed_lines].len - 9; + && memcmp(packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { + packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9]; + packet->referer_line.len = packet->line[packet->parsed_lines].len - 9; + packet->http_num_headers++; } - + /* "User-Agent:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 12 - && (memcmp(packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { - packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12]; - packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12; + && (memcmp(packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 + || memcmp(packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { + packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12]; + packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12; + packet->http_num_headers++; } - + /* "Content-Encoding:" header line in HTTP response (and request?). */ if(packet->line[packet->parsed_lines].len > 18 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { - packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18]; - packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18; + && memcmp(packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { + packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18]; + packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18; + packet->http_num_headers++; } - + /* "Transfer-Encoding:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 19 - && memcmp(packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { - packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19]; - packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19; + && memcmp(packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { + packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19]; + packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19; + packet->http_num_headers++; } + /* "Content-Length:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && ((memcmp(packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) + && ((memcmp(packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) || (memcmp(packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0))) { - packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16]; - packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16; + packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16]; + packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16; + packet->http_num_headers++; } + /* "Cookie:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { - packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8]; - packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8; + && memcmp(packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { + packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8]; + packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8; + packet->http_num_headers++; } + /* "Origin:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { - packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8]; - packet->http_origin.len = packet->line[packet->parsed_lines].len - 8; + && memcmp(packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { + packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8]; + packet->http_origin.len = packet->line[packet->parsed_lines].len - 8; + packet->http_num_headers++; } + /* "X-Session-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { - packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16]; - packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16; + && memcmp(packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { + packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16]; + packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16; + packet->http_num_headers++; + } + /* Identification and counting of other HTTP headers. + * We consider the most common headers, but there are many others, + * which can be seen at references below: + * - https://tools.ietf.org/html/rfc7230 + * - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields + */ + if((packet->line[packet->parsed_lines].len > 6 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0 )) || + (packet->line[packet->parsed_lines].len > 8 && memcmp(packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) || + (packet->line[packet->parsed_lines].len > 9 && memcmp(packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) || + (packet->line[packet->parsed_lines].len > 12 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) || + (packet->line[packet->parsed_lines].len > 15 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) || + (packet->line[packet->parsed_lines].len > 17 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) || + (packet->line[packet->parsed_lines].len > 27 && memcmp(packet->line[packet->parsed_lines].ptr, "Upgrade-Insecure-Requests: ", 27) == 0)) { + /* Just count. In the future, if needed, this if can be splited to parse these headers */ + packet->http_num_headers++; } if(packet->line[packet->parsed_lines].len == 0) { - packet->empty_line_position = a; - packet->empty_line_position_set = 1; + packet->empty_line_position = a; + packet->empty_line_position_set = 1; } - if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) { - return; - } + if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) + return; packet->parsed_lines++; packet->line[packet->parsed_lines].ptr = &packet->payload[a + 2]; packet->line[packet->parsed_lines].len = 0; - if((a + 2) >= packet->payload_packet_len) { - return; - } - a++; + if((a + 2) >= packet->payload_packet_len) + return; + + a++; /* next char in the payload */ } } @@ -3955,11 +3999,10 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s struct ndpi_packet_struct *packet = &flow->packet; u_int32_t a; u_int16_t end = packet->payload_packet_len; + if(packet->packet_lines_parsed_complete != 0) return; - - packet->packet_lines_parsed_complete = 1; packet->parsed_lines = 0; @@ -3974,20 +4017,20 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s packet->line[packet->parsed_lines].len = (u_int16_t)( ((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); + if(a > 0 && packet->payload[a-1] == 0x0d) - packet->line[packet->parsed_lines].len--; + packet->line[packet->parsed_lines].len--; - if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) { - break; - } + if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) + break; packet->parsed_lines++; packet->line[packet->parsed_lines].ptr = &packet->payload[a + 1]; packet->line[packet->parsed_lines].len = 0; - if((a + 1) >= packet->payload_packet_len) { - break; - } + if((a + 1) >= packet->payload_packet_len) + break; + //a++; } } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index aeb028798..e9b011c51 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -65,7 +65,7 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { - NDPI_LOG(NDPI_CONTENT_FLASH, ndpi_struct, NDPI_LOG_DEBUG, "Flash content in http detected\n"); + NDPI_LOG(NDPI_CONTENT_FLASH, ndpi_struct, NDPI_LOG_DEBUG, "Flash content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_FLASH); } } @@ -92,7 +92,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if(flow->l4.tcp.http_empty_line_seen == 1) { if(packet->payload_packet_len > 20 && memcmp(packet->payload, "RIFF", 4) == 0 && memcmp(packet->payload + 8, "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in http detected\n"); + NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } flow->l4.tcp.http_empty_line_seen = 0; @@ -111,7 +111,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if((p + 16) <= packet->payload_packet_len && memcmp(&packet->payload[p], "RIFF", 4) == 0 && memcmp(&packet->payload[p + 8], "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in http detected\n"); + NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } } @@ -133,7 +133,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n pos = &packet->payload[packet->empty_line_position] + 2; if(pos[0] == 0x17 && pos[1] == 0x24) { - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "TeamViewer content in http detected\n"); + NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "TeamViewer content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER); } } @@ -166,7 +166,7 @@ static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) { /* Good reference for future implementations: * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ - printf("==> %s\n", ua); + //printf("==> %s\n", ua); snprintf((char*)flow->detected_os, sizeof(flow->detected_os), "%s", ua); } @@ -237,27 +237,27 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } if(flow->packet.http_method.len < 3) - flow->http.method = HTTP_METHOD_UNKNOWN; + flow->http.method = HTTP_METHOD_UNKNOWN; else { - switch(flow->packet.http_method.ptr[0]) { - case 'O': flow->http.method = HTTP_METHOD_OPTIONS; break; - case 'G': flow->http.method = HTTP_METHOD_GET; break; - case 'H': flow->http.method = HTTP_METHOD_HEAD; break; - - case 'P': - switch(flow->packet.http_method.ptr[1]) { - case 'O': flow->http.method = HTTP_METHOD_POST; break; - case 'U': flow->http.method = HTTP_METHOD_PUT; break; - } - break; - - case 'D': flow->http.method = HTTP_METHOD_DELETE; break; - case 'T': flow->http.method = HTTP_METHOD_TRACE; break; - case 'C': flow->http.method = HTTP_METHOD_CONNECT; break; - default: - flow->http.method = HTTP_METHOD_UNKNOWN; - break; - } + switch(flow->packet.http_method.ptr[0]) { + case 'O': flow->http.method = HTTP_METHOD_OPTIONS; break; + case 'G': flow->http.method = HTTP_METHOD_GET; break; + case 'H': flow->http.method = HTTP_METHOD_HEAD; break; + + case 'P': + switch(flow->packet.http_method.ptr[1]) { + case 'O': flow->http.method = HTTP_METHOD_POST; break; + case 'U': flow->http.method = HTTP_METHOD_PUT; break; + } + break; + + case 'D': flow->http.method = HTTP_METHOD_DELETE; break; + case 'T': flow->http.method = HTTP_METHOD_TRACE; break; + case 'C': flow->http.method = HTTP_METHOD_CONNECT; break; + default: + flow->http.method = HTTP_METHOD_UNKNOWN; + break; + } } } @@ -337,7 +337,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -345,10 +345,10 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->host_line.ptr != NULL) { u_int len; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ + /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, @@ -409,7 +409,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* check for accept line */ if(packet->accept_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept line found %.*s\n", packet->accept_line.len, packet->accept_line.ptr); #ifdef NDPI_PROTOCOL_RTSP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) { @@ -432,7 +432,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #endif if(packet->content_line.ptr != NULL && packet->content_line.len != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Content Type Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) @@ -544,13 +544,14 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; - u_int16_t filename_start; + u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/ packet->packet_lines_parsed_complete = 0; /* Check if we so far detected the protocol in the request or not. */ - if(flow->l4.tcp.http_stage == 0) { + if(flow->l4.tcp.http_stage == 0) { /* Expected a request */ flow->http_detected = 0; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", @@ -558,7 +559,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { + if(filename_start == 0) { /* not a regular request. In the HTTP first stage, may be a truncated flow or other protocols */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Filename HTTP not found, we look for possible truncate flow...\n"); @@ -577,15 +578,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { - /* - - - - - - */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; + /* + + + + + + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; } NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); @@ -614,7 +615,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "Found more than one line, we look further for the next packet...\n"); if(packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { + && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { /* Request line complete. Ex. "GET / HTTP/1.1" */ packet->http_url_name.ptr = &packet->payload[filename_start]; packet->http_url_name.len = packet->line[0].len - (filename_start + 9); @@ -622,30 +623,40 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->http_method.ptr = packet->line[0].ptr; packet->http_method.len = filename_start - 1; + // Set the HTTP requested version: 0=HTTP/1.0 and 1=HTTP/1.1 + if(memcmp(&packet->line[0].ptr[packet->line[0].len - 1], "1", 1) == 0) + flow->http.request_version = 1; + else + flow->http.request_version = 0; + + /* Set the first found headers in request */ + flow->http.num_request_headers = packet->http_num_headers; + + /* Check for Ookla */ if((packet->referer_line.len > 0) - && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); - return; + && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); + return; } /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); - check_content_type_and_change_protocol(ndpi_struct, flow); - return; + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); + check_content_type_and_change_protocol(ndpi_struct, flow); + return; } /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { - if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); - check_content_type_and_change_protocol(ndpi_struct, flow); - return; - } - x++; + if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); + check_content_type_and_change_protocol(ndpi_struct, flow); + return; + } + x++; } /* check PPStream protocol or iQiyi service @@ -694,7 +705,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { - /* nathan@getoffmalawn.com */ + /* nathan@getoffmalawn.com */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); @@ -704,49 +715,51 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { - /** - nDPI is pretty scrupulous about HTTP so it waits until the - HTTP response is received just to check that it conforms - with the HTTP specs. However this might be a waste of time as - in 99.99% of the cases is like that. - */ - - if(ndpi_struct->http_dont_dissect_response) { - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - } else { - flow->http_detected = 1; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP START Found, we will look further for the response...\n"); - flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 - } + /** + nDPI is pretty scrupulous about HTTP so it waits until the + HTTP response is received just to check that it conforms + with the HTTP specs. However this might be a waste of time as + in 99.99% of the cases is like that. + */ + + if(ndpi_struct->http_dont_dissect_response) { + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); + } else { + flow->http_detected = 1; + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + "HTTP START Found, we will look further for the response...\n"); + flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 + } - check_content_type_and_change_protocol(ndpi_struct, flow); - return; + check_content_type_and_change_protocol(ndpi_struct, flow); + return; } } NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); http_bitmask_exclude(flow); + } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); if(flow->l4.tcp.http_stage == 1) { if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { - /* This looks like Ookla */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); } /** - At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, - otherwise check the second packet for the http request + At first check, if this is for sure a response packet (in another direction. If not, if HTTP is detected do nothing now and return, + otherwise check the second packet for the HTTP request */ - if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { + if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { /* Expected a response package */ if(flow->http_detected) return; @@ -756,6 +769,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); + // Add more found HTTP request headers. + flow->http.num_request_headers+=packet->http_num_headers; + if(packet->parsed_lines <= 1) { /* wait some packets in case request is split over more than 2 packets */ if(flow->packet_counter < 5) { @@ -791,6 +807,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct We have received a response for a previously identified partial HTTP request */ + /* response without headers + * TODO: Shouldn't it be below ndpi_parse_packet_line_info, line ~825 ? + */ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { /* In Apache if you do "GET /\n\n" the response comes without any header */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP. (apache)\n"); @@ -807,6 +826,16 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); check_content_type_and_change_protocol(ndpi_struct, flow); + /* Set server HTTP response code, if available */ + if(packet->http_response.len>=3){ + strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); + flow->http.response_status_code[4]='\0'; + } + + if(packet->packet_direction == 1 /* server -> client */){ + flow->http.num_response_headers += packet->http_num_headers; /* flow structs are initialized with zeros */ + } + if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); check_http_payload(ndpi_struct, flow); -- cgit v1.2.3 From 5547ef06b34ef70a5b1a1ac46c197871dda964ab Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 17 Aug 2017 17:55:52 +0200 Subject: Collapsed email send and receive categories in a new email category --- src/include/ndpi_protocol_ids.h | 6 +++--- src/include/ndpi_typedefs.h | 3 +-- src/lib/ndpi_main.c | 25 +++++++++++-------------- 3 files changed, 15 insertions(+), 19 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 045f30a3a..ed39d7184 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -172,9 +172,9 @@ #define NDPI_PROTOCOL_NETFLIX 133 #define NDPI_PROTOCOL_LASTFM 134 #define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 +#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 /* free for future use */ +#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 /* free for future use */ +#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ #define NDPI_PROTOCOL_CITRIX_ONLINE 139 #define NDPI_PROTOCOL_APPLE 140 #define NDPI_PROTOCOL_WEBEX 141 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index ccb031326..124504b79 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -747,8 +747,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_UNSPECIFIED = 0, /* For general services and unknown protocols */ NDPI_PROTOCOL_CATEGORY_MEDIA, /* Multimedia and streaming */ NDPI_PROTOCOL_CATEGORY_VPN, /* Virtual Private Networks */ - NDPI_PROTOCOL_CATEGORY_MAIL_SEND, /* Protocols to send emails */ - NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, /* Protocols to receive or sync emails */ + NDPI_PROTOCOL_CATEGORY_MAIL, /* Protocols to send/receive/sync emails */ NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, /* FTP and similar protocols */ NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7d1e62df4..0cc02ac29 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -716,32 +716,32 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, no_master, - no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, no_master, - no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, no_master, - no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, no_master, - no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, no_master, - no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, no_master, - no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, @@ -1322,17 +1322,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, no_master, - no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, no_master, - no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, no_master, - no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, @@ -4529,11 +4529,8 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_VPN: return("VPN"); break; - case NDPI_PROTOCOL_CATEGORY_MAIL_SEND: - return("EmailSend"); - break; - case NDPI_PROTOCOL_CATEGORY_MAIL_SYNC: - return("EmailSync"); + case NDPI_PROTOCOL_CATEGORY_MAIL: + return("Email"); break; case NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER: return("FileTransfer"); -- cgit v1.2.3 From 5515c3a1091e4308467066c3cd58be59ff3d95d2 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 18 Aug 2017 10:11:41 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/437 --- src/lib/protocols/socks45.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 7ad0868d2..67cfab8b4 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -48,18 +48,15 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, /* Check if we so far detected the protocol in the request or not. */ if(flow->socks4_stage == 0) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n"); - - /*Octets 3 and 4 contain the port number, port 80 and 25 for now. */ - if((payload_len == 9) && - (((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x50)) - || - ((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x19)))) { + + if(payload_len >= 9 && packet->payload[0] == 0x04 && + (packet->payload[1] == 0x01 || packet->payload[1] == 0x02) && + packet->payload[payload_len - 1] == 0x00) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n"); - + /* TODO: check port and ip address is valid */ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks4_stage = packet->packet_direction + 1; } - } else { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage); @@ -67,16 +64,14 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, if((flow->socks4_stage - packet->packet_direction) == 1) { return; } - /* This is a packet in another direction. Check if we find the proper response. */ - if(payload_len == 0) { + if(payload_len == 8 && packet->payload[0] == 0x00 && packet->payload[1] >= 0x5a && packet->payload[1] <= 0x5d) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n"); flow->socks4_stage = 0; } - } } -- cgit v1.2.3 From 63c97753a102e58e60ecdf09088525ea8b35ceaa Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Sat, 19 Aug 2017 14:19:30 -0300 Subject: Respose status code after validation check. --- src/lib/ndpi_main.c | 5 +++++ src/lib/protocols/http.c | 6 ------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7d1e62df4..69313a88e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3817,6 +3817,11 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->http_response.len = packet->line[0].len - NDPI_STATICSTRING_LEN("HTTP/1.1 "); packet->http_num_headers++; + /* Set server HTTP response code */ + strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); + flow->http.response_status_code[4]='\0'; + + NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", packet->http_response.len, packet->http_response.ptr); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e9b011c51..3fd304867 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -826,12 +826,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); check_content_type_and_change_protocol(ndpi_struct, flow); - /* Set server HTTP response code, if available */ - if(packet->http_response.len>=3){ - strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); - flow->http.response_status_code[4]='\0'; - } - if(packet->packet_direction == 1 /* server -> client */){ flow->http.num_response_headers += packet->http_num_headers; /* flow structs are initialized with zeros */ } -- cgit v1.2.3 From 31478703c21f0a65f42335e5157c6601bf7c7c44 Mon Sep 17 00:00:00 2001 From: Konstantin Shalygin Date: Sat, 26 Aug 2017 14:07:57 +0700 Subject: Backported CSGO/DOTA2 protocol. --- src/include/ndpi_protocol_ids.h | 3 +- src/include/ndpi_protocols.h | 2 + src/include/ndpi_typedefs.h | 4 ++ src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 12 +++- src/lib/protocols/bittorrent.c | 21 +++---- src/lib/protocols/csgo.c | 124 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 src/lib/protocols/csgo.c diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index ed39d7184..1ba8d3b89 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -272,9 +272,10 @@ #define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ #define NDPI_PROTOCOL_SOUNDCLOUD 234 +#define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOUNDCLOUD +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_CSGO #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index c585a6551..adfd19b17 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -198,6 +198,7 @@ void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -344,5 +345,6 @@ void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 124504b79..b0efab6af 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1081,6 +1081,10 @@ struct ndpi_flow_struct { u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; #endif +#ifdef NDPI_PROTOCOL_CSGO + u_int8_t csgo_strid[18],csgo_state,csgo_s2; + u_int32_t csgo_id2; +#endif /* internal structures to save functions calls */ struct ndpi_packet_struct packet; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 90eb38ecd..740e3ee48 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -32,6 +32,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/collectd.c \ protocols/corba.c \ protocols/crossfire.c \ + protocols/csgo.c \ protocols/dcerpc.c \ protocols/dhcp.c \ protocols/dhcpv6.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6ff836402..71c1d4c23 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1616,7 +1616,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CSGO, + no_master, + no_master, "CSGO", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -2712,7 +2717,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* FIX */ init_fix_dissector(ndpi_struct, &a, detection_bitmask); - + /* NINTENDO */ init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); @@ -2727,6 +2732,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); + /* CSGO */ + init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index a88b1cce5..e7a5e890a 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -59,14 +59,14 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc const char *bt_hash = NULL; /* 20 bytes long */ if(bt_offset == -1) { - const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload, + const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload, "BitTorrent protocol", flow->packet.payload_packet_len); if(bt_magic) bt_hash = &bt_magic[19]; } else bt_hash = (const char*)&flow->packet.payload[28]; - + if(bt_hash) memcpy(flow->bittorent_hash, bt_hash, 20); } @@ -387,15 +387,15 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st char *bt_proto = NULL; /* This is broadcast */ - if(packet->iph + if(packet->iph && (((packet->iph->saddr == 0xFFFFFFFF) || (packet->iph->daddr == 0xFFFFFFFF)) - || (packet->udp + || (packet->udp && ((ntohs(packet->udp->source) == 3544) /* teredo.c */ || (ntohs(packet->udp->dest) == 3544))))) { NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BITTORRENT); return; } - + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) { /* check for tcp retransmission here */ @@ -441,7 +441,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st /* Heuristic */ bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20); goto bittorrent_found; - } else if(((v1_version & 0x0f) == 1) + /* CSGO/DOTA conflict */ + } else if(flow->packet_counter > 8 && ((v1_version & 0x0f) == 1) && ((v1_version >> 4) < 5 /* ST_NUM_STATES */) && (v1_extension < 3 /* EXT_NUM_EXT */) && (v1_window_size < 32768 /* 32k */) @@ -466,8 +467,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st if(flow->bittorrent_stage < 10) { /* We have detected bittorrent but we need to wait until we get a hash */ - - if(packet->payload_packet_len > 19 /* min size */) { + + if(packet->payload_packet_len > 19 /* min size */) { if(ndpi_strnstr((const char *)packet->payload, ":target20:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, ":find_node1:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "d1:ad2:id20:", packet->payload_packet_len) @@ -475,7 +476,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st || ndpi_strnstr((const char *)packet->payload, ":filter64", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "d1:rd2:id20:", packet->payload_packet_len) || (bt_proto = ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len)) - ) { + ) { bittorrent_found: if(bt_proto && (packet->payload_packet_len > 47)) memcpy(flow->bittorent_hash, &bt_proto[27], 20); @@ -486,7 +487,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return; } - } + } return; } diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c new file mode 100644 index 000000000..14073aef7 --- /dev/null +++ b/src/lib/protocols/csgo.c @@ -0,0 +1,124 @@ +/* + * csgo.c + * + * Copyright (C) 2016-2017 Vitaly Lavrov + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_CSGO + +void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &flow->packet; + + if (packet->udp != NULL) { + uint32_t w = htonl(get_u_int32_t(packet->payload, 0)); + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "CSGO: word %08x\n", w); + + if (!flow->csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) { + if (!memcmp(packet->payload + 5, "connect0x", 9)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x.\n"); + flow->csgo_state++; + memcpy(flow->csgo_strid, packet->payload + 5, 18); + return; + } + } + if (flow->csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { + if (!memcmp(packet->payload + 24, flow->csgo_strid, 18)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x reply.\n"); + flow->csgo_state++; + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + if (packet->payload_packet_len == 8 && ( w == 0x3a180000 || w == 0x39180000) ) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 8b.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + if (packet->payload_packet_len >= 36 && w == 0x56533031ul) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + if (packet->payload_packet_len >= 36 && w == 0x01007364) { + uint32_t w2 = htonl(get_u_int32_t(packet->payload, 4)); + if (w2 == 0x70696e67) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp ping.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + if (flow->csgo_s2 < 3 && (w & 0xffff0000ul) == 0x0d1d0000) { + uint32_t w2 = get_u_int32_t(packet->payload, 2); + if (packet->payload_packet_len == 13) { + if (!flow->csgo_s2) { + flow->csgo_id2 = w2; + flow->csgo_s2 = 1; + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1.\n"); + return; + } + if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1 DUP.\n"); + return; + } + flow->csgo_s2 = 3; + return; + } + if (packet->payload_packet_len == 15) { + if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + flow->csgo_s2 = 3; + } + if (packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) && + !memcmp(&packet->payload[3], "lta\000mob\000tpc\000bhj\000bxd\000tae\000urg\000gkh\000", 32)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo dictionary udp.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + if (packet->payload_packet_len >= 33 && packet->iph && packet->iph->daddr == 0xffffffff && + !memcmp(&packet->payload[17], "LanSearch", 9)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo LanSearch udp.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + if (flow->packet_counter > 20) + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CSGO); +} + +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("CSGO", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_CSGO, + ndpi_search_csgo, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif -- cgit v1.2.3 From 299b9435d0948c822d8aa7b129619c91a2b58138 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 19:56:32 +0200 Subject: Fixed memory out-of-bound issue Added extra check for fixing #366 --- src/include/ndpi_typedefs.h | 2 +- src/lib/protocols/fasttrack.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 124504b79..5624e030f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -961,7 +961,7 @@ struct ndpi_flow_struct { char *url, *content_type; u_int8_t num_request_headers, num_response_headers; u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ - u_char response_status_code[4]; /* 200, 404, etc. */ + u_char response_status_code[5]; /* 200, 404, etc. */ } http; union { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index cb2f20343..c432f6754 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -42,7 +42,9 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, // struct ndpi_id_struct *src=ndpi_struct->src; // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 6 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { + if ( (packet->payload != NULL) + && (packet->payload_packet_len > 6) + && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected 0d0a at the end of the packet.\n"); if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { -- cgit v1.2.3 From 22beb7714d2a78d4a57a4cf78cf8da7102e549e3 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 20:56:08 +0200 Subject: Implements #376 --- autogen.sh | 5 + configure.ac | 105 --------------- configure.seed | 116 +++++++++++++++++ src/include/ndpi_define.h | 293 ------------------------------------------ src/include/ndpi_define.h.in | 297 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 418 insertions(+), 398 deletions(-) delete mode 100644 configure.ac create mode 100644 configure.seed delete mode 100644 src/include/ndpi_define.h create mode 100644 src/include/ndpi_define.h.in diff --git a/autogen.sh b/autogen.sh index 492ef3bf6..0f366966a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,5 +1,9 @@ #!/bin/sh +NDPI_MAJOR="2" +NDPI_MINOR="1" +NDPI_PATCH="0" +NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" /bin/rm -f configure config.h config.h.in src/lib/Makefile.in @@ -29,5 +33,6 @@ if test -z $AUTORECONF; then exit fi +cat configure.seed | sed "s/@NDPI_MAJOR@/$NDPI_MAJOR/g" | sed "s/@NDPI_MINOR@/$NDPI_MINOR/g" | sed "s/@NDPI_PATCH@/$NDPI_PATCH/g" | sed "s/@NDPI_VERSION_SHORT@/$NDPI_VERSION_SHORT/g" > configure.ac autoreconf -ivf ./configure $* diff --git a/configure.ac b/configure.ac deleted file mode 100644 index eec6878f5..000000000 --- a/configure.ac +++ /dev/null @@ -1,105 +0,0 @@ -AC_INIT([libndpi], [2.1.0]) - -AC_CONFIG_MACRO_DIR([m4]) - -AM_INIT_AUTOMAKE([foreign subdir-objects]) - -LT_INIT - -AC_PROG_CC -AM_PROG_CC_C_O -AX_PTHREAD - -if test -d ".git"; then : - GIT_TAG=`git log -1 --format=%h` - GIT_DATE=`git log -1 --format=%cd` - # - # On CentOS 6 `git rev-list HEAD --count` does not work - # - # - GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" -else - GIT_RELEASE="${PACKAGE_VERSION}" - GIT_DATE=`date` -fi - -AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) -AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) - -AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) - -PCAP_HOME=$HOME/PF_RING/userland - -if test -d $PCAP_HOME; then : - echo -n "" -else - PCAP_HOME=`pwd`/../../PF_RING/userland -fi -SHORT_MACHINE=`uname -m | cut -b1-3` -if test $SHORT_MACHINE = "arm"; then - LIBNUMA="" -else - AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) -fi - -if test -f $PCAP_HOME/libpcap/libpcap.a; then : - echo "Using libpcap from $PCAP_HOME" - PCAP_INC="-I $PCAP_HOME/libpcap" - PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" - - AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) - AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) - # The dlopen() function is in libdl on GLIBC-based systems - # and in the C library for *BSD systems - AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], - [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], - [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) -else - AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) - - if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : - echo "" - echo "ERROR: Missing libpcap(-dev) library required to compile the example application" - echo "ERROR: Please install it and try again" - exit - fi -fi - -dnl> https://github.com/json-c/json-c -AC_ARG_ENABLE([json-c], - AS_HELP_STRING([--disable-json-c], [Disable json-c support])) - -AS_IF([test "x$enable_json_c" != "xno"], [ - PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH - pkg-config --exists json-c - AS_IF([test "$?" == "0"], - [ - CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" - LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" - AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) - ], - [ - JSONC_HOME="$HOME/json-c" - if test -d "$JSONC_HOME"; then : - CFLAGS="$CFLAGS -I $JSONC_HOME" - LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" - AC_MSG_RESULT([Found json-c in $JSONC_HOME]) - AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) - fi - ]) - ]) - -AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) - -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc]) -AC_CONFIG_HEADERS(config.h) -AC_SUBST(GIT_RELEASE) -AC_SUBST(SVN_DATE) -AC_SUBST(JSON_C_LIB) -AC_SUBST(PCAP_INC) -AC_SUBST(PCAP_LIB) -AC_SUBST(DL_LIB) -AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) - -AC_OUTPUT diff --git a/configure.seed b/configure.seed new file mode 100644 index 000000000..2b2392a16 --- /dev/null +++ b/configure.seed @@ -0,0 +1,116 @@ +AC_INIT([libndpi], [@NDPI_VERSION_SHORT@]) + +AC_CONFIG_MACRO_DIR([m4]) + +AM_INIT_AUTOMAKE([foreign subdir-objects]) + +LT_INIT + +AC_PROG_CC +AM_PROG_CC_C_O +AX_PTHREAD + +NDPI_MAJOR="@NDPI_MAJOR@" +NDPI_MINOR="@NDPI_MINOR@" +NDPI_PATCH="@NDPI_PATCH@" + +AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) +AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) +AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) + +if test -d ".git"; then : + GIT_TAG=`git log -1 --format=%h` + GIT_DATE=`git log -1 --format=%cd` + # + # On CentOS 6 `git rev-list HEAD --count` does not work + # + # + GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` + GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" +else + GIT_RELEASE="${PACKAGE_VERSION}" + GIT_DATE=`date` +fi + +AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) +AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) + +AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) + +PCAP_HOME=$HOME/PF_RING/userland + +if test -d $PCAP_HOME; then : + echo -n "" +else + PCAP_HOME=`pwd`/../../PF_RING/userland +fi +SHORT_MACHINE=`uname -m | cut -b1-3` +if test $SHORT_MACHINE = "arm"; then + LIBNUMA="" +else + AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) +fi + +if test -f $PCAP_HOME/libpcap/libpcap.a; then : + echo "Using libpcap from $PCAP_HOME" + PCAP_INC="-I $PCAP_HOME/libpcap" + PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" + + AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) + AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) + # The dlopen() function is in libdl on GLIBC-based systems + # and in the C library for *BSD systems + AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], + [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], + [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) +else + AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) + + if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : + echo "" + echo "ERROR: Missing libpcap(-dev) library required to compile the example application" + echo "ERROR: Please install it and try again" + exit + fi +fi + +dnl> https://github.com/json-c/json-c +AC_ARG_ENABLE([json-c], + AS_HELP_STRING([--disable-json-c], [Disable json-c support])) + +AS_IF([test "x$enable_json_c" != "xno"], [ + PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH + pkg-config --exists json-c + AS_IF([test "$?" == "0"], + [ + CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" + LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" + AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) + ], + [ + JSONC_HOME="$HOME/json-c" + if test -d "$JSONC_HOME"; then : + CFLAGS="$CFLAGS -I $JSONC_HOME" + LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" + AC_MSG_RESULT([Found json-c in $JSONC_HOME]) + AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) + fi + ]) + ]) + +AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) + +AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_HEADERS(config.h) +AC_SUBST(GIT_RELEASE) +AC_SUBST(NDPI_MAJOR) +AC_SUBST(NDPI_MINOR) +AC_SUBST(NDPI_PATCH) +AC_SUBST(SVN_DATE) +AC_SUBST(JSON_C_LIB) +AC_SUBST(PCAP_INC) +AC_SUBST(PCAP_LIB) +AC_SUBST(DL_LIB) +AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) + +AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h deleted file mode 100644 index 4878ff748..000000000 --- a/src/include/ndpi_define.h +++ /dev/null @@ -1,293 +0,0 @@ -/* - * - * Copyright (C) 2011-17 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#ifndef __NDPI_DEFINE_INCLUDE_FILE__ -#define __NDPI_DEFINE_INCLUDE_FILE__ - -/* - gcc -E -dM - < /dev/null |grep ENDIAN -*/ - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include -#endif - -#ifdef __OpenBSD__ -#include -#define __BYTE_ORDER BYTE_ORDER -#if BYTE_ORDER == LITTLE_ENDIAN -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif/* BYTE_ORDER */ -#endif/* __OPENBSD__ */ - - -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif -#else -#ifndef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ -#endif -#endif - -#ifdef WIN32 -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ 1 -#endif -#endif - -#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) -#if defined(__mips__) -#undef __LITTLE_ENDIAN__ -#undef __LITTLE_ENDIAN -#define __BIG_ENDIAN__ -#endif - -/* Everything else */ -#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif -#endif - -#endif - -#define NDPI_USE_ASYMMETRIC_DETECTION 0 -#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t - -#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) -#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) -#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) -#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) -/* now combined detections */ - -/* v4 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v4 or v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* safe src/dst protocol check macros... */ - -#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) - -/** - * convenience macro to check for excluded protocol - * a protocol is excluded if the flow is known and either the protocol is not detected at all - * or the excluded bitmask contains the protocol - */ -#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ - ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ - NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) - -/* misc definitions */ -#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 - - -/* TODO: rebuild all memory areas to have a more aligned memory block here */ - -/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ -#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 - -#define MAX_PACKET_COUNTER 65000 -#define MAX_DEFAULT_PORTS 5 - -#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 -#define NDPI_IRC_CONNECTION_TIMEOUT 120 -#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 -#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 -#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 -#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 -#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 -#define NDPI_ZATTOO_FLASH_TIMEOUT 5 -#define NDPI_JABBER_STUN_TIMEOUT 30 -#define NDPI_JABBER_FT_TIMEOUT 5 -#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 - -#ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ - struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ - } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif -#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - -/** - * macro for getting the string len of a static string - * - * use it instead of strlen to avoid runtime calculations - */ -#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) - -/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ -#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ - ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) - -#define NDPI_NUM_BITS 256 - -#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ -#define howmanybits(x, y) (((x)+((y)-1))/(y)) - - -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) -#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) - -#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) - -#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t - -#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) -#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) -#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) -#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) -#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } - -/* this is a very very tricky macro *g*, - * the compiler will remove all shifts here if the protocol is static... - */ -#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) -#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) -#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) - -#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } - - -#define ndpi_min(a,b) ((a < b) ? a : b) -#define ndpi_max(a,b) ((a > b) ? a : b) - -#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ - if (packet->packet_lines_parsed_complete != 1) { \ - ndpi_parse_packet_line_info(ndpi_struct,flow); \ - } \ - -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 -#define NDPI_IPIP_PROTOCOL_TYPE 0x04 -#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a - -/* the get_uXX will return raw network packet bytes !! */ -#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) -#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) -#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) -#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) - -/* new definitions to get little endian from network bytes */ -#define get_ul8(X,O) get_u_int8_t(X,O) - - -#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) -#define get_l16(X,O) get_u_int16_t(X,O) -#define get_l32(X,O) get_u_int32_t(X,O) -#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) -/* convert the bytes from big to little endian */ -# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) -# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) -#else -#error "__BYTE_ORDER MUST BE DEFINED !" -#endif /* __BYTE_ORDER */ - -/* define memory callback function */ -#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) - -#if defined(WIN32) && !defined(snprintf) -#define snprintf _snprintf -#endif - -#define NDPI_MAX_DNS_REQUESTS 16 - -#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in new file mode 100644 index 000000000..5a8a1527b --- /dev/null +++ b/src/include/ndpi_define.h.in @@ -0,0 +1,297 @@ +/* + * + * Copyright (C) 2011-17 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#ifndef __NDPI_DEFINE_INCLUDE_FILE__ +#define __NDPI_DEFINE_INCLUDE_FILE__ + +/* + gcc -E -dM - < /dev/null |grep ENDIAN +*/ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include +#endif + +#ifdef __OpenBSD__ +#include +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +#define NDPI_USE_ASYMMETRIC_DETECTION 0 +#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t + +#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) +#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) +#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) +#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) +/* now combined detections */ + +/* v4 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v4 or v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* safe src/dst protocol check macros... */ + +#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) + +/** + * convenience macro to check for excluded protocol + * a protocol is excluded if the flow is known and either the protocol is not detected at all + * or the excluded bitmask contains the protocol + */ +#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ + ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ + NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) + +/* misc definitions */ +#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 + + +/* TODO: rebuild all memory areas to have a more aligned memory block here */ + +/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ +#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 + +#define MAX_PACKET_COUNTER 65000 +#define MAX_DEFAULT_PORTS 5 + +#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 +#define NDPI_IRC_CONNECTION_TIMEOUT 120 +#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 +#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 +#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 +#define NDPI_RTSP_CONNECTION_TIMEOUT 5 +#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 +#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 +#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 +#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 +#define NDPI_ZATTOO_FLASH_TIMEOUT 5 +#define NDPI_JABBER_STUN_TIMEOUT 30 +#define NDPI_JABBER_FT_TIMEOUT 5 +#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ + struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ + if(mod != NULL) { \ + mod->ndpi_debug_print_file=__FILE__; \ + mod->ndpi_debug_print_function=__FUNCTION__; \ + mod->ndpi_debug_print_line=__LINE__; \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ + } \ + } +#else /* NDPI_ENABLE_DEBUG_MESSAGES */ +#ifdef WIN32 +#define NDPI_LOG(...) {} +#else +#define NDPI_LOG(proto, mod, log_level, args...) {} +#endif +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ + +/** + * macro for getting the string len of a static string + * + * use it instead of strlen to avoid runtime calculations + */ +#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) + +/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ +#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ + ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) + +#define NDPI_NUM_BITS 256 + +#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ +#define howmanybits(x, y) (((x)+((y)-1))/(y)) + + +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) + +#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) + +#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t + +#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) +#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) +#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) +#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) +#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } + +/* this is a very very tricky macro *g*, + * the compiler will remove all shifts here if the protocol is static... + */ +#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) +#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) +#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) + +#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } + + +#define ndpi_min(a,b) ((a < b) ? a : b) +#define ndpi_max(a,b) ((a > b) ? a : b) + +#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ + if (packet->packet_lines_parsed_complete != 1) { \ + ndpi_parse_packet_line_info(ndpi_struct,flow); \ + } \ + +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPIP_PROTOCOL_TYPE 0x04 +#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a + +/* the get_uXX will return raw network packet bytes !! */ +#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) +#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) +#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) +#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) + +/* new definitions to get little endian from network bytes */ +#define get_ul8(X,O) get_u_int8_t(X,O) + + +#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) +#define get_l16(X,O) get_u_int16_t(X,O) +#define get_l32(X,O) get_u_int32_t(X,O) +#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) +/* convert the bytes from big to little endian */ +# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) +# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) +#else +#error "__BYTE_ORDER MUST BE DEFINED !" +#endif /* __BYTE_ORDER */ + +/* define memory callback function */ +#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) + +#if defined(WIN32) && !defined(snprintf) +#define snprintf _snprintf +#endif + +#define NDPI_MAX_DNS_REQUESTS 16 + +#define NDPI_MAJOR @NDPI_MAJOR@ +#define NDPI_MINOR @NDPI_MINOR@ +#define NDPI_PATCH @NDPI_PATCH@ + +#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ -- cgit v1.2.3 From b2bc6039da3b75a1537013c978d5779fd9109a5e Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 21:32:52 +0200 Subject: Partial fix for #410: added case insensitive HTTP header checks. If the user will provide a pcap for reproducing further potential issues reported we will consider them --- src/include/ndpi_api.h | 12 +++++++ src/lib/ndpi_main.c | 87 ++++++++++++++++++++++++++++++++------------------ 2 files changed, 68 insertions(+), 31 deletions(-) diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 03a73d66b..76285cb70 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -98,6 +98,18 @@ extern "C" { */ char* ndpi_strnstr(const char *s, const char *find, size_t slen); + /** + * Same as ndpi_strnstr but case insensitive + * + * @par s = string to parse + * @par find = string to match with -s- + * @par slen = max length to match between -s- and -find- + * @return a pointer to the beginning of the located substring; + * NULL if the substring is not found + * + */ + char* ndpi_strncasestr(const char *s, const char *find, size_t slen); + /** * Returns the nDPI protocol id for IP-based protocol detection diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6ff836402..19d77f62e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3809,7 +3809,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc /* First line of a HTTP response parsing. Expected a "HTTP/1.? ???" */ if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.X 200 ") && - memcmp(packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && + strncasecmp((const char *)packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] > '0' && /* response code between 000 and 699 */ packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] < '6') { @@ -3828,7 +3828,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "Server:" header line in HTTP response */ if(packet->line[packet->parsed_lines].len > NDPI_STATICSTRING_LEN("Server:") + 1 - && memcmp(packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { // some stupid clients omit a space and place the servername directly after the colon if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') { packet->server_line.ptr = @@ -3843,7 +3843,8 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "Host:" header line in HTTP request */ if(packet->line[packet->parsed_lines].len > 6 - && memcmp(packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, + "Host:", 5) == 0) { // some stupid clients omit a space and place the hostname directly after the colon if(packet->line[packet->parsed_lines].ptr[5] == ' ') { packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6]; @@ -3856,7 +3857,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "X-Forwarded-For:" header line in HTTP request. Commonly used for HTTP proxies. */ if(packet->line[packet->parsed_lines].len > 17 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { // some stupid clients omit a space and place the hostname directly after the colon if(packet->line[packet->parsed_lines].ptr[16] == ' ') { packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17]; @@ -3869,80 +3870,80 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "Content-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 14 - && (memcmp(packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 - || memcmp(packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { + && (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 + || strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14]; packet->content_line.len = packet->line[packet->parsed_lines].len - 14; packet->http_num_headers++; } /* "Content-Type:" header line in HTTP AGAIN. Probably a bogus response without space after ":" */ if(packet->line[packet->parsed_lines].len > 13 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13]; packet->content_line.len = packet->line[packet->parsed_lines].len - 13; packet->http_num_headers++; } /* "Accept:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8]; packet->accept_line.len = packet->line[packet->parsed_lines].len - 8; packet->http_num_headers++; } /* "Referer:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 9 - && memcmp(packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9]; packet->referer_line.len = packet->line[packet->parsed_lines].len - 9; packet->http_num_headers++; } /* "User-Agent:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 12 - && (memcmp(packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 - || memcmp(packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { + && (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 + || strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12]; packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12; packet->http_num_headers++; } /* "Content-Encoding:" header line in HTTP response (and request?). */ if(packet->line[packet->parsed_lines].len > 18 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18]; packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18; packet->http_num_headers++; } /* "Transfer-Encoding:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 19 - && memcmp(packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19]; packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19; packet->http_num_headers++; } /* "Content-Length:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && ((memcmp(packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) - || (memcmp(packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0))) { + && ((strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) + || (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0))) { packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16]; packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16; packet->http_num_headers++; } /* "Cookie:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8]; packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8; packet->http_num_headers++; } /* "Origin:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8]; packet->http_origin.len = packet->line[packet->parsed_lines].len - 8; packet->http_num_headers++; } /* "X-Session-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16]; packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16; packet->http_num_headers++; @@ -3953,19 +3954,19 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc * - https://tools.ietf.org/html/rfc7230 * - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields */ - if((packet->line[packet->parsed_lines].len > 6 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0 )) || - (packet->line[packet->parsed_lines].len > 8 && memcmp(packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) || - (packet->line[packet->parsed_lines].len > 9 && memcmp(packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) || - (packet->line[packet->parsed_lines].len > 12 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) || - (packet->line[packet->parsed_lines].len > 15 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) || - (packet->line[packet->parsed_lines].len > 17 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) || - (packet->line[packet->parsed_lines].len > 27 && memcmp(packet->line[packet->parsed_lines].ptr, "Upgrade-Insecure-Requests: ", 27) == 0)) { + if((packet->line[packet->parsed_lines].len > 6 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0 )) || + (packet->line[packet->parsed_lines].len > 8 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) || + (packet->line[packet->parsed_lines].len > 9 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) || + (packet->line[packet->parsed_lines].len > 12 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) || + (packet->line[packet->parsed_lines].len > 15 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) || + (packet->line[packet->parsed_lines].len > 17 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) || + (packet->line[packet->parsed_lines].len > 27 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Upgrade-Insecure-Requests: ", 27) == 0)) { /* Just count. In the future, if needed, this if can be splited to parse these headers */ packet->http_num_headers++; } @@ -4707,6 +4708,30 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { /* ****************************************************** */ +/* + * Same as ndpi_strnstr but case-insensitive + */ +char* ndpi_strncasestr(const char *s, const char *find, size_t slen) { + char c, sc; + size_t len; + + if((c = *find++) != '\0') { + len = strlen(find); + do { + do { + if(slen-- < 1 || (sc = *s++) == '\0') + return (NULL); + } while (sc != c); + if(len > slen) + return (NULL); + } while (strncasecmp(s, find, len) != 0); + s--; + } + return ((char *)s); +} + +/* ****************************************************** */ + int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { -- cgit v1.2.3 From 8e8445e02f9190c9fb12b01c097dda68a4c88856 Mon Sep 17 00:00:00 2001 From: Campus Date: Sun, 3 Sep 2017 16:40:41 +0200 Subject: fix telegram detection --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 54043d581..b2131e413 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -849,6 +849,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C0800 /* 91.108.8.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C0C00 /* 91.108.12.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C1000 /* 91.108.16.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, @@ -8305,6 +8306,7 @@ ndpi_protocol_match host_match[] = { { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; -- cgit v1.2.3 From ecb048a7bc8f2af388149c20605200cf2c476b41 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 8 Sep 2017 18:00:32 +0200 Subject: Extended filter produced by -b flag --- example/ndpiReader.c | 143 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 121 insertions(+), 22 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e0dda2cab..1d1215548 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1375,6 +1375,9 @@ static int port_stats_sort(void *_a, void *_b) { struct port_stats *a = (struct port_stats*)_a; struct port_stats *b = (struct port_stats*)_b; + if(b->num_pkts == 0 && a->num_pkts == 0) + return(b->num_flows - a->num_flows); + return(b->num_pkts - a->num_pkts); } @@ -2317,15 +2320,13 @@ void automataUnitTest() { } /* *********************************************** */ - /** - * @brief Produce bpf filter to filter ports and hosts, - * save it in .json format + * @brief Produce bpf filter to filter ports and hosts + * in order to remove a peak in terms of number of packets + * sent by source hosts. */ #ifdef HAVE_JSON_C -void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath) { - FILE *fp = NULL; - char _filterFilePath[1024]; +void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], int p_size, const char *host_array[16], int h_size) { char filter[2048]; int produced = 0; int i = 0; @@ -2355,9 +2356,9 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar int l; if(port_array[0] != INIT_VAL) - strncat(filter, " and not (host ", sizeof(" and not (host ")); + strncat(filter, " and not (src ", sizeof(" and not (src ")); else - strcpy(filter, "not (host "); + strcpy(filter, "not (src "); i=0; @@ -2377,24 +2378,57 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar produced = 1; } - snprintf(_filterFilePath, sizeof(_filterFilePath), "%s.bpf", filePath); + if(produced) + json_object_object_add(*jObj_bpfFilter, "pkt.peak.filter", json_object_new_string(filter)); + else + json_object_object_add(*jObj_bpfFilter, "pkt.peak.filter", json_object_new_string("")); - if((fp = fopen(_filterFilePath,"w")) == NULL) { - printf("Error creating .json file %s\n", _filterFilePath); - exit(-1); - } + /*if(produced) + fprintf(fp,"%s\n",filter); + else + fprintf(fp,"");*/ + +} +#endif + +/* *********************************************** */ +/** + * @brief Produce bpf filter to filter ports and hosts + * in order to remove a peak in terms of number of source + * addresses. + */ +#ifdef HAVE_JSON_C +void bpf_filter_host_peak_filter(json_object **jObj_bpfFilter, const char *host_array[16], int h_size) { + char filter[2048]; + int produced = 0; + int i = 0; - json_object *jObj_bpfFilter = json_object_new_object(); + + if(host_array[0] != NULL) { + int l; + + strcpy(filter, "not (dst "); + + while(i < h_size && host_array[i] != NULL) { + l = strlen(filter); + + if(i+1 == h_size || host_array[i+1] == NULL) + snprintf(&filter[l], sizeof(filter)-l, "%s", host_array[i]); + else + snprintf(&filter[l], sizeof(filter)-l, "%s or ", host_array[i]); + + i++; + } + + l = strlen(filter); + snprintf(&filter[l], sizeof(filter)-l, "%s", ")"); + produced = 1; + } if(produced) - json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); + json_object_object_add(*jObj_bpfFilter, "host.peak.filter", json_object_new_string(filter)); else - json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string("")); - - fprintf(fp,"%s\n",json_object_to_json_string(jObj_bpfFilter)); - fclose(fp); - - printf("created: %s\n", _filterFilePath); + json_object_object_add(*jObj_bpfFilter, "host.peak.filter", json_object_new_string("")); } #endif @@ -2546,7 +2580,42 @@ void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const #endif /* *********************************************** */ +/* + * @brief add to the dstHostArray to filter destination + * hosts which have more than 2 percent of flows per minute + */ +#ifdef HAVE_JSON_C +void getTopReceiverHostsToFilter(struct json_object *jObj_stat, int duration, const char *dstHostArray[16], int size) { + int j; + for(j=0; j 0.2) { + if((res = json_object_object_get_ex(scanner_stat, "aggressive.ip", &jObj_host_address)) == 0) { + fprintf(stderr, "ERROR: can't get \"aggressive.ip\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + const char *host_address = json_object_get_string(jObj_host_address); + + bpf_filter_host_array_add(dstHostArray, size, host_address); + + } + } +} +#endif + +/* *********************************************** */ /* * @brief add ports which have more than 1000 flows per * second to the srcHostArray to filter @@ -2590,6 +2659,7 @@ static void produceBpfFilter(char *filePath) { void *fmap; int filterSrcPorts[PORT_ARRAY_SIZE]; /* ports to filter */ const char *filterSrcHosts[48]; /* hosts to filter */ + const char *filterDstHosts[48]; /* hosts to filter */ json_object *jObj; /* entire json object from file */ json_object *jObj_duration; json_object *jObj_statistics; /* json array */ @@ -2642,6 +2712,7 @@ static void produceBpfFilter(char *filePath) { bpf_filter_port_array_init(filterSrcPorts, PORT_ARRAY_SIZE); bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); + bpf_filter_host_array_init(filterDstHosts, HOST_ARRAY_SIZE); for(i=0; i Date: Thu, 14 Sep 2017 11:05:20 +0500 Subject: Added protocol LISP. By Huniya Arif xFlow Research --- configure.ac | 116 ++++++++++++++++ src/include/ndpi_define.h | 297 ++++++++++++++++++++++++++++++++++++++++ src/include/ndpi_protocol_ids.h | 3 +- src/include/ndpi_protocols.h | 2 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 8 ++ src/lib/protocols/lisp.c | 68 +++++++++ 7 files changed, 494 insertions(+), 1 deletion(-) create mode 100644 configure.ac create mode 100644 src/include/ndpi_define.h create mode 100644 src/lib/protocols/lisp.c diff --git a/configure.ac b/configure.ac new file mode 100644 index 000000000..5e54d7813 --- /dev/null +++ b/configure.ac @@ -0,0 +1,116 @@ +AC_INIT([libndpi], [2.1.0]) + +AC_CONFIG_MACRO_DIR([m4]) + +AM_INIT_AUTOMAKE([foreign subdir-objects]) + +LT_INIT + +AC_PROG_CC +AM_PROG_CC_C_O +AX_PTHREAD + +NDPI_MAJOR="2" +NDPI_MINOR="1" +NDPI_PATCH="0" + +AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) +AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) +AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) + +if test -d ".git"; then : + GIT_TAG=`git log -1 --format=%h` + GIT_DATE=`git log -1 --format=%cd` + # + # On CentOS 6 `git rev-list HEAD --count` does not work + # + # + GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` + GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" +else + GIT_RELEASE="${PACKAGE_VERSION}" + GIT_DATE=`date` +fi + +AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) +AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) + +AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) + +PCAP_HOME=$HOME/PF_RING/userland + +if test -d $PCAP_HOME; then : + echo -n "" +else + PCAP_HOME=`pwd`/../../PF_RING/userland +fi +SHORT_MACHINE=`uname -m | cut -b1-3` +if test $SHORT_MACHINE = "arm"; then + LIBNUMA="" +else + AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) +fi + +if test -f $PCAP_HOME/libpcap/libpcap.a; then : + echo "Using libpcap from $PCAP_HOME" + PCAP_INC="-I $PCAP_HOME/libpcap" + PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" + + AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) + AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) + # The dlopen() function is in libdl on GLIBC-based systems + # and in the C library for *BSD systems + AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], + [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], + [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) +else + AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) + + if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : + echo "" + echo "ERROR: Missing libpcap(-dev) library required to compile the example application" + echo "ERROR: Please install it and try again" + exit + fi +fi + +dnl> https://github.com/json-c/json-c +AC_ARG_ENABLE([json-c], + AS_HELP_STRING([--disable-json-c], [Disable json-c support])) + +AS_IF([test "x$enable_json_c" != "xno"], [ + PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH + pkg-config --exists json-c + AS_IF([test "$?" == "0"], + [ + CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" + LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" + AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) + ], + [ + JSONC_HOME="$HOME/json-c" + if test -d "$JSONC_HOME"; then : + CFLAGS="$CFLAGS -I $JSONC_HOME" + LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" + AC_MSG_RESULT([Found json-c in $JSONC_HOME]) + AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) + fi + ]) + ]) + +AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) + +AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_HEADERS(config.h) +AC_SUBST(GIT_RELEASE) +AC_SUBST(NDPI_MAJOR) +AC_SUBST(NDPI_MINOR) +AC_SUBST(NDPI_PATCH) +AC_SUBST(SVN_DATE) +AC_SUBST(JSON_C_LIB) +AC_SUBST(PCAP_INC) +AC_SUBST(PCAP_LIB) +AC_SUBST(DL_LIB) +AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) + +AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h new file mode 100644 index 000000000..84155d027 --- /dev/null +++ b/src/include/ndpi_define.h @@ -0,0 +1,297 @@ +/* + * + * Copyright (C) 2011-17 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#ifndef __NDPI_DEFINE_INCLUDE_FILE__ +#define __NDPI_DEFINE_INCLUDE_FILE__ + +/* + gcc -E -dM - < /dev/null |grep ENDIAN +*/ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include +#endif + +#ifdef __OpenBSD__ +#include +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +#define NDPI_USE_ASYMMETRIC_DETECTION 0 +#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t + +#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) +#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) +#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) +#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) +/* now combined detections */ + +/* v4 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v4 or v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* safe src/dst protocol check macros... */ + +#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) + +/** + * convenience macro to check for excluded protocol + * a protocol is excluded if the flow is known and either the protocol is not detected at all + * or the excluded bitmask contains the protocol + */ +#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ + ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ + NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) + +/* misc definitions */ +#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 + + +/* TODO: rebuild all memory areas to have a more aligned memory block here */ + +/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ +#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 + +#define MAX_PACKET_COUNTER 65000 +#define MAX_DEFAULT_PORTS 5 + +#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 +#define NDPI_IRC_CONNECTION_TIMEOUT 120 +#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 +#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 +#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 +#define NDPI_RTSP_CONNECTION_TIMEOUT 5 +#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 +#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 +#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 +#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 +#define NDPI_ZATTOO_FLASH_TIMEOUT 5 +#define NDPI_JABBER_STUN_TIMEOUT 30 +#define NDPI_JABBER_FT_TIMEOUT 5 +#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ + struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ + if(mod != NULL) { \ + mod->ndpi_debug_print_file=__FILE__; \ + mod->ndpi_debug_print_function=__FUNCTION__; \ + mod->ndpi_debug_print_line=__LINE__; \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ + } \ + } +#else /* NDPI_ENABLE_DEBUG_MESSAGES */ +#ifdef WIN32 +#define NDPI_LOG(...) {} +#else +#define NDPI_LOG(proto, mod, log_level, args...) {} +#endif +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ + +/** + * macro for getting the string len of a static string + * + * use it instead of strlen to avoid runtime calculations + */ +#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) + +/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ +#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ + ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) + +#define NDPI_NUM_BITS 256 + +#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ +#define howmanybits(x, y) (((x)+((y)-1))/(y)) + + +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) + +#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) + +#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t + +#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) +#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) +#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) +#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) +#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } + +/* this is a very very tricky macro *g*, + * the compiler will remove all shifts here if the protocol is static... + */ +#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) +#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) +#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) + +#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } + + +#define ndpi_min(a,b) ((a < b) ? a : b) +#define ndpi_max(a,b) ((a > b) ? a : b) + +#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ + if (packet->packet_lines_parsed_complete != 1) { \ + ndpi_parse_packet_line_info(ndpi_struct,flow); \ + } \ + +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPIP_PROTOCOL_TYPE 0x04 +#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a + +/* the get_uXX will return raw network packet bytes !! */ +#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) +#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) +#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) +#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) + +/* new definitions to get little endian from network bytes */ +#define get_ul8(X,O) get_u_int8_t(X,O) + + +#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) +#define get_l16(X,O) get_u_int16_t(X,O) +#define get_l32(X,O) get_u_int32_t(X,O) +#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) +/* convert the bytes from big to little endian */ +# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) +# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) +#else +#error "__BYTE_ORDER MUST BE DEFINED !" +#endif /* __BYTE_ORDER */ + +/* define memory callback function */ +#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) + +#if defined(WIN32) && !defined(snprintf) +#define snprintf _snprintf +#endif + +#define NDPI_MAX_DNS_REQUESTS 16 + +#define NDPI_MAJOR 2 +#define NDPI_MINOR 1 +#define NDPI_PATCH 0 + +#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1ba8d3b89..bd0c8e999 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -273,9 +273,10 @@ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ +#define NDPI_PROTOCOL_LISP 236 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_CSGO +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index adfd19b17..ef248027a 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -53,6 +53,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st /* Applications and other protocols. */ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -209,6 +210,7 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 740e3ee48..c2b4e4b13 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -71,6 +71,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/kontiki.c \ protocols/ldap.c \ protocols/lotus_notes.c \ + protocols/lisp.c \ protocols/mail_imap.c \ protocols/mail_pop.c \ protocols/mail_smtp.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ffb4ed909..f0b0407bb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1390,6 +1390,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, + no_master, + no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, no_master, no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -2735,6 +2740,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* CSGO */ init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + /* LISP */ + init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c new file mode 100644 index 000000000..37077029c --- /dev/null +++ b/src/lib/protocols/lisp.c @@ -0,0 +1,68 @@ +#include "ndpi_api.h" +#ifdef NDPI_PROTOCOL_LISP + +#define LISP_PORT 4341 +#define LISP_PORT1 4342 + +static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t due_to_correlation) +{ + + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LISP, NDPI_PROTOCOL_UNKNOWN); +} + +static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(packet->udp != NULL) { + + u_int16_t lisp_port = htons(LISP_PORT); + u_int16_t lisp_port1 = htons(LISP_PORT1); + + if(((packet->udp->source == lisp_port) + && (packet->udp->dest == lisp_port)) || + ((packet->udp->source == lisp_port1) + && (packet->udp->dest == lisp_port1)) ) { + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "Found lisp.\n"); + ndpi_int_lisp_add_connection(ndpi_struct, flow, 0); + return; + + } + } + + NDPI_LOG(NDPI_PROTOCOL_lisp, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); +} + +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "lisp detection...\n"); + + /* skip marked packets */ + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) { + + ndpi_check_lisp(ndpi_struct, flow); + + } +} + + +void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_LISP, + ndpi_search_lisp, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + +#endif -- cgit v1.2.3 From d4d4f2a17c9fdd641f754305ef6de2711ab2c19f Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 11:38:31 +0500 Subject: Added LISP protocol. By Huniya Arif (xFlowResearch) --- src/include/ndpi_main.h | 2 +- src/lib/ndpi_main.c | 2 +- src/lib/protocols/lisp.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 24bdcb171..79eeab8f1 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -28,8 +28,8 @@ #include "ndpi_define.h" #include "ndpi_protocol_ids.h" #include "ndpi_typedefs.h" -#include "ndpi_protocols.h" #include "ndpi_api.h" +#include "ndpi_protocols.h" #ifdef __cplusplus extern "C" { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f0b0407bb..26983f0a8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2741,7 +2741,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n init_csgo_dissector(ndpi_struct, &a, detection_bitmask); /* LISP */ - init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + init_lisp_dissector(ndpi_struct, &a, detection_bitmask); /* ----------------------------------------------------------------- */ diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 37077029c..531f7f68f 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -54,7 +54,7 @@ void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct n } -void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_LISP, -- cgit v1.2.3 From f7e9264c36d0e94844a645588cddaafa192fd48d Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 12:52:18 +0500 Subject: LISP PROTOCOL by Huniya Arif (xFlowResearch) --- configure.ac | 116 ------------------ src/include/ndpi_define.h | 297 ---------------------------------------------- 2 files changed, 413 deletions(-) delete mode 100644 configure.ac delete mode 100644 src/include/ndpi_define.h diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 5e54d7813..000000000 --- a/configure.ac +++ /dev/null @@ -1,116 +0,0 @@ -AC_INIT([libndpi], [2.1.0]) - -AC_CONFIG_MACRO_DIR([m4]) - -AM_INIT_AUTOMAKE([foreign subdir-objects]) - -LT_INIT - -AC_PROG_CC -AM_PROG_CC_C_O -AX_PTHREAD - -NDPI_MAJOR="2" -NDPI_MINOR="1" -NDPI_PATCH="0" - -AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) -AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) -AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) - -if test -d ".git"; then : - GIT_TAG=`git log -1 --format=%h` - GIT_DATE=`git log -1 --format=%cd` - # - # On CentOS 6 `git rev-list HEAD --count` does not work - # - # - GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" -else - GIT_RELEASE="${PACKAGE_VERSION}" - GIT_DATE=`date` -fi - -AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) -AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) - -AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) - -PCAP_HOME=$HOME/PF_RING/userland - -if test -d $PCAP_HOME; then : - echo -n "" -else - PCAP_HOME=`pwd`/../../PF_RING/userland -fi -SHORT_MACHINE=`uname -m | cut -b1-3` -if test $SHORT_MACHINE = "arm"; then - LIBNUMA="" -else - AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) -fi - -if test -f $PCAP_HOME/libpcap/libpcap.a; then : - echo "Using libpcap from $PCAP_HOME" - PCAP_INC="-I $PCAP_HOME/libpcap" - PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" - - AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) - AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) - # The dlopen() function is in libdl on GLIBC-based systems - # and in the C library for *BSD systems - AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], - [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], - [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) -else - AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) - - if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : - echo "" - echo "ERROR: Missing libpcap(-dev) library required to compile the example application" - echo "ERROR: Please install it and try again" - exit - fi -fi - -dnl> https://github.com/json-c/json-c -AC_ARG_ENABLE([json-c], - AS_HELP_STRING([--disable-json-c], [Disable json-c support])) - -AS_IF([test "x$enable_json_c" != "xno"], [ - PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH - pkg-config --exists json-c - AS_IF([test "$?" == "0"], - [ - CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" - LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" - AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) - ], - [ - JSONC_HOME="$HOME/json-c" - if test -d "$JSONC_HOME"; then : - CFLAGS="$CFLAGS -I $JSONC_HOME" - LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" - AC_MSG_RESULT([Found json-c in $JSONC_HOME]) - AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) - fi - ]) - ]) - -AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) - -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) -AC_CONFIG_HEADERS(config.h) -AC_SUBST(GIT_RELEASE) -AC_SUBST(NDPI_MAJOR) -AC_SUBST(NDPI_MINOR) -AC_SUBST(NDPI_PATCH) -AC_SUBST(SVN_DATE) -AC_SUBST(JSON_C_LIB) -AC_SUBST(PCAP_INC) -AC_SUBST(PCAP_LIB) -AC_SUBST(DL_LIB) -AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) - -AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h deleted file mode 100644 index 84155d027..000000000 --- a/src/include/ndpi_define.h +++ /dev/null @@ -1,297 +0,0 @@ -/* - * - * Copyright (C) 2011-17 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#ifndef __NDPI_DEFINE_INCLUDE_FILE__ -#define __NDPI_DEFINE_INCLUDE_FILE__ - -/* - gcc -E -dM - < /dev/null |grep ENDIAN -*/ - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include -#endif - -#ifdef __OpenBSD__ -#include -#define __BYTE_ORDER BYTE_ORDER -#if BYTE_ORDER == LITTLE_ENDIAN -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif/* BYTE_ORDER */ -#endif/* __OPENBSD__ */ - - -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif -#else -#ifndef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ -#endif -#endif - -#ifdef WIN32 -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ 1 -#endif -#endif - -#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) -#if defined(__mips__) -#undef __LITTLE_ENDIAN__ -#undef __LITTLE_ENDIAN -#define __BIG_ENDIAN__ -#endif - -/* Everything else */ -#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif -#endif - -#endif - -#define NDPI_USE_ASYMMETRIC_DETECTION 0 -#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t - -#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) -#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) -#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) -#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) -/* now combined detections */ - -/* v4 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v4 or v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* safe src/dst protocol check macros... */ - -#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) - -/** - * convenience macro to check for excluded protocol - * a protocol is excluded if the flow is known and either the protocol is not detected at all - * or the excluded bitmask contains the protocol - */ -#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ - ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ - NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) - -/* misc definitions */ -#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 - - -/* TODO: rebuild all memory areas to have a more aligned memory block here */ - -/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ -#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 - -#define MAX_PACKET_COUNTER 65000 -#define MAX_DEFAULT_PORTS 5 - -#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 -#define NDPI_IRC_CONNECTION_TIMEOUT 120 -#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 -#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 -#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 -#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 -#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 -#define NDPI_ZATTOO_FLASH_TIMEOUT 5 -#define NDPI_JABBER_STUN_TIMEOUT 30 -#define NDPI_JABBER_FT_TIMEOUT 5 -#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 - -#ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ - struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ - } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif -#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - -/** - * macro for getting the string len of a static string - * - * use it instead of strlen to avoid runtime calculations - */ -#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) - -/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ -#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ - ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) - -#define NDPI_NUM_BITS 256 - -#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ -#define howmanybits(x, y) (((x)+((y)-1))/(y)) - - -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) -#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) - -#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) - -#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t - -#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) -#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) -#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) -#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) -#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } - -/* this is a very very tricky macro *g*, - * the compiler will remove all shifts here if the protocol is static... - */ -#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) -#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) -#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) - -#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } - - -#define ndpi_min(a,b) ((a < b) ? a : b) -#define ndpi_max(a,b) ((a > b) ? a : b) - -#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ - if (packet->packet_lines_parsed_complete != 1) { \ - ndpi_parse_packet_line_info(ndpi_struct,flow); \ - } \ - -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 -#define NDPI_IPIP_PROTOCOL_TYPE 0x04 -#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a - -/* the get_uXX will return raw network packet bytes !! */ -#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) -#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) -#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) -#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) - -/* new definitions to get little endian from network bytes */ -#define get_ul8(X,O) get_u_int8_t(X,O) - - -#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) -#define get_l16(X,O) get_u_int16_t(X,O) -#define get_l32(X,O) get_u_int32_t(X,O) -#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) -/* convert the bytes from big to little endian */ -# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) -# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) -#else -#error "__BYTE_ORDER MUST BE DEFINED !" -#endif /* __BYTE_ORDER */ - -/* define memory callback function */ -#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) - -#if defined(WIN32) && !defined(snprintf) -#define snprintf _snprintf -#endif - -#define NDPI_MAX_DNS_REQUESTS 16 - -#define NDPI_MAJOR 2 -#define NDPI_MINOR 1 -#define NDPI_PATCH 0 - -#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ -- cgit v1.2.3 From 83b1b34c18408f969da6689972e2394aa06efc2c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Sep 2017 11:13:25 +0200 Subject: Added custom 5 protocol categories to be used by applications. They are currently empty Added ndpi_is_custom_category() to check if a defined category is custom --- src/include/ndpi_api.h | 9 +++ src/include/ndpi_typedefs.h | 11 +++- src/lib/ndpi_content_match.c.inc | 34 +++++------ src/lib/ndpi_main.c | 123 ++++++++++++++++++++++++++------------- 4 files changed, 116 insertions(+), 61 deletions(-) diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 76285cb70..325ee0564 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -410,6 +410,15 @@ extern "C" { */ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len); + /** + * Find out if a given category is custom/user-defined + * + * @par category = the category associated to the protocol + * @return 1 if this is a custom user category, 0 otherwise + * + */ + int ndpi_is_custom_category(ndpi_protocol_category_t category); + /** * Get protocol category as string * diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index e5e9053e8..51c0df449 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -748,10 +748,10 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_MEDIA, /* Multimedia and streaming */ NDPI_PROTOCOL_CATEGORY_VPN, /* Virtual Private Networks */ NDPI_PROTOCOL_CATEGORY_MAIL, /* Protocols to send/receive/sync emails */ - NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, /* FTP and similar protocols */ + NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, /* AFS/NFS and similar protocols */ NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ - NDPI_PROTOCOL_CATEGORY_P2P, /* File sharing and P2P */ + NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing and P2P */ NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */ NDPI_PROTOCOL_CATEGORY_CHAT, /* Instant messaging */ NDPI_PROTOCOL_CATEGORY_VOIP, /* Real-time communications and conferencing */ @@ -762,8 +762,13 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ - NDPI_PROTOCOL_CATEGORY_SYSTEM, /* System level applications */ + NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_2, /* User custom category 2 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_3, /* User custom category 3 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_4, /* User custom category 4 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_5, /* User custom category 5 */ NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index b2131e413..3def0f7b7 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8192,8 +8192,8 @@ ndpi_protocol_match host_match[] = { { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8287,9 +8287,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8297,7 +8297,7 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8354,17 +8354,17 @@ ndpi_protocol_match content_match[] = { { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 26983f0a8..fccedecb0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -436,8 +436,7 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) -{ + ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) { char *name; int j; @@ -706,12 +705,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, - no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, no_master, - no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, @@ -751,7 +750,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, no_master, - no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, @@ -771,22 +770,22 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, no_master, - no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, no_master, - no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, no_master, - no_master, "NFS", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "NFS", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, no_master, - no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, @@ -806,12 +805,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, no_master, - no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, no_master, - no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, @@ -831,17 +830,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, no_master, - no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, no_master, - no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, no_master, - no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, @@ -856,7 +855,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, no_master, - no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, @@ -866,29 +865,34 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, no_master, - no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, no_master, - no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, no_master, - no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_EDONKEY, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, no_master, - no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, no_master, - no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, + no_master, + no_master, "Skype", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, no_master, no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -1001,7 +1005,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -1011,12 +1015,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, no_master, - no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, no_master, - no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); @@ -1187,17 +1191,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, no_master, - no_master, "AFP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, no_master, - no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, no_master, - no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, @@ -1262,7 +1266,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, no_master, - no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, @@ -1463,7 +1467,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, no_master, - no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, @@ -1488,7 +1492,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, no_master, - no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, @@ -1498,7 +1502,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, no_master, - no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, @@ -1583,12 +1587,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, no_master, - no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, - no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, @@ -1631,8 +1635,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp init_string_based_protocols(ndpi_mod); for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(ndpi_mod->proto_defaults[i].protoName == NULL) { - printf("[NDPI] %s(missing protoId=%d) INTERNAL ERROR: not all protocols have been initialized\n", __FUNCTION__, i); + if((ndpi_mod->proto_defaults[i].protoName == NULL) + || ((i != NDPI_PROTOCOL_UNKNOWN) + && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))) { + printf("[NDPI] %s(missing protoId=%d/%s) INTERNAL ERROR: not all protocols have been initialized\n", + __FUNCTION__, i, + ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); } } } @@ -4543,6 +4551,24 @@ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ +int ndpi_is_custom_category(ndpi_protocol_category_t category) { + switch(category) { + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + return(1); + break; + + default: + return(0); + break; + } +} + +/* ****************************************************** */ + const char* ndpi_category_str(ndpi_protocol_category_t category) { switch(category) { case NDPI_PROTOCOL_CATEGORY_MEDIA: @@ -4551,11 +4577,14 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_VPN: return("VPN"); break; + case NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER: + return("DataTransfer"); + break; case NDPI_PROTOCOL_CATEGORY_MAIL: return("Email"); break; - case NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER: - return("FileTransfer"); + case NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT: + return("Download/P2P/FileTransfer/FileSharing"); break; case NDPI_PROTOCOL_CATEGORY_WEB: return("Web"); @@ -4563,9 +4592,6 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK: return("SocialNetwork"); break; - case NDPI_PROTOCOL_CATEGORY_P2P: - return("P2P"); - break; case NDPI_PROTOCOL_CATEGORY_GAME: return("Game"); break; @@ -4596,7 +4622,7 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL: return("NetworkTool"); break; - case NDPI_PROTOCOL_CATEGORY_SYSTEM: + case NDPI_PROTOCOL_CATEGORY_SYSTEM_OS: return("System"); break; case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED: @@ -4605,6 +4631,21 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_SW_UPDATE: return("SoftwareUpdate"); break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + return("User custom category 1"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + return("User custom category 2"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + return("User custom category 3"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + return("User custom category 4"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + return("User custom category 5"); + break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); break; -- cgit v1.2.3 From 1808519b5bee1d53ce10e76c2d529ac47d83d504 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Sep 2017 11:23:34 +0200 Subject: Reorganized protocol families Added new API calls ndpi_set_proto_breed() and ndpi_set_proto_category() for overwriting nDPI protocol specifications --- src/include/ndpi_api.h | 27 ++++++++++++++++++++++++--- src/lib/ndpi_main.c | 20 ++++++++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 325ee0564..5b0fe617b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -387,17 +387,16 @@ extern "C" { /** * Check if the string -bigram_to_match- match with a bigram of -automa- * - * @par ndpi_struct = the detection module + * @par ndpi_mod = the detection module * @par automa = the struct ndpi_automa for the bigram * @par bigram_to_match = the bigram string to match * @return 0 * */ - int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, + int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_mod, ndpi_automa *automa, char *bigram_to_match); - /** * Write the protocol name in the buffer -buf- as master_protocol.protocol * @@ -419,6 +418,28 @@ extern "C" { */ int ndpi_is_custom_category(ndpi_protocol_category_t category); + /** + * Overwrite a protocol category defined by nDPI with the custom category + * + * @par ndpi_mod = the detection module + * @par protoId = the protocol identifier to overwrite + * @par breed = the breed to be associated to the protocol + * + */ + void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_breed_t breed); + + /** + * Overwrite a protocol category defined by nDPI with the custom category + * + * @par ndpi_mod = the detection module + * @par protoId = the protocol identifier to overwrite + * @par category = the category associated to the protocol + * + */ + void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_category_t protoCategory); + /** * Get protocol category as string * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index fccedecb0..0a0d30bbb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -432,6 +432,26 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, /* ********************************************************************************** */ +void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_breed_t breed) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return; + else + ndpi_mod->proto_defaults[protoId].protoBreed = breed; +} + +/* ********************************************************************************** */ + +void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_category_t protoCategory) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return; + else + ndpi_mod->proto_defaults[protoId].protoCategory = protoCategory; +} + +/* ********************************************************************************** */ + void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], -- cgit v1.2.3 From 4176fd5068ed84c9f662a4b9ba97aa7794354fa4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Sep 2017 11:56:40 +0200 Subject: Reworked categories --- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 30 +++++++++++++++--------------- src/lib/ndpi_main.c | 38 +++++++++++++++++++------------------- 3 files changed, 35 insertions(+), 35 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 51c0df449..71e2ba560 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -751,7 +751,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, /* AFS/NFS and similar protocols */ NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ - NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing and P2P */ + NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing */ NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */ NDPI_PROTOCOL_CATEGORY_CHAT, /* Instant messaging */ NDPI_PROTOCOL_CATEGORY_VOIP, /* Real-time communications and conferencing */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 3def0f7b7..e06740871 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8287,9 +8287,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8297,7 +8297,7 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8354,17 +8354,17 @@ ndpi_protocol_match content_match[] = { { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0a0d30bbb..a35a27042 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -725,12 +725,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, - no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, no_master, - no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, @@ -850,17 +850,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, no_master, - no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, no_master, - no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, no_master, - no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, @@ -875,7 +875,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, no_master, - no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, @@ -885,27 +885,27 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, no_master, - no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, no_master, - no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, no_master, - no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, no_master, - no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, no_master, - no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, @@ -1025,7 +1025,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -1035,12 +1035,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, no_master, - no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, no_master, - no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); @@ -1216,12 +1216,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, no_master, - no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, no_master, - no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, @@ -1612,7 +1612,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, - no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, @@ -4603,8 +4603,8 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_MAIL: return("Email"); break; - case NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT: - return("Download/P2P/FileTransfer/FileSharing"); + case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT: + return("Download/FileTransfer/FileSharing"); break; case NDPI_PROTOCOL_CATEGORY_WEB: return("Web"); -- cgit v1.2.3 From d6f7dd9c08b8abcaa964f19c3f34c24ed2c558cd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 17 Sep 2017 21:25:55 +0200 Subject: Implemented DHCP field 55 decode --- src/include/ndpi_typedefs.h | 4 +++- src/lib/protocols/dhcp.c | 25 +++++++++++++++++++------ 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 71e2ba560..55c056bfb 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -908,6 +908,8 @@ struct ndpi_detection_module_struct { direction_detect_disable:1; /* disable internal detection of packet direction */ }; +#define dhcp_fingerprint host_server_name + struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 @@ -946,7 +948,7 @@ struct ndpi_flow_struct { */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[256]; + u_char host_server_name[256]; /* Shared with dhcp_fingerprint */ /* Via HTTP User-Agent */ u_char detected_os[32]; /* Via HTTP X-Forwarded-For */ diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 38711c911..ee5b12834 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -78,24 +78,36 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru while(i < DHCP_VEND_LEN) { u_int8_t id = dhcp->options[i]; - if(id == 0xFF) break; + + if(id == 0xFF) + break; else { u_int8_t len = dhcp->options[i+1]; - + if(len == 0) break; - + #ifdef DHCP_DEBUG printf("[DHCP] Id=%d [len=%d]\n", id, len); #endif - + if(id == 53 /* DHCP Message Type */) { u_int8_t msg_type = dhcp->options[i+2]; - + if(msg_type <= 8) foundValidMsgType = 1; + } else if(id == 55 /* Parameter Request List / Fingerprint */) { + u_int idx, offset = 0, + hex_len = ndpi_min(len * 2, sizeof(flow->dhcp_fingerprint)); + + for(idx=0; idxdhcp_fingerprint[offset], + sizeof(flow->dhcp_fingerprint)-offset-1, + "%02X", dhcp->options[i+2+idx] & 0xFF); + offset += 2; + } } else if(id == 12 /* Host Name */) { char *name = (char*)&dhcp->options[i+2]; int j = 0; - + #ifdef DHCP_DEBUG printf("[DHCP] "); while(j < len) { printf("%c", name[j]); j++; } @@ -105,6 +117,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru strncpy((char*)flow->host_server_name, name, j); flow->host_server_name[j] = '\0'; } + i += len + 2; } } -- cgit v1.2.3 From 1a4e57e7366685e5ece5ed8576155c5e7c934efb Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 17 Sep 2017 23:34:46 +0200 Subject: Code rework --- example/ndpi_util.c | 4 ++-- src/include/ndpi_typedefs.h | 26 +++++++++++++++++--------- src/lib/protocols/bittorrent.c | 4 ++-- src/lib/protocols/dhcp.c | 6 +++--- src/lib/protocols/http.c | 8 ++++---- 5 files changed, 28 insertions(+), 20 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 618a51882..d57e9e90e 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -421,8 +421,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl int i, j, n = 0; for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { - sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->protos.bittorrent.hash[i]); + j += 2, n += flow->ndpi_flow->protos.bittorrent.hash[i]; } if(n == 0) flow->bittorent_hash[0] = '\0'; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 55c056bfb..58cb8263d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -908,8 +908,6 @@ struct ndpi_detection_module_struct { direction_detect_disable:1; /* disable internal detection of packet direction */ }; -#define dhcp_fingerprint host_server_name - struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 @@ -948,13 +946,7 @@ struct ndpi_flow_struct { */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[256]; /* Shared with dhcp_fingerprint */ - /* Via HTTP User-Agent */ - u_char detected_os[32]; - /* Via HTTP X-Forwarded-For */ - u_char nat_ip[24]; - /* Bittorrent hash */ - u_char bittorent_hash[20]; + u_char host_server_name[256]; /* This structure below will not not stay inside the protos @@ -998,6 +990,22 @@ struct ndpi_flow_struct { struct { char version[96]; } ubntac2; + + struct { + /* Via HTTP User-Agent */ + u_char detected_os[32]; + /* Via HTTP X-Forwarded-For */ + u_char nat_ip[24]; + } http; + + struct { + /* Bittorrent hash */ + u_char hash[20]; + } bittorrent; + + struct { + char fingerprint[48]; + } dhcp; } protos; /*** ALL protocol specific 64 bit variables here ***/ diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index e7a5e890a..a3eef585c 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -67,7 +67,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc } else bt_hash = (const char*)&flow->packet.payload[28]; - if(bt_hash) memcpy(flow->bittorent_hash, bt_hash, 20); + if(bt_hash) memcpy(flow->protos.bittorrent.hash, bt_hash, 20); } ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); @@ -479,7 +479,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st ) { bittorrent_found: if(bt_proto && (packet->payload_packet_len > 47)) - memcpy(flow->bittorent_hash, &bt_proto[27], 20); + memcpy(flow->protos.bittorrent.hash, &bt_proto[27], 20); NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index ee5b12834..cdf33947e 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -96,11 +96,11 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(msg_type <= 8) foundValidMsgType = 1; } else if(id == 55 /* Parameter Request List / Fingerprint */) { u_int idx, offset = 0, - hex_len = ndpi_min(len * 2, sizeof(flow->dhcp_fingerprint)); + hex_len = ndpi_min(len * 2, sizeof(flow->protos.dhcp.fingerprint)); for(idx=0; idxdhcp_fingerprint[offset], - sizeof(flow->dhcp_fingerprint)-offset-1, + snprintf((char*)&flow->protos.dhcp.fingerprint[offset], + sizeof(flow->protos.dhcp.fingerprint)-offset-1, "%02X", dhcp->options[i+2+idx] & 0xFF); offset += 2; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 3fd304867..4ff65096b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -167,7 +167,7 @@ static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) { * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ //printf("==> %s\n", ua); - snprintf((char*)flow->detected_os, sizeof(flow->detected_os), "%s", ua); + snprintf((char*)flow->protos.http.detected_os, sizeof(flow->protos.http.detected_os), "%s", ua); } static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -360,9 +360,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ strncpy((char*)flow->host_server_name, (char*)packet->host_line.ptr, len); flow->host_server_name[len] = '\0', flow->server_id = flow->dst; - len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); - strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); - flow->nat_ip[len] = '\0'; + len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); + strncpy((char*)flow->protos.http.nat_ip, (char*)packet->forwarded_line.ptr, len); + flow->protos.http.nat_ip[len] = '\0'; if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); -- cgit v1.2.3 From 9fb5981128b3d2bc75e72cc805df918b3944b92e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 19 Sep 2017 22:39:00 +0200 Subject: Added ndpi_category_set_name() API call --- example/ndpiReader.c | 4 --- libndpi.sym | 5 ++- src/include/ndpi_api.h | 15 ++++++++- src/include/ndpi_typedefs.h | 6 +++- src/lib/ndpi_main.c | 78 +++++++++++++++++++++++++++++++++++---------- 5 files changed, 84 insertions(+), 24 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1d1215548..9def14de1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2783,7 +2783,6 @@ static void produceBpfFilter(char *filePath) { @brief MAIN FUNCTION **/ int main(int argc, char **argv) { - int i; automataUnitTest(); @@ -2799,7 +2798,6 @@ int main(int argc, char **argv) { #endif } - if((!json_flag) && (!quiet_mode)) { printf("\n-----------------------------------------------------------\n" "* NOTE: This is demo app to show *some* nDPI features.\n" @@ -2823,7 +2821,6 @@ int main(int argc, char **argv) { return 0; } - #ifdef WIN32 #ifndef __GNUC__ #define EPOCHFILETIME (116444736000000000i64) @@ -2831,7 +2828,6 @@ int main(int argc, char **argv) { #define EPOCHFILETIME (116444736000000000LL) #endif - /** @brief Timezone **/ diff --git a/libndpi.sym b/libndpi.sym index 6eb2f7bcb..61058e84e 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -51,4 +51,7 @@ set_ndpi_free set_ndpi_debug_function ndpi_category_str ndpi_get_proto_category -ndpi_netbios_name_interpret \ No newline at end of file +ndpi_netbios_name_interpret +ndpi_category_set_name +ndpi_category_get_name +ndpi_is_custom_category diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 5b0fe617b..7d9c1bab7 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -443,11 +443,24 @@ extern "C" { /** * Get protocol category as string * + * @par mod = the detection module * @par category = the category associated to the protocol * @return the string name of the category * */ - const char* ndpi_category_str(ndpi_protocol_category_t category); + const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category); + + /** + * Set protocol category string + * + * @par mod = the detection module + * @par category = the category associated to the protocol + * @paw name = the string name of the category + * + */ + void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category, char *name); /** * Get protocol category diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 58cb8263d..d15114b40 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -764,6 +764,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ + /* See #define NUM_CUSTOM_CATEGORIES */ NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */ NDPI_PROTOCOL_CATEGORY_CUSTOM_2, /* User custom category 2 */ NDPI_PROTOCOL_CATEGORY_CUSTOM_3, /* User custom category 3 */ @@ -804,6 +805,9 @@ typedef struct ndpi_proto { #define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN } +#define NUM_CUSTOM_CATEGORIES 5 +#define CUSTOM_CATEGORY_LABEL_LEN 32 + struct ndpi_detection_module_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask; @@ -814,7 +818,7 @@ struct ndpi_detection_module_struct { #ifdef NDPI_ENABLE_DEBUG_MESSAGES void *user_data; #endif - + char custom_category_labels[NUM_CUSTOM_CATEGORIES][CUSTOM_CATEGORY_LABEL_LEN]; /* callback function buffer */ struct ndpi_call_function_struct callback_buffer[NDPI_MAX_SUPPORTED_PROTOCOLS + 1]; u_int32_t callback_buffer_size; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a35a27042..b2a564bee 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1839,7 +1839,8 @@ void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { struct ndpi_detection_module_struct *ndpi_str = ndpi_malloc(sizeof(struct ndpi_detection_module_struct)); - + int i; + if(ndpi_str == NULL) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES NDPI_LOG(0, ndpi_str, NDPI_LOG_DEBUG, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); @@ -1890,6 +1891,11 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_str->impossible_bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); ndpi_init_protocol_defaults(ndpi_str); + + for(i=0; icustom_category_labels[i], + CUSTOM_CATEGORY_LABEL_LEN, "User custom category %u", i+1); + return ndpi_str; } @@ -2269,17 +2275,18 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char return(0); } +/* ******************************************************************** */ + /* ntop */ -void ndpi_set_bitmask_protocol_detection( char * label, - struct ndpi_detection_module_struct *ndpi_struct, - const NDPI_PROTOCOL_BITMASK * detection_bitmask, - const u_int32_t idx, - u_int16_t ndpi_protocol_id, - void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow), - const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, - u_int8_t b_save_bitmask_unknow, - u_int8_t b_add_detection_bitmask) -{ +void ndpi_set_bitmask_protocol_detection(char * label, + struct ndpi_detection_module_struct *ndpi_struct, + const NDPI_PROTOCOL_BITMASK * detection_bitmask, + const u_int32_t idx, + u_int16_t ndpi_protocol_id, + void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow), + const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, + u_int8_t b_save_bitmask_unknow, + u_int8_t b_add_detection_bitmask) { /* Compare specify protocol bitmask with main detection bitmask */ @@ -4589,7 +4596,44 @@ int ndpi_is_custom_category(ndpi_protocol_category_t category) { /* ****************************************************** */ -const char* ndpi_category_str(ndpi_protocol_category_t category) { +void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category, char *name) { + + if(!name) return; + + switch(category) { + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + snprintf(ndpi_mod->custom_category_labels[0], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + snprintf(ndpi_mod->custom_category_labels[1], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + snprintf(ndpi_mod->custom_category_labels[2], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + snprintf(ndpi_mod->custom_category_labels[3], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + snprintf(ndpi_mod->custom_category_labels[4], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + default: + break; + } +} + +/* ****************************************************** */ + +const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category) { + + if(!ndpi_mod) return(NULL); + switch(category) { case NDPI_PROTOCOL_CATEGORY_MEDIA: return("Media"); @@ -4652,19 +4696,19 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { return("SoftwareUpdate"); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: - return("User custom category 1"); + return(ndpi_mod->custom_category_labels[0]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: - return("User custom category 2"); + return(ndpi_mod->custom_category_labels[1]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: - return("User custom category 3"); + return(ndpi_mod->custom_category_labels[2]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: - return("User custom category 4"); + return(ndpi_mod->custom_category_labels[3]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: - return("User custom category 5"); + return(ndpi_mod->custom_category_labels[4]); break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); -- cgit v1.2.3 From c2002cd48f5a8cbc7d806350a3543960c00a3579 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 21 Sep 2017 19:35:03 +0200 Subject: Removed / from category names that can cause issues in applications --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b2a564bee..917b074ea 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4648,7 +4648,7 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod return("Email"); break; case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT: - return("Download/FileTransfer/FileSharing"); + return("Download-FileTransfer-FileSharing"); break; case NDPI_PROTOCOL_CATEGORY_WEB: return("Web"); -- cgit v1.2.3 From f575959cd2ccfda1c1375624cec80e1c9a92f5b0 Mon Sep 17 00:00:00 2001 From: berat Date: Fri, 22 Sep 2017 19:00:27 +0200 Subject: typos and renames --- example/ndpiReader.c | 30 +++++++++++++++--------------- example/ndpi_util.h | 4 ++-- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9def14de1..218f251c3 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1502,7 +1502,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * if(j >= 10) break; } - json_object_object_add(jObj_stat,"top.ports",jArray_ports); + json_object_object_add(jObj_stat,"top.dst.ports",jArray_ports); json_object_array_add(jArray_stats, jObj_stat); j = 0; @@ -1510,7 +1510,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * if(i >= 10) break; } - json_object_object_add(*jObj_group, "scanner.stats", jArray_stats); + json_object_object_add(*jObj_group, "top.scanner.stats", jArray_stats); } @@ -1545,8 +1545,8 @@ static void saveTopStats(json_object **jObj_group, json_object_new_double(((double)s->num_flows)/s->num_pkts)); else json_object_object_add(jObj_stat,"flows.num_packets",json_object_new_double(0.0)); - json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); - json_object_object_add(jObj_stat,"protocol",json_object_new_string(s->proto)); + json_object_object_add(jObj_stat,"aggressive.host",json_object_new_string(s->top_ip)); + json_object_object_add(jObj_stat,"host.app.protocol",json_object_new_string(s->proto)); json_object_array_add(jArray_stats, jObj_stat); i++; @@ -1569,8 +1569,8 @@ static void saveTopStats(json_object **jObj_group, json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); - json_object_object_add(jObj_stat,"ip.total",json_object_new_int64(s->num_addr)); - json_object_object_add(jObj_stat,"ip.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); + json_object_object_add(jObj_stat,"host.number",json_object_new_int64(s->num_addr)); + json_object_object_add(jObj_stat,"host.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); json_object_array_add(jArray_stats,jObj_stat); @@ -1580,7 +1580,7 @@ static void saveTopStats(json_object **jObj_group, } json_object_object_add(*jObj_group, (direction == DIR_SRC) ? - "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); + "top.src.host.stats" : "top.dst.host.stats", jArray_stats); } #endif @@ -2500,7 +2500,7 @@ void bpf_filter_port_array_add(int filter_array[], int size, int port) { /* *********************************************** */ /* - * @brief add ports which have (flows/packets > treshold) + * @brief add ports which have (flows/packets > threshold) * and have (#flows > %1 of total flows) to the srcPortArray * to filter */ @@ -2529,7 +2529,7 @@ void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPor double flows_packets = json_object_get_double(jObj_flows_packets); - if((flows_packets > FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)) { + if((flows_packets > FLOWS_PACKETS_THRESHOLD) && (flows_percent >= FLOWS_PERCENT_THRESHOLD)) { if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); @@ -2602,8 +2602,8 @@ void getTopReceiverHostsToFilter(struct json_object *jObj_stat, int duration, co if(flows_percent > 0.2) { - if((res = json_object_object_get_ex(scanner_stat, "aggressive.ip", &jObj_host_address)) == 0) { - fprintf(stderr, "ERROR: can't get \"aggressive.ip\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + if((res = json_object_object_get_ex(scanner_stat, "aggressive.host", &jObj_host_address)) == 0) { + fprintf(stderr, "ERROR: can't get \"aggressive.host\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } const char *host_address = json_object_get_string(jObj_host_address); @@ -2719,8 +2719,8 @@ static void produceBpfFilter(char *filePath) { json_object *stats = json_object_array_get_idx(jObj_statistics, i); json_object *val; - if((res = json_object_object_get_ex(stats, "scanner.stats", &val)) == 0) { - fprintf(stderr,"ERROR: can't get \"scanner.stats\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + if((res = json_object_object_get_ex(stats, "top.scanner.stats", &val)) == 0) { + fprintf(stderr,"ERROR: can't get \"top.scanner.stats\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } getScannerHostsToFilter(val, duration, filterSrcHosts, HOST_ARRAY_SIZE); @@ -2733,8 +2733,8 @@ static void produceBpfFilter(char *filePath) { getPacketBasedSourcePortsToFilter(val, filterSrcPorts, PORT_ARRAY_SIZE); - if((res = json_object_object_get_ex(stats, "top.src.ip.stats", &val)) == 0) { - fprintf(stderr,"ERROR: can't get \"top.src.ip.stats\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + if((res = json_object_object_get_ex(stats, "top.src.host.stats", &val)) == 0) { + fprintf(stderr,"ERROR: can't get \"top.src.host.stats\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } getHostBasedSourcePortsToFilter(val, duration, filterSrcPorts, PORT_ARRAY_SIZE); diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 5fe3dc66b..fd4c4b84d 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -46,8 +46,8 @@ #define DIR_DST 20 #define PORT_ARRAY_SIZE 20 #define HOST_ARRAY_SIZE 20 -#define FLOWS_PACKETS_TRESHOLD 0.9 -#define FLOWS_PERCENT_TRESHOLD 1.0 +#define FLOWS_PACKETS_THRESHOLD 0.9 +#define FLOWS_PERCENT_THRESHOLD 1.0 #define INIT_VAL -1 // flow tracking -- cgit v1.2.3 From 8cc2b04f3cd08273b33b608c4eded26534385f3a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 23 Sep 2017 11:34:12 +0200 Subject: Fixed category for email services --- src/lib/ndpi_content_match.c.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e06740871..ba14f50f1 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8069,7 +8069,7 @@ ndpi_protocol_match host_match[] = { { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8091,10 +8091,10 @@ ndpi_protocol_match host_match[] = { { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 41b40ddf18053a8d0909cc174f1cb7f5b02d56d1 Mon Sep 17 00:00:00 2001 From: berat Date: Sat, 23 Sep 2017 19:50:52 +0200 Subject: memory leak fixed --- example/ndpiReader.c | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 218f251c3..822bce3a1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -945,20 +945,12 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { /* *********************************************** */ void freeIpTree(addr_node *root) { - while (root != NULL) { - addr_node *left = root->left; - - if(left == NULL) { - addr_node *right = root->right; - root->right = NULL; - root = right; - } else { - /* Rotate the left child up.*/ - root->left = left->right; - left->right = root; - root = left; - } - } + if (root != NULL){ + freeIpTree(root->left); + freeIpTree(root->right); + free(root); + root = NULL; + } } /* *********************************************** */ @@ -1077,7 +1069,6 @@ static void deletePortsStats(struct port_stats *stats) { HASH_ITER(hh, stats, current_port, tmp) { HASH_DEL(stats, current_port); freeIpTree(current_port->addr_tree); - free(current_port->addr_tree); free(current_port); } } -- cgit v1.2.3 From baae16ec2f1ff280f84fc3e8f87ac910dd08ed81 Mon Sep 17 00:00:00 2001 From: berat Date: Sat, 23 Sep 2017 19:55:47 +0200 Subject: memory leak fixed --- example/ndpiReader.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 822bce3a1..37423bc62 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -945,12 +945,13 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { /* *********************************************** */ void freeIpTree(addr_node *root) { - if (root != NULL){ - freeIpTree(root->left); - freeIpTree(root->right); - free(root); - root = NULL; - } + if (root == NULL) + return; + + freeIpTree(root->left); + freeIpTree(root->right); + free(root); + root = NULL; } /* *********************************************** */ -- cgit v1.2.3 From 807db80afc8595a1467d8302b70f6fbb00e2e908 Mon Sep 17 00:00:00 2001 From: berat Date: Sun, 24 Sep 2017 18:43:31 +0200 Subject: fixed another memory leak --- example/ndpiReader.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 37423bc62..4b2caba0a 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -107,14 +107,14 @@ static struct flow_info *all_flows; struct info_pair { char addr[48]; - char proto[48]; /*app level protocol*/ + char proto[16]; /*app level protocol*/ int count; }; typedef struct node_a{ char addr[48]; int count; - char proto[48]; /*app level protocol*/ + char proto[16]; /*app level protocol*/ struct node_a *left, *right; }addr_node; @@ -135,7 +135,7 @@ struct port_stats *srcStats = NULL, *dstStats = NULL; struct top_stats { u_int32_t port; /* we'll use this field as the key */ char top_ip[48]; /*ip address that is contributed to > 95% of traffic*/ - char proto[64]; /*application level protocol of top_ip */ + char proto[16]; /*application level protocol of top_ip */ u_int32_t num_pkts; u_int32_t num_addr; /*to hold number of distinct IP addresses */ u_int32_t num_flows; @@ -1054,7 +1054,7 @@ static void deleteScanners(struct single_flow_info *scanners) { HASH_ITER(hh, scanners, s, tmp) { HASH_ITER(hh, s->ports, p, tmp2) { HASH_DEL(s->ports, p); - free(s->ports); + free(p); } HASH_DEL(scanners, s); free(s); @@ -1331,6 +1331,7 @@ static void json_close_stats_file() { json_object_object_add(jObjFinal,"statistics", jArray_topStats); fprintf(stats_fp,"%s\n",json_object_to_json_string(jObjFinal)); fclose(stats_fp); + json_object_put(jObjFinal); } #endif -- cgit v1.2.3 From c115903fbb4df21c489226900a739cccd3f8f057 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 24 Sep 2017 22:49:07 +0200 Subject: Patch for giving prority in case of match to custom-defined protocols --- src/include/ndpi_api.h | 13 ++++++------- src/lib/ndpi_main.c | 26 ++++++++++++++++++-------- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 7d9c1bab7..ce8489829 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -233,13 +233,12 @@ extern "C" { * */ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const unsigned char *packet, - const unsigned short packetlen, - const u_int64_t current_tick, - struct ndpi_id_struct *src, - struct ndpi_id_struct *dst); - + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst); /** * Processes one packet and returns the ID of the detected protocol. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 917b074ea..93a1d062b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3478,13 +3478,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* ********************************************************************************* */ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const unsigned char *packet, - const unsigned short packetlen, - const u_int64_t current_tick_l, - struct ndpi_id_struct *src, - struct ndpi_id_struct *dst) -{ + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick_l, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst) { if(flow == NULL) return; @@ -3615,8 +3614,13 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* guess protocol */ flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { + /* This is a custom protocol and it has priority over everything else */ + ret.master_protocol = flow->guessed_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + return(ret); + } + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { if(flow->packet.iph) { /* guess host protocol */ flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); @@ -3638,6 +3642,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } } + if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { + /* This is a custom protocol and it has priority over everything else */ + ret.master_protocol = flow->guessed_host_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + return(ret); + } + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; -- cgit v1.2.3 From b0f3852fed9273f530753573ca1bde9d714ae988 Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 25 Sep 2017 11:06:47 +0200 Subject: improved (-x flag) bpf filter condition --- example/ndpiReader.c | 88 +++++++++++++++++++++++++++++++++++++++++++--------- example/ndpi_util.h | 1 + 2 files changed, 74 insertions(+), 15 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4b2caba0a..f1cb40c75 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2375,12 +2375,6 @@ void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], json_object_object_add(*jObj_bpfFilter, "pkt.peak.filter", json_object_new_string(filter)); else json_object_object_add(*jObj_bpfFilter, "pkt.peak.filter", json_object_new_string("")); - - /*if(produced) - fprintf(fp,"%s\n",filter); - else - fprintf(fp,"");*/ - } #endif @@ -2490,6 +2484,62 @@ void bpf_filter_port_array_add(int filter_array[], int size, int port) { } +/* *********************************************** */ +float getAverage(struct json_object *jObj_stat, char *field){ + json_object *field_stat; + json_bool res; + float average; + float sum = 0; + int r; + int j; + + if((r = strcmp(field, "top.scanner.stats")) == 0){ + for(j=0; j 1000) { + if(((tot_flows_number/duration) > FLOWS_THRESHOLD) && tot_flows_number > threshold) { if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0) { fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); @@ -2647,16 +2699,18 @@ void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration #ifdef HAVE_JSON_C static void produceBpfFilter(char *filePath) { - int fsock; - struct stat statbuf; - void *fmap; - int filterSrcPorts[PORT_ARRAY_SIZE]; /* ports to filter */ - const char *filterSrcHosts[48]; /* hosts to filter */ - const char *filterDstHosts[48]; /* hosts to filter */ json_object *jObj; /* entire json object from file */ json_object *jObj_duration; json_object *jObj_statistics; /* json array */ json_bool res; + int filterSrcPorts[PORT_ARRAY_SIZE]; + const char *filterSrcHosts[48]; + const char *filterDstHosts[48]; + struct stat statbuf; + void *fmap; + int fsock; + float average; + float deviation; int duration; int typeCheck; int array_len; @@ -2716,7 +2770,11 @@ static void produceBpfFilter(char *filePath) { fprintf(stderr,"ERROR: can't get \"top.scanner.stats\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - getScannerHostsToFilter(val, duration, filterSrcHosts, HOST_ARRAY_SIZE); + + if((average = getAverage(val, "top.scanner.stats")) != 0){ + deviation = getStdDeviation(val, average, "top.scanner.stats"); + getScannerHostsToFilter(val, duration, filterSrcHosts, HOST_ARRAY_SIZE, average+deviation); + } if((res = json_object_object_get_ex(stats, "top.src.pkts.stats", &val)) == 0) { diff --git a/example/ndpi_util.h b/example/ndpi_util.h index fd4c4b84d..eb54ac9fb 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -48,6 +48,7 @@ #define HOST_ARRAY_SIZE 20 #define FLOWS_PACKETS_THRESHOLD 0.9 #define FLOWS_PERCENT_THRESHOLD 1.0 +#define FLOWS_THRESHOLD 1000 #define INIT_VAL -1 // flow tracking -- cgit v1.2.3 From 688d7c33e4339e67bfb9e7a52e602b3d53c7ac9a Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 25 Sep 2017 11:14:57 +0200 Subject: improved (-x flag) bpf filter condition --- example/ndpiReader.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index f1cb40c75..5da9cd18b 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2485,6 +2485,10 @@ void bpf_filter_port_array_add(int filter_array[], int size, int port) { /* *********************************************** */ +#ifdef HAVE_JSON_C +/* + * @brief returns average value for a given field + */ float getAverage(struct json_object *jObj_stat, char *field){ json_object *field_stat; json_bool res; @@ -2512,8 +2516,13 @@ float getAverage(struct json_object *jObj_stat, char *field){ return sum/j; } +#endif /* *********************************************** */ - +#ifdef HAVE_JSON_C +/* + * @brief returns standard deviation for a given + * field and it's average value. + */ float getStdDeviation(struct json_object *jObj_stat, float average, char *field){ json_object *field_stat; json_bool res; @@ -2539,15 +2548,16 @@ float getStdDeviation(struct json_object *jObj_stat, float average, char *field) return sqrt(sum/(float)j); } +#endif /* *********************************************** */ +#ifdef HAVE_JSON_C /* * @brief add ports which have (flows/packets > threshold) * and have (#flows > %1 of total flows) to the srcPortArray * to filter */ -#ifdef HAVE_JSON_C void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPortArray[], int size) { int j; -- cgit v1.2.3 From 2c014c56932504edee1d64b06fa1f8d0da67b506 Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 25 Sep 2017 12:45:30 +0200 Subject: improved memory usage by (-b flag) statistics --- example/ndpiReader.c | 132 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 84 insertions(+), 48 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 5da9cd18b..1680947c0 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -106,13 +106,15 @@ static struct flow_info *all_flows; struct info_pair { - char addr[48]; + u_int32_t addr; + u_int8_t version; /* IP version */ char proto[16]; /*app level protocol*/ int count; }; typedef struct node_a{ - char addr[48]; + u_int32_t addr; + u_int8_t version; /* IP version */ int count; char proto[16]; /*app level protocol*/ struct node_a *left, *right; @@ -134,7 +136,8 @@ struct port_stats *srcStats = NULL, *dstStats = NULL; // struct to hold port based top statistics struct top_stats { u_int32_t port; /* we'll use this field as the key */ - char top_ip[48]; /*ip address that is contributed to > 95% of traffic*/ + u_int32_t top_ip; /*ip address that is contributed to > 95% of traffic*/ + u_int8_t version; /* top ip's versiob */ char proto[16]; /*application level protocol of top_ip */ u_int32_t num_pkts; u_int32_t num_addr; /*to hold number of distinct IP addresses */ @@ -154,7 +157,8 @@ struct port_flow_info { // struct to hold single packet tcp flows send by source ip address struct single_flow_info { - char saddr[48]; /* key */ + u_int32_t saddr; /* key */ + u_int8_t version; /* IP version */ struct port_flow_info *ports; u_int32_t tot_flows; UT_hash_handle hh; @@ -869,19 +873,21 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int32_t dport) { +void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, + u_int8_t version, u_int32_t dport) { struct single_flow_info *f; - HASH_FIND_STR(*scanners, saddr, f); + HASH_FIND_INT(*scanners, (int *)&saddr, f); if(f == NULL) { f = (struct single_flow_info*)malloc(sizeof(struct single_flow_info)); if(!f) return; - strncpy(f->saddr, saddr, sizeof(f->saddr)); + f->saddr = saddr; + f->version = version; f->tot_flows = 1; f->ports = NULL; - HASH_ADD_STR(*scanners, saddr, f); + HASH_ADD_INT(*scanners, saddr, f); struct port_flow_info *p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); if(!p) return; @@ -894,7 +900,7 @@ void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int struct port_flow_info *pp; f->tot_flows++; - HASH_FIND_INT(f->ports, &dport, pp); + HASH_FIND_INT(f->ports, (int *)&dport, pp); if(pp == NULL) { pp = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); @@ -909,9 +915,11 @@ void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int } } + /* *********************************************** */ -int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { +int updateIpTree(u_int32_t key, u_int8_t version, + addr_node **vrootp, const char *proto) { addr_node *q; addr_node **rootp = vrootp; int r; @@ -920,7 +928,7 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { return 0; while (*rootp != (addr_node *)0) { /* Knuth's T1: */ - if((r = strcmp(key, ((*rootp)->addr))) == 0) { /* T2: */ + if((version == (*rootp)->version) && (key == (*rootp)->addr)) { /* T2: */ return ++((*rootp)->count); } @@ -932,16 +940,18 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ if(q != (addr_node *)0) { /* make new node */ *rootp = q; /* link new node to old */ - strncpy(q->addr, key, sizeof(q->addr)); /* initialize new node */ + + q->addr = key; + q->version = version; strncpy(q->proto, proto, sizeof(q->proto)); q->count = UPDATED_TREE; q->left = q->right = (addr_node *)0; + return q->count; } return(0); } - /* *********************************************** */ void freeIpTree(addr_node *root) { @@ -956,25 +966,26 @@ void freeIpTree(addr_node *root) { /* *********************************************** */ -void updateTopIpAddress(const char *addr, const char *proto, int count, struct info_pair top[], int size) { +void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, + int count, struct info_pair top[], int size) { + struct info_pair pair; + int min = count; int update = 0; + int min_i = 0; int r; int i; - int min_i = 0; - int min = count; - struct info_pair pair; if(count == 0) return; - strncpy(pair.addr, addr, sizeof(pair.addr)); - strncpy(pair.proto, proto, sizeof(pair.proto)); + pair.addr = addr; + pair.version = version; pair.count = count; - + strncpy(pair.proto, proto, sizeof(pair.proto)); for(i=0; inum_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); - updateTopIpAddress(addr, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + updateTopIpAddress(addr, version, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); if(!s->addr_tree) return; - strncpy(s->addr_tree->addr, addr, sizeof(s->addr_tree->addr)); + s->addr_tree->addr = addr; + s->addr_tree->version = version; strncpy(s->addr_tree->proto, proto, sizeof(s->addr_tree->proto)); s->addr_tree->count = 1; s->addr_tree->left = NULL; @@ -1031,13 +1045,13 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, HASH_ADD_INT(*stats, port, s); } else{ - count = updateIpTree(addr, &(*s).addr_tree, proto); + count = updateIpTree(addr, version, &(*s).addr_tree, proto); if(count == UPDATED_TREE) s->num_addr++; if(count) { s->cumulative_addr++; - updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + updateTopIpAddress(addr, version, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); } s->num_pkts += num_pkts, s->num_bytes += num_bytes, s->num_flows++; @@ -1082,15 +1096,12 @@ static void deletePortsStats(struct port_stats *stats) { static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; - u_int16_t sport, dport; - char saddr[48], daddr[48]; - char proto[48]; u_int16_t thread_id = *(int *)user_data; + u_int16_t sport, dport; + char proto[16]; int r; sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); - strncpy(saddr, flow->src_name, sizeof(saddr)); - strncpy(daddr, flow->dst_name, sizeof(daddr)); /* get app level protocol */ if(flow->detected_protocol.master_protocol) @@ -1102,12 +1113,13 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)) { - - updateScanners(&scannerHosts, saddr, dport); + updateScanners(&scannerHosts, flow->src_ip, flow->ip_version, dport); } - updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); - updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); + updatePortStats(&srcStats, sport, flow->src_ip, flow->ip_version, + flow->src2dst_packets, flow->src2dst_bytes, proto); + updatePortStats(&dstStats, dport, flow->dst_ip, flow->ip_version, + flow->dst2src_packets, flow->dst2src_bytes, proto); } } @@ -1450,7 +1462,8 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats) { inf = sp->top_ip_addrs[0]; if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT) { - strncpy(s->top_ip, inf.addr, sizeof(s->top_ip)); + s->top_ip = inf.addr; + s->version = inf.version; strncpy(s->proto, inf.proto, sizeof(s->proto)); } @@ -1468,17 +1481,24 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats) { static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; - json_object *jArray_stats = json_object_new_array(); + char addr_name[48]; int i = 0, j = 0; - HASH_SORT(scanners, scanners_sort); + json_object *jArray_stats = json_object_new_array(); + HASH_SORT(scanners, scanners_sort); HASH_ITER(hh, scanners, s, tmp) { json_object *jObj_stat = json_object_new_object(); json_object *jArray_ports = json_object_new_array(); - json_object_object_add(jObj_stat,"ip.address",json_object_new_string(s->saddr)); + if(s->version == IPVERSION) { + inet_ntop(AF_INET, &(s->saddr), addr_name, sizeof(addr_name)); + } else { + inet_ntop(AF_INET6, &(s->saddr), addr_name, sizeof(addr_name)); + } + + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(addr_name)); json_object_object_add(jObj_stat,"total.flows.number",json_object_new_int(s->tot_flows)); HASH_SORT(s->ports, scanners_port_sort); @@ -1504,12 +1524,10 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * } json_object_object_add(*jObj_group, "top.scanner.stats", jArray_stats); - - } #endif - +/* *********************************************** */ #ifdef HAVE_JSON_C /* @@ -1522,14 +1540,18 @@ static void saveTopStats(json_object **jObj_group, u_int64_t total_ip_addr) { struct top_stats *s, *tmp; - json_object *jArray_stats = json_object_new_array(); + char addr_name[48]; int i = 0; - /* stats for packet burst diagnose */ + json_object *jArray_stats = json_object_new_array(); + + HASH_ITER(hh, stats, s, tmp) { - if(s->top_ip[0] != '\0') { + if((s->top_ip != 0) && (s->version != -1)) { + json_object *jObj_stat = json_object_new_object(); + json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); @@ -1538,7 +1560,13 @@ static void saveTopStats(json_object **jObj_group, json_object_new_double(((double)s->num_flows)/s->num_pkts)); else json_object_object_add(jObj_stat,"flows.num_packets",json_object_new_double(0.0)); - json_object_object_add(jObj_stat,"aggressive.host",json_object_new_string(s->top_ip)); + if(s->version == IPVERSION) { + inet_ntop(AF_INET, &(s->top_ip), addr_name, sizeof(addr_name)); + } else { + inet_ntop(AF_INET6, &(s->top_ip), addr_name, sizeof(addr_name)); + } + + json_object_object_add(jObj_stat,"aggressive.host",json_object_new_string(addr_name)); json_object_object_add(jObj_stat,"host.app.protocol",json_object_new_string(s->proto)); json_object_array_add(jArray_stats, jObj_stat); @@ -1581,6 +1609,7 @@ static void saveTopStats(json_object **jObj_group, void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; + char addr_name[48]; int i = 0, j = 0; HASH_ITER(hh, stats, s, tmp) { @@ -1592,7 +1621,13 @@ void printPortStats(struct port_stats *stats) { for(j=0; jtop_ip_addrs[j].count != 0) { - printf("\t\t%-36s ~ %.2f%%\n", s->top_ip_addrs[j].addr, + if(s->top_ip_addrs[j].version == IPVERSION) { + inet_ntop(AF_INET, &(s->top_ip_addrs[j].addr), addr_name, sizeof(addr_name)); + } else { + inet_ntop(AF_INET6, &(s->top_ip_addrs[j].addr), addr_name, sizeof(addr_name)); + } + + printf("\t\t%-36s ~ %.2f%%\n", addr_name, ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); } } @@ -1602,6 +1637,7 @@ void printPortStats(struct port_stats *stats) { } } + /* *********************************************** */ /** -- cgit v1.2.3 From b12948763679c9288beffdcddb42241809563293 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 25 Sep 2017 14:51:46 +0200 Subject: Custom protocols are not set as application and no longer master protocols --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 93a1d062b..0551d56f3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3616,7 +3616,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ - ret.master_protocol = flow->guessed_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; return(ret); } @@ -3644,7 +3644,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ - ret.master_protocol = flow->guessed_host_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; return(ret); } -- cgit v1.2.3 From 59097a2d30b3457e0e570c1911e853a9791fd7ac Mon Sep 17 00:00:00 2001 From: Michele d'Amico Date: Mon, 25 Sep 2017 15:08:55 +0200 Subject: Fix #456: ndpiReader depend from uthash.h heder --- example/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/Makefile.am b/example/Makefile.am index 1a2bf453d..7fc29402a 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -6,7 +6,7 @@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm AM_LDFLAGS = -static @DL_LIB@ -ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h +ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h ndpiReader.o: ndpiReader.c -- cgit v1.2.3 From 4ba6ba70c59d5be1fcf5946ecb8d72be945f34fc Mon Sep 17 00:00:00 2001 From: berat Date: Tue, 26 Sep 2017 17:01:10 +0200 Subject: memory usage is improved (-b flag) --- example/ndpiReader.c | 103 ++++++++++++++++++++++----------------------------- 1 file changed, 44 insertions(+), 59 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1680947c0..92765b5c4 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -128,24 +128,29 @@ struct port_stats { u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses */ addr_node *addr_tree; /* to hold distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; + u_int8_t hasTopHost; /* as boolean flag*/ + u_int32_t top_host; /*host that is contributed to > 95% of traffic*/ + u_int8_t version; /* top ip's versiob */ + char proto[16]; /*application level protocol of top_ip */ + UT_hash_handle hh; /* makes this structure hashable */ }; struct port_stats *srcStats = NULL, *dstStats = NULL; // struct to hold port based top statistics -struct top_stats { - u_int32_t port; /* we'll use this field as the key */ - u_int32_t top_ip; /*ip address that is contributed to > 95% of traffic*/ - u_int8_t version; /* top ip's versiob */ - char proto[16]; /*application level protocol of top_ip */ - u_int32_t num_pkts; - u_int32_t num_addr; /*to hold number of distinct IP addresses */ - u_int32_t num_flows; - UT_hash_handle hh; /* makes this structure hashable */ -}; +//struct top_stats { +//u_int32_t port; /* we'll use this field as the key */ +//u_int32_t top_ip; /*ip address that is contributed to > 95% of traffic*/ +//u_int8_t version; /* top ip's versiob */ +//char proto[16]; /*application level protocol of top_ip */ +//u_int32_t num_pkts; +//u_int32_t num_addr; /*to hold number of distinct IP addresses */ +//u_int32_t num_flows; +//UT_hash_handle hh; /* makes this structure hashable */ +//}; -struct top_stats *topSrcStats = NULL, *topDstStats = NULL; +//struct top_stats *topSrcStats = NULL, *topDstStats = NULL; // struct to hold count of flows received by destination ports @@ -1118,6 +1123,7 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi updatePortStats(&srcStats, sport, flow->src_ip, flow->ip_version, flow->src2dst_packets, flow->src2dst_bytes, proto); + updatePortStats(&dstStats, dport, flow->dst_ip, flow->ip_version, flow->dst2src_packets, flow->dst2src_bytes, proto); } @@ -1420,55 +1426,35 @@ static int info_pair_cmp (const void *_a, const void *_b) #ifdef HAVE_JSON_C static int top_stats_sort(void *_a, void *_b) { - struct top_stats *a = (struct top_stats*)_a; - struct top_stats *b = (struct top_stats*)_b; + struct port_stats *a = (struct port_stats*)_a; + struct port_stats *b = (struct port_stats*)_b; return(b->num_addr - a->num_addr); } /* *********************************************** */ -static void deleteTopStats(struct top_stats *stats) { - struct top_stats *current_port, *tmp; - - HASH_ITER(hh, stats, current_port, tmp) { - HASH_DEL(stats, current_port); - free(current_port); - } -} - -/* *********************************************** */ - /** * @brief Get port based top statistics */ -static int getTopStats(struct top_stats **topStats, struct port_stats *stats) { - struct top_stats *s; +static int getTopStats(struct port_stats *stats) { struct port_stats *sp, *tmp; struct info_pair inf; u_int64_t total_ip_addrs = 0; - /* stats are ordered by packet number */ HASH_ITER(hh, stats, sp, tmp) { - s = (struct top_stats *)malloc(sizeof(struct top_stats)); - memset(s, 0, sizeof(struct top_stats)); - - s->port = sp->port; - s->num_pkts = sp->num_pkts; - s->num_addr = sp->num_addr; - s->num_flows = sp->num_flows; - qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); inf = sp->top_ip_addrs[0]; if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT) { - s->top_ip = inf.addr; - s->version = inf.version; - strncpy(s->proto, inf.proto, sizeof(s->proto)); + sp->hasTopHost = 1; + sp->top_host = inf.addr; + sp->version = inf.version; + strncpy(sp->proto, inf.proto, sizeof(sp->proto)); } - - HASH_ADD_INT(*topStats, port, s); - + else + sp->hasTopHost = 0; + total_ip_addrs += sp->num_addr; } @@ -1533,13 +1519,14 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * /* * @brief Save Top Stats in json format */ -static void saveTopStats(json_object **jObj_group, - struct top_stats *stats, - int direction, +static void saveTopStats(json_object **jObj_group, + struct port_stats *stats, + u_int8_t direction, u_int64_t total_flow_count, u_int64_t total_ip_addr) { - struct top_stats *s, *tmp; + + struct port_stats *s, *tmp; char addr_name[48]; int i = 0; @@ -1548,8 +1535,7 @@ static void saveTopStats(json_object **jObj_group, HASH_ITER(hh, stats, s, tmp) { - if((s->top_ip != 0) && (s->version != -1)) { - + if((s->hasTopHost)) { json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); @@ -1561,9 +1547,9 @@ static void saveTopStats(json_object **jObj_group, else json_object_object_add(jObj_stat,"flows.num_packets",json_object_new_double(0.0)); if(s->version == IPVERSION) { - inet_ntop(AF_INET, &(s->top_ip), addr_name, sizeof(addr_name)); + inet_ntop(AF_INET, &(s->top_host), addr_name, sizeof(addr_name)); } else { - inet_ntop(AF_INET6, &(s->top_ip), addr_name, sizeof(addr_name)); + inet_ntop(AF_INET6, &(s->top_host), addr_name, sizeof(addr_name)); } json_object_object_add(jObj_stat,"aggressive.host",json_object_new_string(addr_name)); @@ -1585,10 +1571,10 @@ static void saveTopStats(json_object **jObj_group, /*sort top stats by ip addr count*/ HASH_SORT(stats, top_stats_sort); - /* stats for ip burst diagnose */ - HASH_ITER(hh, stats, s, tmp) { + HASH_ITER(hh, stats, s, tmp) { json_object *jObj_stat = json_object_new_object(); + json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"host.number",json_object_new_int64(s->num_addr)); json_object_object_add(jObj_stat,"host.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); @@ -1942,16 +1928,16 @@ static void printResults(u_int64_t tot_usec) { saveScannerStats(&jObj_stats, scannerHosts); - u_int64_t total_src_addr = getTopStats(&topSrcStats, srcStats); - u_int64_t total_dst_addr = getTopStats(&topDstStats, dstStats); + u_int64_t total_src_addr = getTopStats(srcStats); + u_int64_t total_dst_addr = getTopStats(dstStats); - saveTopStats(&jObj_stats, topSrcStats, DIR_SRC, cumulative_stats.ndpi_flow_count, total_src_addr); - saveTopStats(&jObj_stats, topDstStats, DIR_DST, cumulative_stats.ndpi_flow_count, total_dst_addr); + saveTopStats(&jObj_stats, srcStats, DIR_SRC, + cumulative_stats.ndpi_flow_count, total_src_addr); - json_object_array_add(jArray_topStats, jObj_stats); + saveTopStats(&jObj_stats, dstStats, DIR_DST, + cumulative_stats.ndpi_flow_count, total_dst_addr); - deleteTopStats(topSrcStats), deleteTopStats(topDstStats); - topSrcStats = NULL, topDstStats = NULL; + json_object_array_add(jArray_topStats, jObj_stats); deleteScanners(scannerHosts); scannerHosts = NULL; @@ -1964,7 +1950,6 @@ static void printResults(u_int64_t tot_usec) { srcStats = NULL, dstStats = NULL; } - } -- cgit v1.2.3 From f255b10524764c15f5e0dec4d55a3967c831a7c8 Mon Sep 17 00:00:00 2001 From: berat Date: Tue, 26 Sep 2017 17:20:51 +0200 Subject: memory improvement again for (-b flag) statistics --- example/ndpiReader.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 92765b5c4..e527255fd 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -115,8 +115,8 @@ struct info_pair { typedef struct node_a{ u_int32_t addr; u_int8_t version; /* IP version */ - int count; char proto[16]; /*app level protocol*/ + int count; struct node_a *left, *right; }addr_node; @@ -124,34 +124,19 @@ struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; u_int32_t num_flows; - u_int32_t num_addr; /*to hold number of distinct IP addresses */ - u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses */ - addr_node *addr_tree; /* to hold distinct IP addresses */ + u_int32_t num_addr; /*number of distinct IP addresses */ + u_int32_t cumulative_addr; /*cumulative some of IP addresses */ + addr_node *addr_tree; /* tree of distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; u_int8_t hasTopHost; /* as boolean flag*/ u_int32_t top_host; /*host that is contributed to > 95% of traffic*/ - u_int8_t version; /* top ip's versiob */ - char proto[16]; /*application level protocol of top_ip */ - + u_int8_t version; /* top host's ip version */ + char proto[16]; /*application level protocol of top host */ UT_hash_handle hh; /* makes this structure hashable */ }; struct port_stats *srcStats = NULL, *dstStats = NULL; -// struct to hold port based top statistics -//struct top_stats { -//u_int32_t port; /* we'll use this field as the key */ -//u_int32_t top_ip; /*ip address that is contributed to > 95% of traffic*/ -//u_int8_t version; /* top ip's versiob */ -//char proto[16]; /*application level protocol of top_ip */ -//u_int32_t num_pkts; -//u_int32_t num_addr; /*to hold number of distinct IP addresses */ -//u_int32_t num_flows; -//UT_hash_handle hh; /* makes this structure hashable */ -//}; - -//struct top_stats *topSrcStats = NULL, *topDstStats = NULL; - // struct to hold count of flows received by destination ports struct port_flow_info { @@ -1011,9 +996,8 @@ void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, } } - if(update) { + if(update) top[min_i] = pair; - } } /* *********************************************** */ -- cgit v1.2.3 From cd2a328cc538bcf19ac1d404040088d2e8e5620c Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Tue, 26 Sep 2017 20:25:40 +0200 Subject: Add configure.ac and ndpi_define.h to gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 21a9463be..17c45e2d5 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ .settings stamp-h1 /configure +/configure.ac /config.guess /config.h /config.h.in @@ -45,5 +46,6 @@ stamp-h1 /src/lib/.deps/ /src/lib/protocols/.deps/ /src/lib/third_party/src/.deps/ +/src/include/ndpi_define.h /test-driver /tests/Makefile -- cgit v1.2.3 From 662ef2f65bc9b5864e6ac1b7080e43d3d576463f Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 27 Sep 2017 16:17:28 +0200 Subject: update results after many commits --- tests/result/http_ipv6.pcap.out | 8 ++++---- tests/result/mpeg.pcap.out | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index d257a8224..f280edfbb 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.235/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 75d4d15f4..7b6978c3f 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.235/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.238/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] -- cgit v1.2.3 From 1dd93590e4afd55388b16ffab95c8d62696ea90f Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Fri, 29 Sep 2017 10:02:56 +0300 Subject: Fixed a typo in lisp.c --- src/lib/protocols/lisp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 531f7f68f..01e445398 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -35,7 +35,7 @@ static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, st } } - NDPI_LOG(NDPI_PROTOCOL_lisp, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); } -- cgit v1.2.3 From b2f0558080d767ed0680c16b68aa35449aef91dc Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Fri, 29 Sep 2017 12:46:27 +0300 Subject: A more predictable sorting of the flows list. It is necessary for correct testing. --- example/ndpiReader.c | 20 +- tests/result/1kxun.pcap.out | 74 ++-- tests/result/EAQ.pcap.out | 46 +-- tests/result/Instagram.pcap.out | 4 +- tests/result/KakaoTalk_chat.pcap.out | 14 +- tests/result/Viber_session.pcap.out | 28 +- tests/result/bittorrent.pcap.out | 16 +- tests/result/coap_mqtt.pcap.out | 4 +- tests/result/dnscrypt.pcap.out | 4 +- tests/result/dropbox.pcap.out | 24 +- tests/result/fix.pcap.out | 4 +- tests/result/http_ipv6.pcap.out | 10 +- tests/result/pps.pcap.out | 58 +-- tests/result/skype.pcap.out | 312 +++++++-------- tests/result/skype_no_unknown.pcap.out | 466 +++++++++++------------ tests/result/starcraft_battle.pcap.out | 24 +- tests/result/teredo.pcap.out | 4 +- tests/result/ubntac2.pcap.out | 16 +- tests/result/viber_mobile.pcap.out | 66 ++-- tests/result/waze.pcap.out | 12 +- tests/result/webex.pcap.out | 20 +- tests/result/wechat.pcap.out | 38 +- tests/result/weibo.pcap.out | 32 +- tests/result/whatsapp_login_call.pcap.out | 70 ++-- tests/result/whatsapp_voice_and_message.pcap.out | 6 +- 25 files changed, 692 insertions(+), 680 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e527255fd..a8a767214 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -334,10 +334,22 @@ int cmpProto(const void *_a, const void *_b) { } int cmpFlows(const void *_a, const void *_b) { - struct flow_info *a = (struct flow_info*)_a; - struct flow_info *b = (struct flow_info*)_b; - - return((a->flow->src2dst_bytes + a->flow->dst2src_bytes) < (b->flow->src2dst_bytes + b->flow->dst2src_bytes) ? 1 : -1); + struct ndpi_flow_info *fa = ((struct flow_info*)_a)->flow; + struct ndpi_flow_info *fb = ((struct flow_info*)_b)->flow; + uint64_t a_size = fa->src2dst_bytes + fa->dst2src_bytes; + uint64_t b_size = fb->src2dst_bytes + fb->dst2src_bytes; + if(a_size != b_size) + return a_size < b_size ? 1 : -1; + +// copy from ndpi_workflow_node_cmp(); + + if(fa->ip_version < fb->ip_version ) return(-1); else { if(fa->ip_version > fb->ip_version ) return(1); } + if(fa->protocol < fb->protocol ) return(-1); else { if(fa->protocol > fb->protocol ) return(1); } + if(htonl(fa->src_ip) < htonl(fb->src_ip) ) return(-1); else { if(htonl(fa->src_ip) > htonl(fb->src_ip) ) return(1); } + if(htons(fa->src_port) < htons(fb->src_port)) return(-1); else { if(htons(fa->src_port) > htons(fb->src_port)) return(1); } + if(htonl(fa->dst_ip) < htonl(fb->dst_ip) ) return(-1); else { if(htonl(fa->dst_ip) > htonl(fb->dst_ip) ) return(1); } + if(htons(fa->dst_port) < htons(fb->dst_port)) return(-1); else { if(htons(fa->dst_port) > htons(fb->dst_port)) return(1); } + return(0); } void extcap_config() { diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index c8cf1bf9b..df0794e1e 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -43,8 +43,8 @@ LLMNR 89 6799 47 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] 31 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] 32 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] 33 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] @@ -53,8 +53,8 @@ LLMNR 89 6799 47 36 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] 37 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] 38 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] - 40 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] + 39 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] + 40 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] 41 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] 42 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] 43 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] @@ -70,52 +70,52 @@ LLMNR 89 6799 47 53 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] 55 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] - 56 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 57 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] 58 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 61 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 62 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 63 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 64 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] - 65 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 62 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] + 63 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 64 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 65 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] 66 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 67 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 68 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 69 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 70 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 71 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 67 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 68 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 69 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 70 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 71 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] 72 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] 73 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 74 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 75 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 76 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 74 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 75 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 76 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] 77 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 78 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 79 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 80 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 81 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 80 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 81 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] 82 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] 83 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] 84 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] 85 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 86 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 86 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] 87 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 88 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 89 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 90 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 91 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 92 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 93 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 94 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 95 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 88 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 89 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 90 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 91 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 92 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 93 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 94 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 95 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] 96 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] 97 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 98 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 99 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 101 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 98 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 99 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 101 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] @@ -136,14 +136,14 @@ Undetected flows: 1 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][5 pkts/1795 bytes -> 0 pkts/0 bytes] 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][1 pkts/359 bytes -> 0 pkts/0 bytes] 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] - 11 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index a760bac96..c576e0c92 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -4,31 +4,31 @@ EAQ 174 10092 29 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br] 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com] 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 4 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 5 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 6 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 7 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] - 8 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 4 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 5 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 6 UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 7 UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] + 8 UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] 9 UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] 10 UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes] 11 UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] 12 UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] 13 UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 14 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 15 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 16 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 17 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 18 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 19 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 20 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] - 21 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 22 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 23 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 24 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 25 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 26 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 27 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 28 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 29 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 30 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] - 31 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 14 UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 15 UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 16 UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 17 UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 18 UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 19 UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 20 UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes] + 21 UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 22 UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 23 UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 24 UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 25 UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 26 UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 27 UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 28 UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 29 UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 30 UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] + 31 UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index aa3acf950..9c7cc6395 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -31,8 +31,8 @@ Instagram 363 255094 16 23 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com] 24 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net] 25 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 26 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 27 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 26 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 27 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] 28 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes] 29 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes -> 0 pkts/0 bytes] 30 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index f8a2718d6..cc41c77f0 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -30,16 +30,16 @@ KakaoTalk 55 9990 15 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com] 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com] 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com] - 23 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] - 24 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] - 25 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] - 26 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] - 27 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com] + 23 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com] + 24 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com] + 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com] + 26 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com] + 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com] 28 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] 29 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com] - 31 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] - 32 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] + 31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com] + 32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com] 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes -> 0 pkts/0 bytes] 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com] 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 86869615f..82672f165 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -25,30 +25,30 @@ Amazon 1 66 1 12 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][3 pkts/250 bytes <-> 3 pkts/349 bytes] 13 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][4 pkts/254 bytes <-> 3 pkts/182 bytes] 14 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][2 pkts/195 bytes <-> 3 pkts/229 bytes] - 15 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] - 16 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 17 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 15 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 16 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] + 17 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 19 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 20 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 20 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 21 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] 23 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] 24 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes -> 0 pkts/0 bytes] 25 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes -> 0 pkts/0 bytes] - 26 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 27 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 28 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 29 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 30 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 31 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 26 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 27 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 28 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 29 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 30 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 31 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 6 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] 7 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 03ed2de75..fab240874 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -10,17 +10,17 @@ BitTorrent 299 305728 24 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][3 pkts/442 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][3 pkts/440 bytes <-> 2 pkts/772 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 11 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 12 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 11 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 12 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][3 pkts/430 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][3 pkts/409 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 19 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 20 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 21 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 22 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 23 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 24 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 19 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 21 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 22 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 24 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 25054b996..bd6df2acb 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -15,6 +15,6 @@ MQTT 7695 668291 4 11 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][2 pkts/158 bytes <-> 2 pkts/151 bytes] 12 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/90 bytes -> 0 pkts/0 bytes] 13 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 14 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] - 15 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 14 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] + 15 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] 16 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][1 pkts/86 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index 1ea162680..66574396e 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -2,5 +2,5 @@ DNScrypt 111 44676 4 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][client: simplednscrypt.org] 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][client: simplednscrypt.org] - 3 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] - 4 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] + 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 502131736..2fccdca11 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -13,15 +13,15 @@ Dropbox 1104 246122 16 9 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com] 10 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com] 11 UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes -> 0 pkts/0 bytes] 21 UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes -> 0 pkts/0 bytes] 23 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes -> 0 pkts/0 bytes] @@ -30,10 +30,10 @@ Dropbox 1104 246122 16 26 UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 27 UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 28 UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 33 UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 34 UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] 35 UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out index 6e83a3adf..9cf9b983c 100644 --- a/tests/result/fix.pcap.out +++ b/tests/result/fix.pcap.out @@ -8,7 +8,7 @@ FIX 1261 115514 12 6 TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][9 pkts/961 bytes <-> 9 pkts/700 bytes] 7 TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][5 pkts/577 bytes <-> 5 pkts/484 bytes] 8 TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][6 pkts/513 bytes <-> 4 pkts/522 bytes] - 9 TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] - 10 TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] + 9 TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] + 10 TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] 11 TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][6 pkts/441 bytes <-> 4 pkts/477 bytes] 12 TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][4 pkts/342 bytes <-> 2 pkts/303 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index f280edfbb..e09cf3fe3 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -14,8 +14,8 @@ ntop 80 36401 4 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][2 pkts/359 bytes <-> 1 pkts/143 bytes] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] + 15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 44b62be8f..8c9ebdb00 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -18,8 +18,8 @@ iQIYI 1499 1849369 60 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 15 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1539 bytes -> 0 pkts/0 bytes] @@ -31,8 +31,8 @@ iQIYI 1499 1849369 60 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 27 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 28 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] @@ -60,10 +60,10 @@ iQIYI 1499 1849369 60 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 56 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 57 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 58 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 59 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] @@ -90,28 +90,28 @@ Undetected flows: 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] 13 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index c85ea03fb..34b1c5a3e 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -53,10 +53,10 @@ MS_OneDrive 387 198090 1 38 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] 39 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] 40 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 41 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 42 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 43 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] - 44 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 41 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 42 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 43 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 44 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] 45 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] 46 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] 47 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] @@ -78,8 +78,8 @@ MS_OneDrive 387 198090 1 63 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] 64 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] 65 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 66 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] - 67 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 66 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 67 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] 68 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] 69 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] 70 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] @@ -108,19 +108,19 @@ MS_OneDrive 387 198090 1 93 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] 94 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] 95 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 96 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 97 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 98 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 99 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 100 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 101 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 102 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 103 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 104 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 105 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 106 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 107 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 108 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 96 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 97 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 98 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 99 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 100 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 101 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 102 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 103 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 104 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 105 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 106 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 107 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 108 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 109 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] @@ -140,160 +140,160 @@ MS_OneDrive 387 198090 1 125 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] 126 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] 127 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 133 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 134 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 135 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 275 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 276 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 5f33c2214..96455dfc2 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 186 61791 12 +Unknown 163 59526 10 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1291 190136 223 +Skype 1314 192401 225 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -21,251 +21,253 @@ MS_OneDrive 348 181687 1 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes] 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] - 12 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] - 13 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] - 14 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] - 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] - 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] - 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] - 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] - 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] - 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] - 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] - 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] - 24 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] + 11 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/1407 bytes <-> 9 pkts/652 bytes] + 12 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] + 13 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] + 14 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 15 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 16 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] + 17 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] + 18 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] + 19 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] + 20 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 21 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] + 22 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] + 23 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 24 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] 25 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] 26 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] - 27 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 27 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] 28 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] - 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] - 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] - 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] - 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] - 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] - 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] - 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] - 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 43 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 29 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 30 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 31 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 32 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] + 33 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] + 34 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 35 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 36 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] + 37 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] + 38 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 39 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] + 40 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] + 41 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 42 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] + 43 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] 44 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] - 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] - 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] - 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] - 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] - 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] - 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] - 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 60 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 45 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 46 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] + 47 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] + 48 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 49 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 50 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 51 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] + 52 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 53 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 54 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 55 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 56 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] + 57 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] + 58 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] + 59 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 60 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] - 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] - 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] - 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 67 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 68 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 69 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 70 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 62 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 63 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 64 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 65 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] + 66 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 67 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 68 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 69 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 70 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] 71 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] 72 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] 73 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 74 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 75 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 78 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 74 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 75 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 76 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 77 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 78 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] 79 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] 80 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 81 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 82 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] - 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] - 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 85 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 86 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] - 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] - 88 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] - 89 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] - 90 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] - 91 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 82 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 83 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 84 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 85 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 86 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 87 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] + 88 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] + 89 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 90 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] + 91 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] 92 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] - 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] - 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 102 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 103 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 105 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 108 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 93 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 94 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 95 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 96 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] + 97 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 99 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 100 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 101 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] + 102 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 103 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 125/Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 104 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 105 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 106 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 107 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 110 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] 112 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] 113 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] 114 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] 126 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] 176 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] 190 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] 195 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] 246 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 249 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 257 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -274,10 +276,8 @@ Undetected flows: 3 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] 4 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][12 pkts/5655 bytes <-> 8 pkts/553 bytes] 5 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][19 pkts/2794 bytes <-> 14 pkts/2303 bytes] - 6 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] - 7 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] - 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] - 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] + 7 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 10 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 0334c7f4b..c7b23088f 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -14,8 +14,8 @@ Starcraft 236 51494 6 2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][126 pkts/9157 bytes <-> 89 pkts/41021 bytes] 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net] 4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 5 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] - 6 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 5 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] + 6 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] 7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net] 8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes -> 0 pkts/0 bytes] 9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net] @@ -40,25 +40,25 @@ Starcraft 236 51494 6 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net] - 31 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 32 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 34 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 35 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] 36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 37 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] - 38 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] + 38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes] 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes] 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes] 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa] 42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 43 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] - 44 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] + 44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes] 45 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][2 pkts/120 bytes -> 0 pkts/0 bytes] 46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] 47 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes] - 48 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] - 49 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] + 49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes] 50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes] 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index 0429c725a..55dc2932c 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -2,6 +2,6 @@ Teredo 24 2574 5 1 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][10 pkts/930 bytes <-> 4 pkts/374 bytes] 2 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/206 bytes <-> 2 pkts/302 bytes] - 3 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] - 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 3 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] + 4 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out index c4103cdf1..e230fcde1 100644 --- a/tests/result/ubntac2.pcap.out +++ b/tests/result/ubntac2.pcap.out @@ -1,10 +1,10 @@ UBNTAC2 8 1736 8 - 1 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 2 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 3 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 4 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 5 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 6 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 7 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] - 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 1 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 2 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 3 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 4 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 6 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 7 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 310df21a1..c69eda2bb 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -29,40 +29,40 @@ Amazon 8 528 1 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][5 pkts/520 bytes <-> 4 pkts/563 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] 15 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][4 pkts/328 bytes <-> 7 pkts/745 bytes] 16 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][2 pkts/498 bytes <-> 2 pkts/498 bytes] - 17 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] - 18 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] - 19 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] - 20 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 17 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][4 pkts/303 bytes <-> 3 pkts/229 bytes] + 18 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] + 20 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][4 pkts/319 bytes <-> 3 pkts/210 bytes] 21 TCP 192.168.200.222:38778 -> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 23 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 24 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 25 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 26 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 27 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 28 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 29 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 30 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 31 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] - 32 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 22 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 23 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 24 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 25 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 26 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 27 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 28 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 29 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 30 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 31 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] + 32 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 33 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/357 bytes] - 34 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] - 35 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] + 34 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] + 35 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] 36 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/334 bytes] 37 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] 38 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/325 bytes] 39 UDP 192.168.200.222:39413 -> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes -> 0 pkts/0 bytes] 40 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 41 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] - 42 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 41 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] + 42 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 43 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/84 bytes <-> 1 pkts/282 bytes][Host: settings.crashlytics.com] 44 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/272 bytes][Host: e.crashlytics.com] 45 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/144 bytes <-> 2 pkts/192 bytes][Host: sis.jpush.io] - 46 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 47 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 48 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 49 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 50 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 46 TCP 192.168.200.222:33161 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 47 TCP 192.168.200.222:43646 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 48 TCP 192.168.200.222:50854 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.200.222:52977 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] + 50 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] 51 UDP 192.168.200.222:39413 -> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes -> 0 pkts/0 bytes] 52 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][1 pkts/75 bytes <-> 1 pkts/203 bytes][Host: e9.whatsapp.net] 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/87 bytes <-> 1 pkts/176 bytes][Host: googleads.g.doubleclick.net] @@ -77,21 +77,21 @@ Amazon 8 528 1 62 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] 63 TCP 192.168.200.222:51765 -> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes -> 0 pkts/0 bytes] 64 ICMP 192.168.200.222:0 -> 8.8.8.8:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes -> 0 pkts/0 bytes] - 65 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 65 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 66 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] 67 UDP 192.168.200.222:39413 -> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 68 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 69 UDP 192.168.200.222:39413 -> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.200.222:39413 -> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.200.222:39413 -> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.200.222:39413 -> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.200.222:39413 -> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes -> 0 pkts/0 bytes] 71 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes] 72 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] Undetected flows: - 1 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.200.222:48564 -> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.200.222:48564 -> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.200.222:48564 -> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.200.222:48564 -> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.200.222:48564 -> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes -> 0 pkts/0 bytes] 6 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/341 bytes <-> 3 pkts/208 bytes] 7 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][4 pkts/276 bytes <-> 2 pkts/170 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index d91976abc..87aa4fcfd 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -32,12 +32,12 @@ WhatsApp 15 1341 1 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 26 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 28 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 29 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 31 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes] 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 271af3669..2d7009358 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -21,8 +21,8 @@ Amazon 3 174 1 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] @@ -47,13 +47,13 @@ Amazon 3 174 1 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] - 42 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 43 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 44 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 45 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 47 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] - 48 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] + 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes] 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes] @@ -61,5 +61,5 @@ Amazon 3 174 1 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes] 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes] 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes] - 56 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] - 57 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes] + 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index c10ff1a0e..8735cc83b 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -61,17 +61,17 @@ WeChat 1251 606425 49 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes] 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] - 48 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 49 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] - 51 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] + 51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] - 57 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] - 58 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] + 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] + 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][5 pkts/290 bytes <-> 4 pkts/234 bytes] 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 4 pkts/319 bytes] 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] @@ -84,8 +84,8 @@ WeChat 1251 606425 49 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] - 71 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 72 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] + 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] + 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] 75 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] @@ -93,23 +93,23 @@ WeChat 1251 606425 49 77 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] 78 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] 79 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan] - 80 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] - 81 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 80 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] + 81 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 82 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org] 83 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] 84 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 85 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] - 86 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] - 87 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] - 88 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 89 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] - 90 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] - 91 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] - 92 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 86 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq] + 87 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] + 88 TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes] + 89 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 91 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes] + 92 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes -> 0 pkts/0 bytes] 93 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 94 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 95 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] - 96 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 94 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 95 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] + 96 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes -> 0 pkts/0 bytes] 97 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 98 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 99 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 60054b31f..0529cb96a 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -27,26 +27,26 @@ Sina(Weibo) 418 258007 15 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com] 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com] 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes] - 22 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] - 23 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes] + 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes] 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com] 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com] 27 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 28 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 29 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 30 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 30 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] 31 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] - 32 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes] + 32 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com] - 34 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 35 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] - 37 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 38 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 40 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 41 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] - 42 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] - 43 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes] + 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 37 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 38 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 39 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com] 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 87f02b3e9..b30cffa74 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -27,45 +27,45 @@ AppleStore 85 28087 2 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes -> 0 pkts/0 bytes] 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes -> 0 pkts/0 bytes] 15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 17 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 24 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 16 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 28 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 29 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] - 31 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] - 32 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] + 31 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes] + 32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] 33 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net] - 34 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] - 36 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes -> 0 pkts/0 bytes] + 35 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 36 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] 37 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] 38 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] 39 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 40 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 41 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 40 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes] + 41 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes] 42 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes] - 43 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 44 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 45 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 46 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 47 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 48 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 49 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 50 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 51 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 52 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 53 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 43 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 44 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 45 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 46 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 47 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 48 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 49 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 50 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 51 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 52 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 53 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 54 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 55 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 56 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 57 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 55 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 56 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] + 57 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index fa0559df7..af39fdd6f 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -7,10 +7,10 @@ WhatsApp 217 22139 5 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/840 bytes <-> 4 pkts/344 bytes] - 7 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 9 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 10 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] -- cgit v1.2.3 From f80f0eedc0d17740e95558252be2f46a13ab0461 Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Sun, 1 Oct 2017 22:43:20 +0300 Subject: Fix error: Use of uninitialized structures in tcp_udp.c Now the test results do not depend on the compiler optimization level and architecture. --- src/lib/protocols/tcp_udp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 605ba54c3..f7e8c9ac1 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -42,6 +42,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc if(flow) return(flow->guessed_host_protocol_id); else { + host.s_addr = htonl(saddr); if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) return (rc); -- cgit v1.2.3 From 47f922fa7b12eb9a5f568ee28352cb217ac49554 Mon Sep 17 00:00:00 2001 From: dangbert Date: Mon, 2 Oct 2017 15:35:22 -0400 Subject: Fixed issue #459 by adding missing symbols. --- libndpi.sym | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libndpi.sym b/libndpi.sym index 61058e84e..9ef3c3456 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -3,6 +3,7 @@ ndpi_strnstr ndpi_detection_giveup ndpi_get_proto_name ndpi_free +ndpi_flow_free ndpi_guess_undetected_protocol ndpi_tfind ndpi_tsearch @@ -47,7 +48,9 @@ ndpi_finalize_automa ndpi_match_string ndpi_match_string_id set_ndpi_malloc +set_ndpi_flow_malloc set_ndpi_free +set_ndpi_flow_free set_ndpi_debug_function ndpi_category_str ndpi_get_proto_category -- cgit v1.2.3 From 25a4569e672ad47946be1bb8b836576b5ba47693 Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 3 Oct 2017 16:43:23 +0300 Subject: Fix undefined behavior (detected by gcc): ndpi_define.h.in:218: Macros NDPI_SET(), NDPI_CLR(), NDPI_ISSET() runtime error: left shift of 1 by 31 places cannot be represented in type 'int' http.c:364: strncpy((char*)flow->protos.http.nat_ip,(char*)packet->forwarded_line.ptr,len); runtime error: null pointer passed as argument 2, which is declared to never be null ndpi_patricia.c:ndpi_comp_with_mask(): int m = ((-1) << (8 - (mask % 8))); runtime error: left shift of negative value -1 Original function ndpi_comp_with_mask() is unreadable and slow. We have only 2 type of address: 32 bit and 128 bit. The optimized version works 6 times faster (IPv4). --- src/include/ndpi_define.h.in | 6 +++--- src/lib/protocols/http.c | 8 +++++--- src/lib/third_party/src/ndpi_patricia.c | 16 ++++++++-------- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 5a8a1527b..33c3c622e 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -215,9 +215,9 @@ #define howmanybits(x, y) (((x)+((y)-1))/(y)) -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1ul << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1ul << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1ul << (((u_int32_t)n) % NDPI_BITS))) #define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 4ff65096b..6cc1033ba 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -360,9 +360,11 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ strncpy((char*)flow->host_server_name, (char*)packet->host_line.ptr, len); flow->host_server_name[len] = '\0', flow->server_id = flow->dst; - len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); - strncpy((char*)flow->protos.http.nat_ip, (char*)packet->forwarded_line.ptr, len); - flow->protos.http.nat_ip[len] = '\0'; + if(packet->forwarded_line.ptr) { + len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); + strncpy((char*)flow->protos.http.nat_ip, (char*)packet->forwarded_line.ptr, len); + flow->protos.http.nat_ip[len] = '\0'; + } if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index b37fffa97..fe63b21b1 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -74,14 +74,14 @@ ndpi_prefix_tochar (prefix_t * prefix) } int ndpi_comp_with_mask (void *addr, void *dest, u_int mask) { - if( /* mask/8 == 0 || */ memcmp (addr, dest, mask / 8) == 0) { - int n = mask / 8; - int m = ((-1) << (8 - (mask % 8))); - - if(mask % 8 == 0 || (((u_char *)addr)[n] & m) == (((u_char *)dest)[n] & m)) - return (1); - } - return (0); + uint32_t *pa = addr; + uint32_t *pd = dest; + uint32_t m; + for(;mask >= 32; mask -= 32, pa++,pd++) + if(*pa != *pd) return 0; + if(!mask) return 1; + m = htonl((~0u) << (32-mask)); + return (*pa & m) == (*pd &m); } /* this allows incomplete prefix */ -- cgit v1.2.3 From b10e5263648f16ac81c380392d2ca03546622fc8 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 5 Oct 2017 16:21:32 +0200 Subject: Leak fix --- example/ndpiReader.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a8a767214..7343ce2a3 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -924,17 +924,18 @@ int updateIpTree(u_int32_t key, u_int8_t version, addr_node **vrootp, const char *proto) { addr_node *q; addr_node **rootp = vrootp; - int r; if(rootp == (addr_node **)0) return 0; - while (*rootp != (addr_node *)0) { /* Knuth's T1: */ - if((version == (*rootp)->version) && (key == (*rootp)->addr)) { /* T2: */ + while (*rootp != (addr_node *)0) { + /* Knuth's T1: */ + if((version == (*rootp)->version) && (key == (*rootp)->addr)) { + /* T2: */ return ++((*rootp)->count); } - rootp = (r < 0) ? + rootp = (key < (*rootp)->addr) ? &(*rootp)->left : /* T3: follow left branch */ &(*rootp)->right; /* T4: follow right branch */ } @@ -1019,7 +1020,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, u_int32_t num_pkts, u_int32_t num_bytes, const char *proto) { - struct port_stats *s; + struct port_stats *s = NULL; int count = 0; HASH_FIND_INT(*stats, &port, s); @@ -1034,8 +1035,11 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, updateTopIpAddress(addr, version, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); - if(!s->addr_tree) return; - + if(!s->addr_tree) { + free(s); + return; + } + s->addr_tree->addr = addr; s->addr_tree->version = version; strncpy(s->addr_tree->proto, proto, sizeof(s->addr_tree->proto)); @@ -1903,8 +1907,7 @@ static void printResults(u_int64_t tot_usec) { fclose(json_fp); #endif } - - + if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); @@ -1912,9 +1915,8 @@ static void printResults(u_int64_t tot_usec) { printf("\nDestination Ports Stats:\n"); printPortStats(dstStats); } - - - if(stats_flag) { + + if(00 && stats_flag) { #ifdef HAVE_JSON_C json_object *jObj_stats = json_object_new_object(); char timestamp[64]; @@ -1937,18 +1939,20 @@ static void printResults(u_int64_t tot_usec) { deleteScanners(scannerHosts); scannerHosts = NULL; - #endif } - if(verbose == 3 || stats_flag) { - deletePortsStats(srcStats), deletePortsStats(dstStats); - srcStats = NULL, dstStats = NULL; + if(srcStats) { + deletePortsStats(srcStats); + srcStats = NULL; + } + + if(dstStats) { + deletePortsStats(dstStats); + dstStats = NULL; } - } - /** * @brief Force a pcap_dispatch() or pcap_loop() call to return */ @@ -2177,7 +2181,6 @@ static void pcap_process_packet(u_char *args, printResults(tot_usec); - for(i=0; iprefs.num_roots; i++) { ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i] = NULL; -- cgit v1.2.3 From 27d66f68459804d4b44a4259dd0813dc995d5ca1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 6 Oct 2017 09:51:42 +0200 Subject: Typo --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 7343ce2a3..fbfc8132d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1916,7 +1916,7 @@ static void printResults(u_int64_t tot_usec) { printPortStats(dstStats); } - if(00 && stats_flag) { + if(stats_flag) { #ifdef HAVE_JSON_C json_object *jObj_stats = json_object_new_object(); char timestamp[64]; -- cgit v1.2.3 From 9b91623d574e199bd157d1db5d5f14ac4ff7e070 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 6 Oct 2017 15:20:36 +0200 Subject: Added ndpi_is_subprotocol_informative() API call --- libndpi.sym | 1 + src/include/ndpi_api.h | 16 ++++++++++++++-- src/lib/ndpi_main.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) diff --git a/libndpi.sym b/libndpi.sym index 9ef3c3456..c821189e8 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -58,3 +58,4 @@ ndpi_netbios_name_interpret ndpi_category_set_name ndpi_category_get_name ndpi_is_custom_category +ndpi_is_subprotocol_informative \ No newline at end of file diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ce8489829..4193a2c57 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -439,10 +439,22 @@ extern "C" { void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, u_int16_t protoId, ndpi_protocol_category_t protoCategory); + /** + * Check if subprotocols of the specified master protocol are just + * informative (and not real) + * + * @par mod = the detection module + * @par protoId = the (master) protocol identifier to query + * @return 1 = the subprotocol is informative, 0 otherwise. + * + */ + u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId); + /** * Get protocol category as string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @return the string name of the category * @@ -453,7 +465,7 @@ extern "C" { /** * Set protocol category string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @paw name = the string name of the category * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0551d56f3..d7583f520 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -452,6 +452,34 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, /* ********************************************************************************** */ +/* + There are some (master) protocols that are informative, meaning that it shows + what is the subprotocol about, but also that the subprotocol isn't a real protocol. + + Example: + - DNS is informative as if we see a DNS request for www.facebook.com, the + returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but + rather it indicates a query for Facebook and not Facebook traffic. + - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is + SSL (HTTPS) traffic containg Facebook traffic. + */ +u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return(0); + + switch(protoId) { + case NDPI_PROTOCOL_DNS: + return(1); + break; + + default: + return(0); + } +} + +/* ********************************************************************************** */ + void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], -- cgit v1.2.3 From 8bcafff56991714bad24cb4d788e26888c25df70 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 6 Oct 2017 19:08:08 +0200 Subject: Fixes for iQIYI and 1kxun protocols --- src/include/ndpi_typedefs.h | 4 ++++ src/lib/protocols/http.c | 27 +++++++++++++++------------ 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d15114b40..8806219ef 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1105,6 +1105,10 @@ struct ndpi_flow_struct { u_int32_t csgo_id2; #endif +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) + u_int16_t kxun_counter, iqiyi_counter; +#endif + /* internal structures to save functions calls */ struct ndpi_packet_struct packet; struct ndpi_flow_struct *flow; diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 6cc1033ba..c57c73aac 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -26,8 +26,6 @@ /* global variables used for 1kxun protocol and iqiyi service */ -static u_int16_t kxun_counter; -static u_int16_t iqiyi_counter; static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -198,23 +196,23 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ u_int8_t a; -#ifdef NDPI_PROTOCOL_PPSTREAM +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* PPStream */ - if(flow->l4.tcp.ppstream_stage > 0 && iqiyi_counter == 0) { + if(flow->l4.tcp.ppstream_stage > 0 && flow->iqiyi_counter == 0) { NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "PPStream found.\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_HTTP); } - else if(iqiyi_counter > 0) { + else if(flow->iqiyi_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_HTTP); } #endif -#ifdef NDPI_PROTOCOL_1KXUN +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* 1KXUN */ - if(kxun_counter > 0) { + if(flow->kxun_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_HTTP); @@ -661,17 +659,19 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct x++; } +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* check PPStream protocol or iQiyi service (iqiyi is delivered by ppstream) */ // substring in url if(ndpi_strnstr((const char*) &packet->payload[filename_start], "iqiyi.com", (packet->payload_packet_len - filename_start)) != NULL) { - if(kxun_counter == 0) { + if(flow->kxun_counter == 0) { flow->l4.tcp.ppstream_stage++; - iqiyi_counter++; + flow->iqiyi_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); /* ***** CHECK ****** */ return; } } + // additional field in http payload x = 1; while((packet->line[x].len >= 4) && (packet->line[x+1].len >= 5) && (packet->line[x+2].len >= 10)) { @@ -680,25 +680,28 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct && packet->line[x+2].ptr && ((memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) ) { flow->l4.tcp.ppstream_stage++; - iqiyi_counter++; + flow->iqiyi_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); return; } x++; } +#endif +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* Check for 1kxun packet */ int a; for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len >= 14 && (memcmp(packet->line[a].ptr, "Client-Source:", 14)) == 0) { if((memcmp(packet->line[a].ptr+15, "1kxun", 5)) == 0) { - kxun_counter++; + flow->kxun_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); return; } } } - +#endif + if((packet->http_url_name.len > 7) && (!strncmp((const char*) packet->http_url_name.ptr, "http://", 7))) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_PROXY Found.\n"); -- cgit v1.2.3 From ed830d24747dba810712156d9e05be0b3a811235 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 6 Oct 2017 20:04:26 +0200 Subject: update README for json install lib --- README.nDPI | 1 + 1 file changed, 1 insertion(+) diff --git a/README.nDPI b/README.nDPI index 0fe5eb1d0..773f807ad 100644 --- a/README.nDPI +++ b/README.nDPI @@ -4,6 +4,7 @@ Prerequisites for Compilation Prerequisites - GNU autotools/libtool - libpcap or PF_RING (optional but recommended) +- apt-get install libjson-c-dev (for JSON support) On Ubuntu/Debian - apt-get install build-essential -- cgit v1.2.3 From 2476c3c1b63b87ae85254f717315b9f8a52b4f7e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 8 Oct 2017 18:55:40 +0200 Subject: Fixed bug in someip dissector (access out of boundary) Fixed memory leak in ndpiReader --- example/ndpiReader.c | 115 ++++++++++++++++++++------------------------- src/lib/protocols/someip.c | 18 +++---- 2 files changed, 61 insertions(+), 72 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index fbfc8132d..29f3f71b6 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -878,7 +878,8 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, u_int8_t version, u_int32_t dport) { struct single_flow_info *f; - + struct port_flow_info *p; + HASH_FIND_INT(*scanners, (int *)&saddr, f); if(f == NULL) { @@ -889,16 +890,17 @@ void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, f->tot_flows = 1; f->ports = NULL; - HASH_ADD_INT(*scanners, saddr, f); - - struct port_flow_info *p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); - if(!p) return; - p->port = dport; - p->num_flows = 1; + p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); + + if(!p) { + free(f); + return; + } else + p->port = dport, p->num_flows = 1; HASH_ADD_INT(f->ports, port, p); - } - else{ + HASH_ADD_INT(*scanners, saddr, f); + } else{ struct port_flow_info *pp; f->tot_flows++; @@ -907,17 +909,14 @@ void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, if(pp == NULL) { pp = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); if(!pp) return; - pp->port = dport; - pp->num_flows = 1; + pp->port = dport, pp->num_flows = 1; HASH_ADD_INT(f->ports, port, pp); - } - - else pp->num_flows++; + } else + pp->num_flows++; } } - /* *********************************************** */ int updateIpTree(u_int32_t key, u_int8_t version, @@ -1025,13 +1024,12 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, HASH_FIND_INT(*stats, &port, s); if(s == NULL) { - s = (struct port_stats*)malloc(sizeof(struct port_stats)); + s = (struct port_stats*)calloc(1, sizeof(struct port_stats)); if(!s) return; s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes; s->num_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; - memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); updateTopIpAddress(addr, version, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); @@ -1065,7 +1063,6 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ -#ifdef HAVE_JSON_C static void deleteScanners(struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; @@ -1079,7 +1076,6 @@ static void deleteScanners(struct single_flow_info *scanners) { free(s); } } -#endif /* *********************************************** */ @@ -1443,7 +1439,7 @@ static int getTopStats(struct port_stats *stats) { u_int64_t total_ip_addrs = 0; HASH_ITER(hh, stats, sp, tmp) { - qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); + qsort(sp->top_ip_addrs, MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); inf = sp->top_ip_addrs[0]; if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT) { @@ -1451,20 +1447,18 @@ static int getTopStats(struct port_stats *stats) { sp->top_host = inf.addr; sp->version = inf.version; strncpy(sp->proto, inf.proto, sizeof(sp->proto)); - } - else + } else sp->hasTopHost = 0; total_ip_addrs += sp->num_addr; } return total_ip_addrs; - } /* *********************************************** */ -static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners) { +static void saveScannerStats(json_object **jObj_group, struct single_flow_info **scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; char addr_name[48]; @@ -1472,18 +1466,17 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * json_object *jArray_stats = json_object_new_array(); - HASH_SORT(scanners, scanners_sort); + HASH_SORT(*scanners, scanners_sort); // FIX - HASH_ITER(hh, scanners, s, tmp) { + HASH_ITER(hh, *scanners, s, tmp) { json_object *jObj_stat = json_object_new_object(); json_object *jArray_ports = json_object_new_array(); - if(s->version == IPVERSION) { + if(s->version == IPVERSION) inet_ntop(AF_INET, &(s->saddr), addr_name, sizeof(addr_name)); - } else { + else inet_ntop(AF_INET6, &(s->saddr), addr_name, sizeof(addr_name)); - } - + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(addr_name)); json_object_object_add(jObj_stat,"total.flows.number",json_object_new_int(s->tot_flows)); @@ -1511,6 +1504,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * json_object_object_add(*jObj_group, "top.scanner.stats", jArray_stats); } + #endif /* *********************************************** */ @@ -1520,12 +1514,10 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * * @brief Save Top Stats in json format */ static void saveTopStats(json_object **jObj_group, - struct port_stats *stats, + struct port_stats **stats, u_int8_t direction, u_int64_t total_flow_count, u_int64_t total_ip_addr) { - - struct port_stats *s, *tmp; char addr_name[48]; int i = 0; @@ -1533,7 +1525,7 @@ static void saveTopStats(json_object **jObj_group, json_object *jArray_stats = json_object_new_array(); - HASH_ITER(hh, stats, s, tmp) { + HASH_ITER(hh, *stats, s, tmp) { if((s->hasTopHost)) { json_object *jObj_stat = json_object_new_object(); @@ -1569,10 +1561,10 @@ static void saveTopStats(json_object **jObj_group, i=0; /*sort top stats by ip addr count*/ - HASH_SORT(stats, top_stats_sort); + HASH_SORT(*stats, top_stats_sort); - HASH_ITER(hh, stats, s, tmp) { + HASH_ITER(hh, *stats, s, tmp) { json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); @@ -1654,11 +1646,6 @@ static void printResults(u_int64_t tot_usec) { if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); } - if(verbose == 3 || stats_flag) { - HASH_SORT(srcStats, port_stats_sort); - HASH_SORT(dstStats, port_stats_sort); - } - /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1685,8 +1672,9 @@ static void printResults(u_int64_t tot_usec) { cumulative_stats.max_packet_len += ndpi_thread_info[thread_id].workflow->stats.max_packet_len; } - if(cumulative_stats.total_wire_bytes == 0) return; - + if(cumulative_stats.total_wire_bytes == 0) + goto free_stats; + if(!quiet_mode) { printf("\nnDPI Memory statistics:\n"); printf("\tnDPI Memory (once): %-13s\n", formatBytes(sizeof(struct ndpi_detection_module_struct), buf, sizeof(buf))); @@ -1909,6 +1897,9 @@ static void printResults(u_int64_t tot_usec) { } if(verbose == 3) { + HASH_SORT(srcStats, port_stats_sort); + HASH_SORT(dstStats, port_stats_sort); + printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); @@ -1924,24 +1915,27 @@ static void printResults(u_int64_t tot_usec) { strftime(timestamp, sizeof(timestamp), "%FT%TZ", localtime(&pcap_start.tv_sec)); json_object_object_add(jObj_stats, "time", json_object_new_string(timestamp)); - saveScannerStats(&jObj_stats, scannerHosts); - + saveScannerStats(&jObj_stats, &scannerHosts); + u_int64_t total_src_addr = getTopStats(srcStats); u_int64_t total_dst_addr = getTopStats(dstStats); - - saveTopStats(&jObj_stats, srcStats, DIR_SRC, + + saveTopStats(&jObj_stats, &srcStats, DIR_SRC, cumulative_stats.ndpi_flow_count, total_src_addr); - saveTopStats(&jObj_stats, dstStats, DIR_DST, + saveTopStats(&jObj_stats, &dstStats, DIR_DST, cumulative_stats.ndpi_flow_count, total_dst_addr); - + json_object_array_add(jArray_topStats, jObj_stats); +#endif + } + free_stats: + if(scannerHosts) { deleteScanners(scannerHosts); scannerHosts = NULL; -#endif } - + if(srcStats) { deletePortsStats(srcStats); srcStats = NULL; @@ -2745,8 +2739,11 @@ static void produceBpfFilter(char *filePath) { int typeCheck; int array_len; int i; - - + FILE *fp = NULL; + char *fileName; + char _filterFilePath[1024]; + json_object *jObj_bpfFilter; + if((fsock = open(filePath, O_RDONLY)) == -1) { fprintf(stderr,"error opening file %s\n", filePath); exit(-1); @@ -2791,7 +2788,6 @@ static void produceBpfFilter(char *filePath) { bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); bpf_filter_host_array_init(filterDstHosts, HOST_ARRAY_SIZE); - for(i=0; ipacket; + + if (packet->payload_packet_len < 16) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, + "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - const struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - + //we extract the Message ID and Request ID and check for special cases later u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); - if (packet->payload_packet_len < 16) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### -- cgit v1.2.3 From 98d1c762cdcf0f0426de513039d844589d878609 Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 9 Oct 2017 22:21:40 +0200 Subject: extended (-b flag) statistics with top receiver stats --- example/ndpiReader.c | 440 +++++++++++++++++++++++++++++++++++++++++---------- example/ndpi_util.h | 4 + 2 files changed, 361 insertions(+), 83 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 29f3f71b6..422e1a9dd 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -145,7 +145,7 @@ struct port_flow_info { UT_hash_handle hh; }; -// struct to hold single packet tcp flows send by source ip address +// struct to hold single packet tcp flows sent by source ip address struct single_flow_info { u_int32_t saddr; /* key */ u_int8_t version; /* IP version */ @@ -156,6 +156,17 @@ struct single_flow_info { struct single_flow_info *scannerHosts = NULL; +// struct to hold top receiver hosts +struct receiver { + u_int32_t addr; /* key */ + u_int8_t version; /* IP version */ + u_int32_t num_pkts; + UT_hash_handle hh; +}; + +struct receiver *receivers = NULL, *topReceivers = NULL; + + struct ndpi_packet_trailer { u_int32_t magic; /* 0x19682017 */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; @@ -1061,6 +1072,188 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, } } +/* *********************************************** */ + +/* @brief heuristic choice for receiver stats */ +static int acceptable(u_int32_t num_pkts){ + return num_pkts > 5; +} + +/* *********************************************** */ + +static int receivers_sort(void *_a, void *_b) { + struct receiver *a = (struct receiver *)_a; + struct receiver *b = (struct receiver *)_b; + + return(b->num_pkts - a->num_pkts); +} + +/* *********************************************** */ + +static int receivers_sort_asc(void *_a, void *_b) { + struct receiver *a = (struct receiver *)_a; + struct receiver *b = (struct receiver *)_b; + + return(a->num_pkts - b->num_pkts); +} + +/* ***************************************************** */ +/*@brief removes first (size - max) elements from hash table. + * hash table is ordered in ascending order. +*/ +static struct receiver *cutBackTo(struct receiver *receivers, u_int32_t max) { + struct receiver *r, *tmp; + int i=0; + int size; + int count; + + size = HASH_COUNT(receivers); + + if(size < max){ + printf("Error: invalid size value\n"); + exit(-1); + } + + count = size - max; + + HASH_ITER(hh, receivers, r, tmp) { + if(i++ == count) + return r; + HASH_DEL(receivers, r); + free(r); + } +} + +/* *********************************************** */ +/*@brief merge first table to the second table. + * if element already in the second table + * then updates its value + * else adds it to the second table +*/ +static void mergeTables(struct receiver *primary, struct receiver **secondary) { + struct receiver *r, *s, *tmp; + + HASH_ITER(hh, primary, r, tmp) { + HASH_FIND_INT(*secondary, (int *)&(r->addr), s); + if(s == NULL) + HASH_ADD_INT(*secondary, addr, r); + else + s->num_pkts += r->num_pkts; + } +} +/* *********************************************** */ +/*@brief resets a table without freeing its elements +*/ +static void resetReceivers(struct receiver *receivers) { + struct receiver *current, *tmp; + + HASH_ITER(hh, receivers, current, tmp) { + //HASH_DEL(receivers, current); + current = NULL; + } +} + +/* *********************************************** */ + +static void deleteReceivers(struct receiver *receivers) { + struct receiver *current, *tmp; + + HASH_ITER(hh, receivers, current, tmp) { + HASH_DEL(receivers, current); + free(current); + } +} + +/* *********************************************** */ +/* implementation of: https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf + * + * if (table1.size < max1 || acceptable){ + * create new element and add to the table1 + * if (table1.size > max2) { + * cut table1 back to max1 + * merge table 1 to table2 + * if(table2.size > max1) + * cut table2 back to max1 + * } + * } + * else + * update table1 +*/ +static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, + u_int8_t version, u_int32_t num_pkts, + struct receiver **topReceivers) { + struct receiver *r; + u_int32_t size; + int a; + + HASH_FIND_INT(*receivers, (int *)&dst_addr, r); + if(r == NULL) { + if(((size = HASH_COUNT(*receivers)) < MAX_TABLE_SIZE_1) + || ((a = acceptable(num_pkts)) != 0)){ + r = (struct receiver *)malloc(sizeof(struct receiver)); + if(!r) return; + + r->addr = dst_addr; + r->version = version; + r->num_pkts = num_pkts; + + HASH_ADD_INT(*receivers, addr, r); + + if((size = HASH_COUNT(*receivers)) > MAX_TABLE_SIZE_2){ + HASH_SORT(*receivers, receivers_sort_asc); + *receivers = cutBackTo(*receivers, MAX_TABLE_SIZE_1); + mergeTables(*receivers, topReceivers); + + if((size = HASH_COUNT(*topReceivers)) > MAX_TABLE_SIZE_1){ + HASH_SORT(*topReceivers, receivers_sort_asc); + *topReceivers = cutBackTo(*topReceivers, MAX_TABLE_SIZE_1); + } + + resetReceivers(*receivers); + *receivers = NULL; + } + } + } + else + r->num_pkts += num_pkts; +} + +/* *********************************************** */ + +#ifdef HAVE_JSON_C +static void saveReceiverStats(json_object **jObj_group, + struct receiver *receivers, + u_int64_t total_pkt_count) { + + json_object *jArray_stats = json_object_new_array(); + struct receiver *r, *tmp; + int i = 0; + + HASH_ITER(hh, receivers, r, tmp) { + json_object *jObj_stat = json_object_new_object(); + char addr_name[48]; + + if(r->version == IPVERSION) + inet_ntop(AF_INET, &(r->addr), addr_name, sizeof(addr_name)); + else + inet_ntop(AF_INET6, &(r->addr), addr_name, sizeof(addr_name)); + + + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(addr_name)); + json_object_object_add(jObj_stat,"packets.number", json_object_new_int(r->num_pkts)); + json_object_object_add(jObj_stat,"packets.percent",json_object_new_double(((double)r->num_pkts) / total_pkt_count)); + + json_object_array_add(jArray_stats, jObj_stat); + + i++; + if(i >= 10) break; + } + + json_object_object_add(*jObj_group, "top.receiver.stats", jArray_stats); +} +#endif + + /* *********************************************** */ static void deleteScanners(struct single_flow_info *scanners) { @@ -1117,6 +1310,9 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi updateScanners(&scannerHosts, flow->src_ip, flow->ip_version, dport); } + updateReceivers(&receivers, flow->dst_ip, flow->ip_version, + flow->src2dst_packets, &topReceivers); + updatePortStats(&srcStats, sport, flow->src_ip, flow->ip_version, flow->src2dst_packets, flow->src2dst_bytes, proto); @@ -1531,8 +1727,8 @@ static void saveTopStats(json_object **jObj_group, json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); - json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); - json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); + json_object_object_add(jObj_stat,"packets.number",json_object_new_int(s->num_pkts)); + json_object_object_add(jObj_stat,"flows.number",json_object_new_int(s->num_flows)); json_object_object_add(jObj_stat,"flows.percent",json_object_new_double((s->num_flows*100.0)/total_flow_count)); if(s->num_pkts) json_object_object_add(jObj_stat,"flows/packets", json_object_new_double(((double)s->num_flows)/s->num_pkts)); @@ -1570,7 +1766,7 @@ static void saveTopStats(json_object **jObj_group, json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"host.number",json_object_new_int64(s->num_addr)); json_object_object_add(jObj_stat,"host.percent",json_object_new_double((s->num_addr*100.0)/total_ip_addr)); - json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); + json_object_object_add(jObj_stat,"flows.number",json_object_new_int(s->num_flows)); json_object_array_add(jArray_stats,jObj_stat); i++; @@ -1895,11 +2091,13 @@ static void printResults(u_int64_t tot_usec) { fclose(json_fp); #endif } - - if(verbose == 3) { + + if(stats_flag || verbose == 3) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); - + } + + if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); @@ -1911,12 +2109,22 @@ static void printResults(u_int64_t tot_usec) { #ifdef HAVE_JSON_C json_object *jObj_stats = json_object_new_object(); char timestamp[64]; + int count; strftime(timestamp, sizeof(timestamp), "%FT%TZ", localtime(&pcap_start.tv_sec)); json_object_object_add(jObj_stats, "time", json_object_new_string(timestamp)); saveScannerStats(&jObj_stats, &scannerHosts); + if((count = HASH_COUNT(topReceivers)) == 0){ + HASH_SORT(receivers, receivers_sort); + saveReceiverStats(&jObj_stats, receivers, cumulative_stats.ip_packet_count); + } + else{ + HASH_SORT(topReceivers, receivers_sort); + saveReceiverStats(&jObj_stats, topReceivers, cumulative_stats.ip_packet_count); + } + u_int64_t total_src_addr = getTopStats(srcStats); u_int64_t total_dst_addr = getTopStats(dstStats); @@ -1935,6 +2143,16 @@ static void printResults(u_int64_t tot_usec) { deleteScanners(scannerHosts); scannerHosts = NULL; } + + if(receivers){ + deleteReceivers(receivers); + receivers = NULL; + } + + if(topReceivers){ + deleteReceivers(topReceivers); + topReceivers = NULL; + } if(srcStats) { deletePortsStats(srcStats); @@ -2333,7 +2551,12 @@ void automataUnitTest() { * sent by source hosts. */ #ifdef HAVE_JSON_C -void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], int p_size, const char *host_array[16], int h_size) { +void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, + int port_array[], int p_size, + const char *src_host_array[16], + int sh_size, + const char *dst_host_array[16], + int dh_size) { char filter[2048]; int produced = 0; int i = 0; @@ -2359,7 +2582,7 @@ void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], } - if(host_array[0] != NULL) { + if(src_host_array[0] != NULL) { int l; if(port_array[0] != INIT_VAL) @@ -2367,15 +2590,42 @@ void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], else strcpy(filter, "not (src "); + i=0; + while(i < sh_size && src_host_array[i] != NULL) { + l = strlen(filter); + + if(i+1 == sh_size || src_host_array[i+1] == NULL) + snprintf(&filter[l], sizeof(filter)-l, "%s", src_host_array[i]); + else + snprintf(&filter[l], sizeof(filter)-l, "%s or ", src_host_array[i]); - while(i < h_size && host_array[i] != NULL) { + i++; + } + + l = strlen(filter); + snprintf(&filter[l], sizeof(filter)-l, "%s", ")"); + produced = 1; + } + + + if(dst_host_array[0] != NULL) { + int l; + + if(port_array[0] != INIT_VAL || src_host_array[0] != NULL) + strncat(filter, " and not (dst ", sizeof(" and not (dst ")); + else + strcpy(filter, "not (dst "); + + i=0; + + while(i < dh_size && dst_host_array[i] != NULL) { l = strlen(filter); - if(i+1 == h_size || host_array[i+1] == NULL) - snprintf(&filter[l], sizeof(filter)-l, "%s", host_array[i]); + if(i+1 == dh_size || dst_host_array[i+1] == NULL) + snprintf(&filter[l], sizeof(filter)-l, "%s", dst_host_array[i]); else - snprintf(&filter[l], sizeof(filter)-l, "%s or ", host_array[i]); + snprintf(&filter[l], sizeof(filter)-l, "%s or ", dst_host_array[i]); i++; } @@ -2385,6 +2635,8 @@ void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], produced = 1; } + + if(produced) json_object_object_add(*jObj_bpfFilter, "pkt.peak.filter", json_object_new_string(filter)); else @@ -2399,7 +2651,9 @@ void bpf_filter_pkt_peak_filter(json_object **jObj_bpfFilter, int port_array[], * addresses. */ #ifdef HAVE_JSON_C -void bpf_filter_host_peak_filter(json_object **jObj_bpfFilter, const char *host_array[16], int h_size) { +void bpf_filter_host_peak_filter(json_object **jObj_bpfFilter, + const char *host_array[16], + int h_size) { char filter[2048]; int produced = 0; int i = 0; @@ -2511,7 +2765,7 @@ float getAverage(struct json_object *jObj_stat, char *field){ int r; int j; - if((r = strcmp(field, "top.scanner.stats")) == 0){ + if((r = strcmp(field, "top.scanner.stats")) == 0) { for(j=0; j threshold) - * and have (#flows > %1 of total flows) to the srcPortArray - * to filter - */ -void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPortArray[], int size) { +void getSourcePorts(struct json_object *jObj_stat, int srcPortArray[], int size, float threshold) { int j; for(j=0; j FLOWS_PACKETS_THRESHOLD) && (flows_percent >= FLOWS_PERCENT_THRESHOLD)) { + if((flows_packets > FLOWS_PACKETS_THRESHOLD) + && (flows_percent >= FLOWS_PERCENT_THRESHOLD) + && packets_number >= threshold) { if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); @@ -2611,73 +2882,66 @@ void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPor /* *********************************************** */ -/* - * @brief add scanner hosts which have more than 1000 - * flows per second to the srcHostArray to filter - */ #ifdef HAVE_JSON_C -void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, - const char *srcHostArray[48], int size, - float threshold) { +void getReceiverHosts(struct json_object *jObj_stat, const char *dstHostArray[16], int size) { int j; for(j=0; j FLOWS_THRESHOLD) && tot_flows_number > threshold) { + if(pkts_percent > PKTS_PERCENT_THRESHOLD) { if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0) { - fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + fprintf(stderr, "ERROR: can't get \"ip.address, use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } const char *host_address = json_object_get_string(jObj_host_address); - bpf_filter_host_array_add(srcHostArray, size, host_address); - + bpf_filter_host_array_add(dstHostArray, size, host_address); } } } #endif /* *********************************************** */ -/* - * @brief add to the dstHostArray to filter destination - * hosts which have more than 2 percent of flows per minute - */ + #ifdef HAVE_JSON_C -void getTopReceiverHostsToFilter(struct json_object *jObj_stat, int duration, const char *dstHostArray[16], int size) { +void getScannerHosts(struct json_object *jObj_stat, int duration, + const char *srcHostArray[48], int size, + float threshold) { int j; for(j=0; j 0.2) { - if((res = json_object_object_get_ex(scanner_stat, "aggressive.host", &jObj_host_address)) == 0) { - fprintf(stderr, "ERROR: can't get \"aggressive.host\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + if(((tot_flows_number/(float)duration) > FLOWS_THRESHOLD) && tot_flows_number > threshold) { + if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0) { + fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } const char *host_address = json_object_get_string(jObj_host_address); - bpf_filter_host_array_add(dstHostArray, size, host_address); + bpf_filter_host_array_add(srcHostArray, size, host_address); } } @@ -2685,35 +2949,35 @@ void getTopReceiverHostsToFilter(struct json_object *jObj_stat, int duration, co #endif /* *********************************************** */ -/* - * @brief add ports which have more than 1000 flows per - * second to the srcHostArray to filter - */ + #ifdef HAVE_JSON_C -void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration, int srcPortArray[], int size) { +void getDestinationHosts(struct json_object *jObj_stat, int duration, + const char *dstHostArray[16], int size) { int j; for(j=0; j 1000) { - if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { - fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + if(flows_percent > FLOWS_PERCENT_THRESHOLD_2) { + if((res = json_object_object_get_ex(scanner_stat, "aggressive.host", &jObj_host_address)) == 0) { + fprintf(stderr, "ERROR: can't get \"aggressive.host\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - int port = json_object_get_int(jObj_port); + const char *host_address = json_object_get_string(jObj_host_address); + + bpf_filter_host_array_add(dstHostArray, size, host_address); - bpf_filter_port_array_add(srcPortArray, size, port); } } } @@ -2730,7 +2994,12 @@ static void produceBpfFilter(char *filePath) { int filterSrcPorts[PORT_ARRAY_SIZE]; const char *filterSrcHosts[48]; const char *filterDstHosts[48]; + const char *filterPktDstHosts[48]; struct stat statbuf; + FILE *fp = NULL; + char *fileName; + char _filterFilePath[1024]; + json_object *jObj_bpfFilter; void *fmap; int fsock; float average; @@ -2739,11 +3008,7 @@ static void produceBpfFilter(char *filePath) { int typeCheck; int array_len; int i; - FILE *fp = NULL; - char *fileName; - char _filterFilePath[1024]; - json_object *jObj_bpfFilter; - + if((fsock = open(filePath, O_RDONLY)) == -1) { fprintf(stderr,"error opening file %s\n", filePath); exit(-1); @@ -2787,6 +3052,7 @@ static void produceBpfFilter(char *filePath) { bpf_filter_port_array_init(filterSrcPorts, PORT_ARRAY_SIZE); bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); bpf_filter_host_array_init(filterDstHosts, HOST_ARRAY_SIZE); + bpf_filter_host_array_init(filterPktDstHosts, HOST_ARRAY_SIZE/2); for(i=0; i Date: Thu, 12 Oct 2017 11:18:05 +0200 Subject: fixed bug --- example/ndpiReader.c | 60 +++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 33 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 422e1a9dd..8d8ee47b0 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1101,25 +1101,20 @@ static int receivers_sort_asc(void *_a, void *_b) { /*@brief removes first (size - max) elements from hash table. * hash table is ordered in ascending order. */ -static struct receiver *cutBackTo(struct receiver *receivers, u_int32_t max) { +static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u_int32_t max) { struct receiver *r, *tmp; int i=0; - int size; int count; - size = HASH_COUNT(receivers); - - if(size < max){ - printf("Error: invalid size value\n"); - exit(-1); - } + if(size < max) //return the original table + return *receivers; count = size - max; - HASH_ITER(hh, receivers, r, tmp) { + HASH_ITER(hh, *receivers, r, tmp) { if(i++ == count) return r; - HASH_DEL(receivers, r); + HASH_DEL(*receivers, r); free(r); } } @@ -1130,29 +1125,28 @@ static struct receiver *cutBackTo(struct receiver *receivers, u_int32_t max) { * then updates its value * else adds it to the second table */ -static void mergeTables(struct receiver *primary, struct receiver **secondary) { +static void mergeTables(struct receiver **primary, struct receiver **secondary) { struct receiver *r, *s, *tmp; - HASH_ITER(hh, primary, r, tmp) { + HASH_ITER(hh, *primary, r, tmp) { HASH_FIND_INT(*secondary, (int *)&(r->addr), s); - if(s == NULL) - HASH_ADD_INT(*secondary, addr, r); + if(s == NULL){ + s = (struct receiver *)malloc(sizeof(struct receiver)); + if(!s) return; + + s->addr = r->addr; + s->version = r->version; + s->num_pkts = r->num_pkts; + + HASH_ADD_INT(*secondary, addr, s); + } else s->num_pkts += r->num_pkts; - } -} -/* *********************************************** */ -/*@brief resets a table without freeing its elements -*/ -static void resetReceivers(struct receiver *receivers) { - struct receiver *current, *tmp; - HASH_ITER(hh, receivers, current, tmp) { - //HASH_DEL(receivers, current); - current = NULL; + HASH_DEL(*primary, r); + free(r); } } - /* *********************************************** */ static void deleteReceivers(struct receiver *receivers) { @@ -1200,16 +1194,16 @@ static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, HASH_ADD_INT(*receivers, addr, r); if((size = HASH_COUNT(*receivers)) > MAX_TABLE_SIZE_2){ + HASH_SORT(*receivers, receivers_sort_asc); - *receivers = cutBackTo(*receivers, MAX_TABLE_SIZE_1); - mergeTables(*receivers, topReceivers); + *receivers = cutBackTo(receivers, size, MAX_TABLE_SIZE_1); + mergeTables(receivers, topReceivers); if((size = HASH_COUNT(*topReceivers)) > MAX_TABLE_SIZE_1){ HASH_SORT(*topReceivers, receivers_sort_asc); - *topReceivers = cutBackTo(*topReceivers, MAX_TABLE_SIZE_1); + *topReceivers = cutBackTo(topReceivers, size, MAX_TABLE_SIZE_1); } - resetReceivers(*receivers); *receivers = NULL; } } @@ -1222,14 +1216,14 @@ static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, #ifdef HAVE_JSON_C static void saveReceiverStats(json_object **jObj_group, - struct receiver *receivers, + struct receiver **receivers, u_int64_t total_pkt_count) { json_object *jArray_stats = json_object_new_array(); struct receiver *r, *tmp; int i = 0; - HASH_ITER(hh, receivers, r, tmp) { + HASH_ITER(hh, *receivers, r, tmp) { json_object *jObj_stat = json_object_new_object(); char addr_name[48]; @@ -2118,11 +2112,11 @@ static void printResults(u_int64_t tot_usec) { if((count = HASH_COUNT(topReceivers)) == 0){ HASH_SORT(receivers, receivers_sort); - saveReceiverStats(&jObj_stats, receivers, cumulative_stats.ip_packet_count); + saveReceiverStats(&jObj_stats, &receivers, cumulative_stats.ip_packet_count); } else{ HASH_SORT(topReceivers, receivers_sort); - saveReceiverStats(&jObj_stats, topReceivers, cumulative_stats.ip_packet_count); + saveReceiverStats(&jObj_stats, &topReceivers, cumulative_stats.ip_packet_count); } u_int64_t total_src_addr = getTopStats(srcStats); -- cgit v1.2.3 From 83d5a46ec483e934317671b8fa015ac12add7849 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 13 Oct 2017 19:41:34 +0200 Subject: Added ndpi_icmphdr datatype --- src/include/ndpi_typedefs.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8806219ef..9ac3b72a6 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -285,6 +285,28 @@ typedef union #endif } ndpi_ip_addr_t; + +/* +++++++++++++++++++++++ ICMP header +++++++++++++++++++++++ */ + +PACK_ON +struct ndpi_icmphdr { + u_int8_t type;/* message type */ + u_int8_t code;/* type sub-code */ + u_int16_t checksum; + union { + struct { + u_int16_t id; + u_int16_t sequence; + } echo; /* echo datagram */ + + u_int32_t gateway; /* gateway address */ + struct { + u_int16_t __unused; + u_int16_t mtu; + } frag;/* path mtu discovery */ + } un; +} PACK_OFF; + /* ************************************************************ */ /* ******************* ********************* ****************** */ /* ************************************************************ */ -- cgit v1.2.3 From 75993242b0d9a2982140bef3a1b574f46640b572 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 14 Oct 2017 11:21:01 +0200 Subject: Implemented HTTP User Agent discovery --- wireshark/ndpi.lua | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index ad1f5fe0e..bab43abe8 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -53,6 +53,7 @@ local f_tcp_ooo = Field.new('tcp.analysis.out_of_order') local f_tcp_lost_segment = Field.new('tcp.analysis.lost_segment') -- packet drop ? local f_rpc_xid = Field.new('rpc.xid') local f_rpc_msgtyp = Field.new('rpc.msgtyp') +local f_user_agent = Field.new('http.user_agent') local ndpi_protos = {} local ndpi_flows = {} @@ -84,6 +85,9 @@ local max_num_dns_queries = 50 local ssl_server_names = {} local tot_ssl_flows = 0 +local http_ua = {} +local tot_http_ua_flows = 0 + local min_nw_client_RRT = {} local min_nw_server_RRT = {} local max_nw_client_RRT = {} @@ -214,6 +218,24 @@ end -- ############################################### +function pairsByKeys(t, f) + local a = {} + + -- io.write(debug.traceback().."\n") + for n in pairs(t) do table.insert(a, n) end + table.sort(a, f) + local i = 0 -- iterator variable + local iter = function () -- iterator function + i = i + 1 + if a[i] == nil then return nil + else return a[i], t[a[i]] + end + end + return iter +end + +-- ############################################### + function pairsByValues(t, f) local a = {} for n in pairs(t) do table.insert(a, n) end @@ -293,7 +315,12 @@ function ndpi_proto.init() -- SSL ssl_server_names = {} - + tot_ssl_flows = 0 + + -- HTTP + http_ua = {} + tot_http_ua_flows = 0 + -- DNS dns_responses_ok = {} dns_responses_error = {} @@ -482,6 +509,27 @@ end -- ############################################### +function http_dissector(tvb, pinfo, tree) + local user_agent = f_user_agent() + if(user_agent ~= nil) then + local srckey = tostring(pinfo.src) + + user_agent = getval(user_agent) + + if(http_ua[user_agent] == nil) then + http_ua[user_agent] = { } + tot_http_ua_flows = tot_http_ua_flows + 1 + end + + if(http_ua[user_agent][srckey] == nil) then + http_ua[user_agent][srckey] = 1 + -- io.write("Adding ["..user_agent.."] @ "..srckey.."\n") + end + end +end + +-- ############################################### + function dns_dissector(tvb, pinfo, tree) local dns_response = f_dns_response() if(dns_response ~= nil) then @@ -843,6 +891,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) arp_dissector(tvb, pinfo, tree) vlan_dissector(tvb, pinfo, tree) ssl_dissector(tvb, pinfo, tree) + http_dissector(tvb, pinfo, tree) dns_dissector(tvb, pinfo, tree) rpc_dissector(tvb, pinfo, tree) end @@ -1124,6 +1173,36 @@ end -- ############################################### +local function http_ua_dialog_menu() + local win = TextWindow.new("HTTP User Agent"); + local label = "" + local tot = 0 + local i + + if(tot_http_ua_flows > 0) then + i = 0 + label = label .. "Client\t\tUser Agent\n" + for k,v in pairsByKeys(http_ua, rev) do + local ips = "" + for k1,v1 in pairs(v) do + if(ips ~= "") then ips = ips .. "," end + ips = ips .. k1 + end + + -- label = label .. string.format("%-32s", shortenString(k,32)).."\t"..ips.."\n" + label = label .. ips.."\t"..k.."\n" + if(i == 50) then break else i = i + 1 end + end + else + label = "No HTTP User agents detected" + end + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + local function ssl_dialog_menu() local win = TextWindow.new("SSL Server Contacts"); local label = "" @@ -1195,6 +1274,7 @@ register_menu("ntop/ARP", arp_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/VLAN", vlan_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/IP-MAC", ip_mac_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/DNS", dns_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/HTTP UA", http_ua_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/SSL", ssl_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/TCP Analysis", tcp_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Network", rtt_dialog_menu, MENU_TOOLS_UNSORTED) -- cgit v1.2.3 From 39d77380424985ddab5459b7693a4a3b9410a102 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 14 Oct 2017 12:29:25 +0200 Subject: Implemented DHCP fingerprinting --- wireshark/ndpi.lua | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 88 insertions(+), 2 deletions(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index bab43abe8..a05ca0493 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -34,6 +34,7 @@ ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "nt ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) ntop_fds.appl_latency_rtt = ProtoField.new("Application Latency RTT (msec)", "ntop.latency.appl_rtt", ftypes.FLOAT, nil, base.NONE) +local f_eth_source = Field.new("eth.src") local f_eth_trailer = Field.new("eth.trailer") local f_vlan_id = Field.new("vlan.id") local f_arp_opcode = Field.new("arp.opcode") @@ -54,6 +55,7 @@ local f_tcp_lost_segment = Field.new('tcp.analysis.lost_segment') -- packet dro local f_rpc_xid = Field.new('rpc.xid') local f_rpc_msgtyp = Field.new('rpc.msgtyp') local f_user_agent = Field.new('http.user_agent') +local f_dhcp_request_item = Field.new('bootp.option.request_list_item') local ndpi_protos = {} local ndpi_flows = {} @@ -88,6 +90,8 @@ local tot_ssl_flows = 0 local http_ua = {} local tot_http_ua_flows = 0 +local dhcp_fingerprints = {} + local min_nw_client_RRT = {} local min_nw_server_RRT = {} local max_nw_client_RRT = {} @@ -320,6 +324,9 @@ function ndpi_proto.init() -- HTTP http_ua = {} tot_http_ua_flows = 0 + + -- DHCP + dhcp_fingerprints = {} -- DNS dns_responses_ok = {} @@ -530,6 +537,24 @@ end -- ############################################### +function dhcp_dissector(tvb, pinfo, tree) + local req_item = f_dhcp_request_item() + + if(req_item ~= nil) then + local srckey = tostring(f_eth_source()) + local req_table = { f_dhcp_request_item() } + local fingerprint = "" + + for k,v in pairs(req_table) do + fingerprint = fingerprint .. string.format("%02X", v.value) + end + + dhcp_fingerprints[srckey] = fingerprint + end +end + +-- ############################################### + function dns_dissector(tvb, pinfo, tree) local dns_response = f_dns_response() if(dns_response ~= nil) then @@ -892,6 +917,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) vlan_dissector(tvb, pinfo, tree) ssl_dissector(tvb, pinfo, tree) http_dissector(tvb, pinfo, tree) + dhcp_dissector(tvb, pinfo, tree) dns_dissector(tvb, pinfo, tree) rpc_dissector(tvb, pinfo, tree) end @@ -1203,6 +1229,65 @@ end -- ############################################### +local function dhcp_dialog_menu() + local win = TextWindow.new("DHCP Fingerprinting"); + local label = "" + local tot = 0 + local i + local fingeprints = { + ['017903060F77FC'] = 'iOS', + ['017903060F77FC5F2C2E'] = 'MacOS', + ['0103060F775FFC2C2E2F'] = 'MacOS', + ['0103060F775FFC2C2E'] = 'MacOS', + ['0603010F0C2C51452B1242439607'] = 'HP LaserJet', + ['01032C06070C0F16363A3B45122B7751999A'] = 'HP LaserJet', + ['0103063633'] = 'Windows', + ['0103060F1F212B2C2E2F79F9FC'] = 'Windows', + ['0103060C0F1C2A'] = 'Linux', + ['011C02030F06770C2C2F1A792A79F921FC2A'] = 'Linux', + ['0102030F060C2C'] = 'Apple AirPort', + ['010F03062C2E2F1F2179F92B'] = 'Windows' + } + + if(dhcp_fingerprints ~= {}) then + i = 0 + label = label .. "Client\t\tKnown Fingerprint\n" + for k,v in pairsByValues(dhcp_fingerprints, rev) do + local os = fingeprints[v] + + if(os ~= nil) then + local os = " ["..os.."]" + label = label .. k.."\t"..v..os.."\n" + if(i == 50) then break else i = i + 1 end + end + end + + i = 0 + for k,v in pairsByValues(dhcp_fingerprints, rev) do + local os = fingeprints[v] + + if(os == nil) then + if(i == 0) then + label = label .. "\n\nClient\t\tUnknown Fingerprint\n" + end + + label = label .. k.."\t"..v.."\n" + if(i == 50) then break else i = i + 1 end + end + end + + + + else + label = "No DHCP fingerprints detected" + end + + win:set(label) + win:add_button("Clear", function() win:clear() end) +end + +-- ############################################### + local function ssl_dialog_menu() local win = TextWindow.new("SSL Server Contacts"); local label = "" @@ -1271,12 +1356,13 @@ end -- ############################################### register_menu("ntop/ARP", arp_dialog_menu, MENU_TOOLS_UNSORTED) -register_menu("ntop/VLAN", vlan_dialog_menu, MENU_TOOLS_UNSORTED) -register_menu("ntop/IP-MAC", ip_mac_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/DHCP", dhcp_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/DNS", dns_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/HTTP UA", http_ua_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/IP-MAC", ip_mac_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/SSL", ssl_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/TCP Analysis", tcp_dialog_menu, MENU_TOOLS_UNSORTED) +register_menu("ntop/VLAN", vlan_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Network", rtt_dialog_menu, MENU_TOOLS_UNSORTED) register_menu("ntop/Latency/Application", appl_rtt_dialog_menu, MENU_TOOLS_UNSORTED) -- cgit v1.2.3 From 2ee871f5e6014769fa309f97757619a009aea9af Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 14 Oct 2017 12:59:28 +0200 Subject: Added Android fingerprint --- wireshark/ndpi.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index a05ca0493..6ebda9d9d 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -1243,10 +1243,11 @@ local function dhcp_dialog_menu() ['01032C06070C0F16363A3B45122B7751999A'] = 'HP LaserJet', ['0103063633'] = 'Windows', ['0103060F1F212B2C2E2F79F9FC'] = 'Windows', + ['010F03062C2E2F1F2179F92B'] = 'Windows', ['0103060C0F1C2A'] = 'Linux', ['011C02030F06770C2C2F1A792A79F921FC2A'] = 'Linux', ['0102030F060C2C'] = 'Apple AirPort', - ['010F03062C2E2F1F2179F92B'] = 'Windows' + ['01792103060F1C333A3B77'] = 'Android', } if(dhcp_fingerprints ~= {}) then -- cgit v1.2.3 From 36adc23507a7853189c0d3773d5191c8adbb6e3f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 14 Oct 2017 13:15:35 +0200 Subject: Fixed warning generated by some compilers --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9ac3b72a6..33043fde5 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -301,7 +301,7 @@ struct ndpi_icmphdr { u_int32_t gateway; /* gateway address */ struct { - u_int16_t __unused; + u_int16_t _unused; u_int16_t mtu; } frag;/* path mtu discovery */ } un; -- cgit v1.2.3 From f7e95b4ee82f04704f923fd4f6608423291761d9 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 14 Oct 2017 14:23:49 +0200 Subject: Fixed DHCP layout --- wireshark/ndpi.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 6ebda9d9d..7503b0746 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -1252,12 +1252,17 @@ local function dhcp_dialog_menu() if(dhcp_fingerprints ~= {}) then i = 0 - label = label .. "Client\t\tKnown Fingerprint\n" + for k,v in pairsByValues(dhcp_fingerprints, rev) do local os = fingeprints[v] if(os ~= nil) then local os = " ["..os.."]" + + if(i == 0) then + label = label .. "Client\t\tKnown Fingerprint\n" + end + label = label .. k.."\t"..v..os.."\n" if(i == 50) then break else i = i + 1 end end -- cgit v1.2.3 From 2155dd9153457886c4f5dac58dcf269eeb2a8122 Mon Sep 17 00:00:00 2001 From: Hidde van der Heide Date: Thu, 19 Oct 2017 16:10:56 +0200 Subject: Add libcache to installed headers and removed relative import --- example/Makefile.am | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/Makefile.am | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/example/Makefile.am b/example/Makefile.am index 7fc29402a..6cc6a14ce 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..0587503f9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,7 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "../lib/third_party/include/libcache.h" +#include "libcache.h" #define BT_ANNOUNCE #define SNAP_EXT diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index c2b4e4b13..39823d378 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -12,7 +12,8 @@ libndpi_la_include_HEADERS = ../include/ndpi_api.h \ ../include/ndpi_includes.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h + ../include/ndpi_typedefs.h \ + third_party/include/libcache.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ -- cgit v1.2.3 From 4f72b954da705f8d54a9dd61eae46b2b36b24dc0 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Mon, 23 Oct 2017 15:20:13 +0200 Subject: Undoes 2155dd9 that breaks ntopng Travis --- example/Makefile.am | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/Makefile.am | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/example/Makefile.am b/example/Makefile.am index 6cc6a14ce..7fc29402a 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0587503f9..33043fde5 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,7 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "libcache.h" +#include "../lib/third_party/include/libcache.h" #define BT_ANNOUNCE #define SNAP_EXT diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 39823d378..c2b4e4b13 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -12,8 +12,7 @@ libndpi_la_include_HEADERS = ../include/ndpi_api.h \ ../include/ndpi_includes.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h \ - third_party/include/libcache.h + ../include/ndpi_typedefs.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ -- cgit v1.2.3 From 441e43c167a88021854b56852e38a2317c2ac5bf Mon Sep 17 00:00:00 2001 From: Hidde van der Heide Date: Tue, 24 Oct 2017 17:05:48 +0200 Subject: Revert the revert of 2155dd9 after fixing ntopng Travis This reverts commit 4f72b954da705f8d54a9dd61eae46b2b36b24dc0. --- example/Makefile.am | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/Makefile.am | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/example/Makefile.am b/example/Makefile.am index 7fc29402a..6cc6a14ce 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..0587503f9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,7 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "../lib/third_party/include/libcache.h" +#include "libcache.h" #define BT_ANNOUNCE #define SNAP_EXT diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index c2b4e4b13..39823d378 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -12,7 +12,8 @@ libndpi_la_include_HEADERS = ../include/ndpi_api.h \ ../include/ndpi_includes.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h + ../include/ndpi_typedefs.h \ + third_party/include/libcache.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ -- cgit v1.2.3 From 2787c2390cdd7129c2dcf50b0d4990d3f7d1bccc Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Sat, 14 Oct 2017 14:38:48 +0300 Subject: Refactoring the debugging output. levels of debug output: 0 - ERROR: Only for errors. 1 - TRACE: Start of each packets and if found protocol. 2 - DEBUG: Start of searching each protocol and excluding protocols. 3 - DEBUG_EXTRA: For all other messages. Added field ndpi_struct->debug_logging for enable debug output of each protocols. Simple macros for debugging output are added: NDPI_LOG_ERR(), NDPI_LOG_INFO(), NDPI_LOG_DBG(), NDPI_LOG_DBG2(), NDPI_EXCLUDE_PROTO() --- example/ndpiReader.c | 37 +++++-- example/ndpi_util.c | 66 ++++++++++++ example/ndpi_util.h | 3 + src/include/ndpi_api.h | 14 +++ src/include/ndpi_define.h.in | 69 ++++++++++--- src/include/ndpi_typedefs.h | 5 +- src/lib/ndpi_main.c | 166 ++++++++++++++++++------------ src/lib/protocols/afp.c | 15 ++- src/lib/protocols/aimini.c | 74 +++++++------- src/lib/protocols/amqp.c | 13 ++- src/lib/protocols/applejuice.c | 15 +-- src/lib/protocols/armagetron.c | 22 ++-- src/lib/protocols/ayiya.c | 14 ++- src/lib/protocols/battlefield.c | 22 ++-- src/lib/protocols/bgp.c | 16 ++- src/lib/protocols/bittorrent.c | 84 +++++++--------- src/lib/protocols/bjnp.c | 12 ++- src/lib/protocols/btlib.c | 2 +- src/lib/protocols/ciscovpn.c | 21 ++-- src/lib/protocols/citrix.c | 21 ++-- src/lib/protocols/coap.c | 20 ++-- src/lib/protocols/collectd.c | 14 ++- src/lib/protocols/corba.c | 15 +-- src/lib/protocols/crossfire.c | 34 +++---- src/lib/protocols/csgo.c | 34 ++++--- src/lib/protocols/dcerpc.c | 15 ++- src/lib/protocols/dhcp.c | 24 ++--- src/lib/protocols/dhcpv6.c | 16 +-- src/lib/protocols/directconnect.c | 131 +++++++++--------------- src/lib/protocols/directdownloadlink.c | 36 ++++--- src/lib/protocols/dns.c | 28 +++--- src/lib/protocols/dofus.c | 100 +++++++++--------- src/lib/protocols/drda.c | 13 ++- src/lib/protocols/dropbox.c | 13 ++- src/lib/protocols/eaq.c | 59 ++++++----- src/lib/protocols/edonkey.c | 22 ++-- src/lib/protocols/fasttrack.c | 22 ++-- src/lib/protocols/fiesta.c | 24 ++--- src/lib/protocols/filetopia.c | 17 ++-- src/lib/protocols/fix.c | 17 +++- src/lib/protocols/florensia.c | 38 ++++--- src/lib/protocols/ftp_control.c | 24 +++-- src/lib/protocols/ftp_data.c | 16 +-- src/lib/protocols/git.c | 15 ++- src/lib/protocols/gnutella.c | 86 +++++++--------- src/lib/protocols/gtp.c | 12 ++- src/lib/protocols/guildwars.c | 20 ++-- src/lib/protocols/h323.c | 27 +++-- src/lib/protocols/halflife2_and_mods.c | 17 ++-- src/lib/protocols/hangout.c | 15 ++- src/lib/protocols/hep.c | 15 ++- src/lib/protocols/http.c | 179 +++++++++++++++++---------------- src/lib/protocols/http_activesync.c | 15 ++- src/lib/protocols/iax.c | 16 +-- src/lib/protocols/icecast.c | 18 ++-- src/lib/protocols/ipp.c | 35 +++---- src/lib/protocols/irc.c | 156 ++++++++++++---------------- src/lib/protocols/jabber.c | 94 ++++++++--------- src/lib/protocols/kakaotalk_voice.c | 13 ++- src/lib/protocols/kerberos.c | 23 ++--- src/lib/protocols/kontiki.c | 18 ++-- src/lib/protocols/ldap.c | 29 +++--- src/lib/protocols/lisp.c | 17 ++-- src/lib/protocols/lotus_notes.c | 51 +++++----- src/lib/protocols/mail_imap.c | 20 ++-- src/lib/protocols/mail_pop.c | 26 +++-- src/lib/protocols/mail_smtp.c | 23 ++--- src/lib/protocols/maplestory.c | 20 ++-- src/lib/protocols/mdns.c | 20 ++-- src/lib/protocols/megaco.c | 13 ++- src/lib/protocols/mgcp.c | 71 +++++++------ src/lib/protocols/mms.c | 19 ++-- src/lib/protocols/mpegts.c | 13 ++- src/lib/protocols/mqtt.c | 89 ++++++++-------- src/lib/protocols/msn.c | 96 +++++++++--------- src/lib/protocols/mssql_tds.c | 17 ++-- src/lib/protocols/mysql.c | 15 ++- src/lib/protocols/netbios.c | 89 +++++++--------- src/lib/protocols/netflow.c | 21 ++-- src/lib/protocols/nfs.c | 24 +++-- src/lib/protocols/nintendo.c | 12 ++- src/lib/protocols/noe.c | 19 ++-- src/lib/protocols/ntp.c | 40 ++++---- src/lib/protocols/openft.c | 15 +-- src/lib/protocols/openvpn.c | 22 ++-- src/lib/protocols/oracle.c | 17 ++-- src/lib/protocols/oscar.c | 75 +++++++------- src/lib/protocols/pando.c | 37 +++---- src/lib/protocols/pcanywhere.c | 16 +-- src/lib/protocols/postgres.c | 27 ++--- src/lib/protocols/pplive.c | 58 +++++------ src/lib/protocols/ppstream.c | 32 ++---- src/lib/protocols/pptp.c | 16 ++- src/lib/protocols/qq.c | 80 +++++++-------- src/lib/protocols/quake.c | 22 ++-- src/lib/protocols/quic.c | 13 ++- src/lib/protocols/radius.c | 13 ++- src/lib/protocols/rdp.c | 14 ++- src/lib/protocols/redis_net.c | 16 +-- src/lib/protocols/rsync.c | 15 +-- src/lib/protocols/rtcp.c | 18 ++-- src/lib/protocols/rtmp.c | 21 ++-- src/lib/protocols/rtp.c | 85 ++++++++-------- src/lib/protocols/rtsp.c | 42 ++++---- src/lib/protocols/rx.c | 32 +++--- src/lib/protocols/sflow.c | 20 ++-- src/lib/protocols/shoutcast.c | 28 +++--- src/lib/protocols/sip.c | 48 ++++----- src/lib/protocols/skinny.c | 16 +-- src/lib/protocols/skype.c | 20 ++-- src/lib/protocols/smb.c | 14 ++- src/lib/protocols/smpp.c | 35 +++---- src/lib/protocols/snmp.c | 37 +++---- src/lib/protocols/socks45.c | 33 +++--- src/lib/protocols/socrates.c | 27 +++-- src/lib/protocols/someip.c | 52 +++++----- src/lib/protocols/sopcast.c | 36 +++---- src/lib/protocols/soulseek.c | 128 ++++++++--------------- src/lib/protocols/spotify.c | 18 ++-- src/lib/protocols/ssdp.c | 18 ++-- src/lib/protocols/ssh.c | 14 +-- src/lib/protocols/ssl.c | 75 +++++++------- src/lib/protocols/starcraft.c | 28 +++--- src/lib/protocols/stealthnet.c | 17 ++-- src/lib/protocols/steam.c | 71 ++++++------- src/lib/protocols/stun.c | 33 +++--- src/lib/protocols/syslog.c | 41 ++++---- src/lib/protocols/teamspeak.c | 40 ++++---- src/lib/protocols/teamviewer.c | 15 ++- src/lib/protocols/telegram.c | 12 ++- src/lib/protocols/telnet.c | 19 ++-- src/lib/protocols/teredo.c | 16 ++- src/lib/protocols/tftp.c | 17 ++-- src/lib/protocols/thunder.c | 45 ++++----- src/lib/protocols/tinc.c | 14 +-- src/lib/protocols/tor.c | 16 +-- src/lib/protocols/tvants.c | 21 ++-- src/lib/protocols/tvuplayer.c | 33 +++--- src/lib/protocols/ubntac2.c | 14 ++- src/lib/protocols/usenet.c | 38 +++---- src/lib/protocols/vhua.c | 12 ++- src/lib/protocols/viber.c | 15 +-- src/lib/protocols/vmware.c | 12 ++- src/lib/protocols/vnc.c | 13 ++- src/lib/protocols/warcraft3.c | 34 +++---- src/lib/protocols/whoisdas.c | 16 ++- src/lib/protocols/world_of_kung_fu.c | 17 ++-- src/lib/protocols/world_of_warcraft.c | 49 ++++----- src/lib/protocols/xbox.c | 18 ++-- src/lib/protocols/xdmcp.c | 19 ++-- src/lib/protocols/yahoo.c | 84 +++++++--------- src/lib/protocols/zattoo.c | 131 ++++++++---------------- src/lib/protocols/zeromq.c | 12 ++- 153 files changed, 2678 insertions(+), 2490 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8d8ee47b0..7a60fddb7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -77,7 +77,9 @@ static json_object *jArray_topStats; static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ -static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; +static u_int8_t enable_protocol_guess = 1, verbose = 0, json_flag = 0; +int nDPI_LogLevel = 0; +char *_debug_protocols = NULL; static u_int8_t stats_flag = 0, bpf_filter_flag = 0; #ifdef HAVE_JSON_C static u_int8_t file_first_time = 1; @@ -250,9 +252,12 @@ static void help(u_int long_help) { " | 1 = verbose\n" " | 2 = very verbose\n" " | 3 = port stats\n" - " -b | Specify a file to write port based diagnose statistics\n" - " -x | Produce bpf filters for specified diagnose file. Use\n" - " | this option only for .json files generated with -b flag.\n"); + " -V <1-4> | nDPI logging level\n" + " | 1 - trace, 2 - debug, 3 - full debug\n" + " | >3 - full debug + dbg_proto = all\n" + " -b | Specify a file to write port based diagnose statistics\n" + " -x | Produce bpf filters for specified diagnose file. Use\n" + " | this option only for .json files generated with -b flag.\n"); #ifndef WIN32 @@ -266,6 +271,7 @@ static void help(u_int long_help) { " --extcap-capture-filter\n" " --fifo \n" " --debug\n" + " --dbg-proto proto|num[,...]\n" ); #endif @@ -289,7 +295,8 @@ static struct option longopts[] = { { "capture", no_argument, NULL, '5'}, { "extcap-capture-filter", required_argument, NULL, '6'}, { "fifo", required_argument, NULL, '7'}, - { "debug", optional_argument, NULL, '8'}, + { "debug", no_argument, NULL, '8'}, + { "dbg-proto", required_argument, NULL, 257}, { "ndpi-proto-filter", required_argument, NULL, '9'}, /* ndpiReader options */ @@ -519,8 +526,12 @@ static void parseOptions(int argc, char **argv) { break; case 'V': - printf("%d\n",atoi(optarg) ); - nDPI_traceLevel = atoi(optarg); + nDPI_LogLevel = atoi(optarg); + if(nDPI_LogLevel < 0) nDPI_LogLevel = 0; + if(nDPI_LogLevel > 3) { + nDPI_LogLevel = 3; + _debug_protocols = strdup("all"); + } break; case 'h': @@ -546,6 +557,7 @@ static void parseOptions(int argc, char **argv) { case 'q': quiet_mode = 1; + nDPI_LogLevel = 0; break; /* Extcap */ @@ -574,12 +586,17 @@ static void parseOptions(int argc, char **argv) { break; case '8': - nDPI_traceLevel = 9; + nDPI_LogLevel = NDPI_LOG_DEBUG_EXTRA; + _debug_protocols = strdup("all"); break; case '9': extcap_packet_filter = atoi(optarg); break; + + case 257: + _debug_protocols = strdup(optarg); + break; default: help(0); @@ -985,7 +1002,6 @@ void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, int min = count; int update = 0; int min_i = 0; - int r; int i; if(count == 0) return; @@ -1117,6 +1133,7 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u HASH_DEL(*receivers, r); free(r); } + return NULL; } /* *********************************************** */ @@ -1381,7 +1398,7 @@ static void debug_printf(u_int32_t protocol, void *id_struct, struct tm result; #endif - if(log_level <= nDPI_traceLevel) { + if(log_level <= nDPI_LogLevel) { char buf[8192], out_buf[8192]; char theDate[32]; const char *extra_msg = ""; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d57e9e90e..11f66049c 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -105,6 +105,61 @@ static void free_wrapper(void *freeable) { /* ***************************************************** */ +static uint16_t ndpi_get_proto_id(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { + uint16_t proto_id; + char *e; + unsigned long p = strtol(name,&e,0); + if(e && !*e) { + if(p < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS && + ndpi_mod->proto_defaults[p].protoName) return (uint16_t)p; + return NDPI_PROTOCOL_UNKNOWN; + } + for(proto_id=NDPI_PROTOCOL_UNKNOWN; proto_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS; proto_id++) { + if(ndpi_mod->proto_defaults[proto_id].protoName && + !strcasecmp(ndpi_mod->proto_defaults[proto_id].protoName,name)) + return proto_id; + } + return NDPI_PROTOCOL_UNKNOWN; +} +static NDPI_PROTOCOL_BITMASK debug_bitmask; +static char _proto_delim[] = " \t,:;"; +static int parse_debug_proto(struct ndpi_detection_module_struct *ndpi_mod, char *str) { +char *n; +uint16_t proto; +char op=1; +for(n = strtok(str,_proto_delim); n && *n; n = strtok(NULL,_proto_delim)) { + if(*n == '-') { + op = 0; + n++; + } else if(*n == '+') { + op = 1; + n++; + } + if(!strcmp(n,"all")) { + if(op) + NDPI_BITMASK_SET_ALL(debug_bitmask); + else + NDPI_BITMASK_RESET(debug_bitmask); + continue; + } + proto = ndpi_get_proto_id(ndpi_mod, n); + if(proto == NDPI_PROTOCOL_UNKNOWN && strcmp(n,"unknown") && strcmp(n,"0")) { + fprintf(stderr,"Invalid protocol %s\n",n); + return 1; + } + if(op) + NDPI_BITMASK_ADD(debug_bitmask,proto); + else + NDPI_BITMASK_DEL(debug_bitmask,proto); +} +return 0; +} + +/* ***************************************************** */ + +extern char *_debug_protocols; +static int _debug_protocols_ok = 0; + struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle) { set_ndpi_malloc(malloc_wrapper), set_ndpi_free(free_wrapper); set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); @@ -121,7 +176,18 @@ struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * pre NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); exit(-1); } + module->ndpi_log_level = nDPI_LogLevel; + if(_debug_protocols != NULL && ! _debug_protocols_ok) { + if(parse_debug_proto(module,_debug_protocols)) + exit(-1); + _debug_protocols_ok = 1; + } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES + NDPI_BITMASK_RESET(module->debug_bitmask); + if(_debug_protocols_ok) + module->debug_bitmask = debug_bitmask; +#endif workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *)); return workflow; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 51bc09ddb..7abebe4f5 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -179,4 +179,7 @@ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); u_int32_t ethernet_crc32(const void* data, size_t n_bytes); void ndpi_flow_info_freer(void *node); + +extern int nDPI_LogLevel; + #endif diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 4193a2c57..2062974ad 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -383,6 +383,20 @@ extern "C" { u_int16_t master_protocol_id); + /** + * Exclude protocol from search + * + * @par ndpi_struct = the detection module + * @par flow = the flow where match the host + * @par master_protocol_id = value of the ID associated to the master protocol detected + * + */ + void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t master_protocol_id, + const char *_file, const char *_func,int _line); + + /** * Check if the string -bigram_to_match- match with a bigram of -automa- * diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 33c3c622e..c6c1f4481 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -180,24 +180,67 @@ #define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 #ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ + #define NDPI_LOG(proto, m, log_level, args...) \ { \ struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, __FILE__, __FUNCTION__, __LINE__, args); \ } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif + + /* We must define NDPI_CURRENT_PROTO before include ndpi_main.h !!! + * + * #include "ndpi_protocol_ids.h" + * #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XXXX + * #include "ndpi_api.h" + * + */ + + #ifndef NDPI_CURRENT_PROTO + #define NDPI_CURRENT_PROTO NDPI_PROTO_UNKNOWN + #endif + + #define NDPI_LOG_ERR(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_ERROR) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_ERROR , __FILE__, __FUNCTION__, __LINE__, args); \ + } + + #define NDPI_LOG_INFO(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_TRACE) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_TRACE , __FILE__, __FUNCTION__, __LINE__, args); \ + } + + #define NDPI_LOG_DBG(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_DEBUG) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_DEBUG , __FILE__, __FUNCTION__, __LINE__, args); \ + } + + #define NDPI_LOG_DBG2(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_DEBUG_EXTRA) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_DEBUG_EXTRA , __FILE__, __FUNCTION__, __LINE__, args); \ + } + +#else /* not defined NDPI_ENABLE_DEBUG_MESSAGES */ +# ifdef WIN32 +# define NDPI_LOG(...) {} +# define NDPI_LOG_ERR(...) {} +# define NDPI_LOG_INFO(...) {} +# define NDPI_LOG_DBG(...) {} +# define NDPI_LOG_DBG2(...) {} +# else +# define NDPI_LOG(proto, mod, log_level, args...) {} +# define NDPI_LOG_ERR(mod, args...) {} +# define NDPI_LOG_INFO(mod, args...) {} +# define NDPI_LOG_DBG(mod, args...) {} +# define NDPI_LOG_DBG2(mod, args...) {} +# endif #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ +#define NDPI_EXCLUDE_PROTO(mod,flow) ndpi_exclude_protocol(mod, flow, NDPI_CURRENT_PROTO, __FILE__, __FUNCTION__, __LINE__) + /** * macro for getting the string len of a static string * diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..92b6a1a7a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -36,7 +36,8 @@ typedef enum { NDPI_LOG_ERROR, NDPI_LOG_TRACE, - NDPI_LOG_DEBUG + NDPI_LOG_DEBUG, + NDPI_LOG_DEBUG_EXTRA } ndpi_log_level_t; /* NDPI_VISIT */ @@ -859,12 +860,14 @@ struct ndpi_detection_module_struct { ndpi_default_ports_tree_node_t *tcpRoot, *udpRoot; + ndpi_log_level_t ndpi_log_level; /* default error */ #ifdef NDPI_ENABLE_DEBUG_MESSAGES /* debug callback, only set when debug is used */ ndpi_debug_function_ptr ndpi_debug_printf; const char *ndpi_debug_print_file; const char *ndpi_debug_print_function; u_int32_t ndpi_debug_print_line; + NDPI_PROTOCOL_BITMASK debug_bitmask; #endif /* misc parameters */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d7583f520..1e01489e7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -24,6 +24,9 @@ #include #include #include "ahocorasick.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN + #include "ndpi_api.h" #include "../../config.h" @@ -36,6 +39,7 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" +static int _ndpi_debug_callbacks = 0; /* implementation of the punycode check function */ int check_punycode_string(char * buffer , int len) @@ -301,10 +305,12 @@ int strncasecmp(s1, s2, n) /* ****************************************** */ /* Forward */ -static void addDefaultPort(ndpi_port_range *range, +static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, - ndpi_default_ports_tree_node_t **root); + ndpi_default_ports_tree_node_t **root, + const char *_func, int _line); static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -477,6 +483,27 @@ u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *nd return(0); } } +/* ********************************************************************************** */ + +void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t protocol_id, + const char *_file, const char *_func,int _line) { + + if(protocol_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { +#ifdef NDPI_ENABLE_DEBUG_MESSAGES + if ( ndpi_struct && + ndpi_struct->ndpi_log_level >= NDPI_LOG_DEBUG && + ndpi_struct->ndpi_debug_printf != NULL) { + + (*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG, + _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id)); + + } +#endif + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); + } +} /* ********************************************************************************** */ @@ -490,14 +517,14 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { #ifdef DEBUG - printf("[NDPI] %s(%s/protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protoName, protoId); + NDPI_LOG_ERR(ndpi_mod, "[NDPI] %s/protoId=%d: INTERNAL ERROR\n", protoName, protoId); #endif return; } if(ndpi_mod->proto_defaults[protoId].protoName != NULL) { #ifdef DEBUG - printf("[NDPI] %s(%s/protoId=%d): already initialized. Ignoring it\n", __FUNCTION__, protoName, protoId); + NDPI_LOG_ERR(ndpi_mod, "[NDPI] %s/protoId=%d: already initialized. Ignoring it\n", protoName, protoId); #endif return; } @@ -513,8 +540,8 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); for(j=0; jproto_defaults[protoId], 0, &ndpi_mod->udpRoot); - if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot); + if(udpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); + if(tcpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__); } } @@ -536,7 +563,6 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh { ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - printf("<%d>Walk on node %s (%u)\n", depth, which == ndpi_preorder?"ndpi_preorder": @@ -548,10 +574,12 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh /* ******************************************************************** */ -static void addDefaultPort(ndpi_port_range *range, +static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, - ndpi_default_ports_tree_node_t **root) + ndpi_default_ports_tree_node_t **root, + const char *_func, int _line) { ndpi_default_ports_tree_node_t *ret; u_int16_t port; @@ -560,7 +588,7 @@ static void addDefaultPort(ndpi_port_range *range, ndpi_default_ports_tree_node_t *node = (ndpi_default_ports_tree_node_t*)ndpi_malloc(sizeof(ndpi_default_ports_tree_node_t)); if(!node) { - printf("[NDPI] %s(): not enough memory\n", __FUNCTION__); + NDPI_LOG_ERR(ndpi_mod, "%s:%d not enough memory\n", _func, _line); break; } @@ -568,7 +596,8 @@ static void addDefaultPort(ndpi_port_range *range, ret = *(ndpi_default_ports_tree_node_t**)ndpi_tsearch(node, (void*)root, ndpi_default_ports_tree_node_t_cmp); /* Add it to the tree */ if(ret != node) { - /* printf("[NDPI] %s(): found duplicate for port %u: overwriting it with new value\n", __FUNCTION__, port); */ + NDPI_LOG_DBG(ndpi_mod, "[NDPI] %s:%d found duplicate for port %u: overwriting it with new value\n", + _func, _line, port); ret->proto = def; ndpi_free(node); @@ -616,7 +645,7 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc AC_PATTERN_t ac_pattern; if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - printf("[NDPI] %s(protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protocol_id); + NDPI_LOG_ERR(ndpi_struct, "[NDPI] protoId=%d: INTERNAL ERROR\n", protocol_id); return(-1); } @@ -640,7 +669,7 @@ static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *nd ndpi_protocol_breed_t breed) { #ifdef DEBUG - printf("[NDPI] Adding [%s][%d]\n", value, protocol_id); + NDPI_LOG_DEBUG2(ndpi_struct, "[NDPI] Adding [%s][%d]\n", value, protocol_id); #endif return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, @@ -668,7 +697,7 @@ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struc static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id) { - printf("[NDPI] Missing implementation of %s()\n", __FUNCTION__); + NDPI_LOG_ERR(ndpi_struct, "[NDPI] Missing implementation for proto %s/%d\n",value,protocol_id); return(-1); } @@ -1686,9 +1715,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp if((ndpi_mod->proto_defaults[i].protoName == NULL) || ((i != NDPI_PROTOCOL_UNKNOWN) && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))) { - printf("[NDPI] %s(missing protoId=%d/%s) INTERNAL ERROR: not all protocols have been initialized\n", - __FUNCTION__, i, - ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); + NDPI_LOG_ERR(ndpi_mod, "[NDPI] missing protoId=%d/%s: INTERNAL ERROR: not all protocols have been initialized\n", + i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); } } } @@ -1837,22 +1865,26 @@ void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow void set_ndpi_free(void (*__ndpi_free)(void *ptr)) { _ndpi_free = __ndpi_free; } void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)) { _ndpi_flow_free = __ndpi_flow_free; } -void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level, const char * format, ...) +void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, + ndpi_log_level_t log_level, const char *file_name, const char *func_name, int line_number, + const char * format, ...) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES va_list args; #define MAX_STR_LEN 120 char str[MAX_STR_LEN]; + if(ndpi_str != NULL && log_level > NDPI_LOG_ERROR && + proto > 0 && proto < NDPI_MAX_SUPPORTED_PROTOCOLS && + !NDPI_ISSET(&ndpi_str->debug_bitmask,proto)) return; va_start(args, format); vsprintf(str, format, args); va_end(args); if (ndpi_str != NULL) { - char proto_name[64]; - snprintf(proto_name, sizeof(proto_name), "%s", ndpi_get_proto_name(ndpi_str, proto)); - printf("%s:%s:%u - Proto: %s, %s\n", ndpi_str->ndpi_debug_print_file, ndpi_str->ndpi_debug_print_function, ndpi_str->ndpi_debug_print_line, proto_name, str); + printf("%s:%s:%-3u - [%s]: %s", + file_name, func_name, line_number, ndpi_get_proto_name(ndpi_str, proto), str); } else { - printf("Proto: %u, %s\n", proto, str); + printf("Proto: %u, %s", proto, str); } #endif } @@ -1871,7 +1903,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { if(ndpi_str == NULL) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES - NDPI_LOG(0, ndpi_str, NDPI_LOG_DEBUG, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); + NDPI_LOG_ERR(ndpi_str, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ return NULL; } @@ -2166,7 +2198,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, at = strrchr(rule, '@'); if(at == NULL) { - printf("Invalid rule '%s'\n", rule); + NDPI_LOG_ERR(ndpi_mod, "Invalid rule '%s'\n", rule); return(-1); } else at[0] = 0, proto = &at[1]; @@ -2197,14 +2229,14 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(def == NULL) { if(!do_add) { /* We need to remove a rule */ - printf("Unable to find protocol '%s': skipping rule '%s'\n", proto, rule); + NDPI_LOG_ERR(ndpi_mod, "Unable to find protocol '%s': skipping rule '%s'\n", proto, rule); return(-3); } else { ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; if(ndpi_mod->ndpi_num_custom_protocols >= (NDPI_MAX_NUM_CUSTOM_PROTOCOLS-1)) { - printf("Too many protocols defined (%u): skipping protocol %s\n", + NDPI_LOG_ERR(ndpi_mod, "Too many protocols defined (%u): skipping protocol %s\n", ndpi_mod->ndpi_num_custom_protocols, proto); return(-2); } @@ -2245,7 +2277,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(sscanf(value, "%u-%u", (u_int32_t *)&range.port_low, (u_int32_t *)&range.port_high) != 2) range.port_low = range.port_high = atoi(&elem[4]); if(do_add) - addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + addDefaultPort(ndpi_mod, &range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { @@ -2280,7 +2312,7 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char int i; if(fd == NULL) { - printf("Unable to open file %s [%s]", path, strerror(errno)); + NDPI_LOG_ERR(ndpi_mod, "Unable to open file %s [%s]", path, strerror(errno)); return(-1); } @@ -2320,14 +2352,18 @@ void ndpi_set_bitmask_protocol_detection(char * label, */ if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, ndpi_protocol_id) != 0) { #ifdef DEBUG - NDPI_LOG(0, ndpi_struct, NDPI_LOG_DEBUG,"[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n", label, idx, ndpi_protocol_id); + NDPI_LOG_DBG2(ndpi_struct + "[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n", + label, idx, ndpi_protocol_id); #endif - if(ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx != 0) - printf("[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id); - else { + if(ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx != 0) { + NDPI_LOG_DBG2(ndpi_struct, + "[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id); #ifdef DEBUG - printf("[NDPI] Adding %s with protocol id %d\n", label, ndpi_protocol_id); + } else { + NDPI_LOG_DBG2(ndpi_struct, + "[NDPI] Adding %s with protocol id %d\n", label, ndpi_protocol_id); #endif } @@ -2810,7 +2846,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n ndpi_struct->callback_buffer_size = a; - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_size is %u\n", ndpi_struct->callback_buffer_size); /* now build the specific buffer for tcp, udp and non_tcp_udp */ @@ -2821,7 +2857,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC)) != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_tcp_payload, adding buffer %u as entry %u\n", a, ndpi_struct->callback_buffer_size_tcp_payload); @@ -2831,7 +2867,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n if((ndpi_struct-> callback_buffer[a].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "\tcallback_buffer_tcp_no_payload, additional adding buffer %u to no_payload process\n", a); memcpy(&ndpi_struct->callback_buffer_tcp_no_payload @@ -2848,7 +2884,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC)) != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_size_udp: adding buffer : %u as entry %u\n", a, ndpi_struct->callback_buffer_size_udp); memcpy(&ndpi_struct->callback_buffer_udp[ndpi_struct->callback_buffer_size_udp], @@ -2865,7 +2901,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n == 0 || (ndpi_struct-> callback_buffer[a].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC) != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_non_tcp_udp: adding buffer : %u as entry %u\n", a, ndpi_struct->callback_buffer_size_non_tcp_udp); memcpy(&ndpi_struct->callback_buffer_non_tcp_udp[ndpi_struct->callback_buffer_size_non_tcp_udp], @@ -2955,11 +2991,11 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru iph = (const struct ndpi_iphdr *) l3; if(iph->version == IPVERSION && iph->ihl >= 5) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv4 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv4 header\n"); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if(iph->version == 6 && l3_len >= sizeof(struct ndpi_ipv6hdr)) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv6 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv6 header\n"); iph_v6 = (const struct ndpi_ipv6hdr *) iph; iph = NULL; } @@ -2969,12 +3005,12 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru } if((flags & NDPI_DETECTION_ONLY_IPV6) && iph != NULL) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv4 header found but excluded by flag\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv4 header found but excluded by flag\n"); return 1; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if((flags & NDPI_DETECTION_ONLY_IPV4) && iph_v6 != NULL) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv6 header found but excluded by flag\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv6 header found but excluded by flag\n"); return 1; } #endif @@ -3073,12 +3109,12 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str #endif /* NDPI_DETECTION_SUPPORT_IPV6 */ if(decaps_iph && decaps_iph->version == IPVERSION && decaps_iph->ihl >= 5) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv4 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv4 header\n"); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if(decaps_iph && decaps_iph->version == 6 && l3len >= sizeof(struct ndpi_ipv6hdr) && (ndpi_struct->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv6 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv6 header\n"); flow->packet.iphv6 = (struct ndpi_ipv6hdr *)flow->packet.iph; flow->packet.iph = NULL; } @@ -3130,9 +3166,8 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { memset(flow, 0, sizeof(*(flow))); - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, - NDPI_LOG_DEBUG, - "%s:%u: tcp syn packet for unknown protocol, reset detection state\n", __FUNCTION__, __LINE__); + NDPI_LOG_DBG(ndpi_struct, + "tcp syn packet for unknown protocol, reset detection state\n"); } } else { @@ -3351,11 +3386,11 @@ void check_ndpi_udp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_udp[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_udp[a].func(ndpi_struct, flow); - // NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "[UDP,CALL] dissector of protocol as callback_buffer idx = %d\n",a); + // NDPI_LOG_DBG(ndpi_struct, "[UDP,CALL] dissector of protocol as callback_buffer idx = %d\n",a); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } else - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "[UDP,SKIP] dissector of protocol as callback_buffer idx = %d\n",a); } } @@ -3560,6 +3595,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int32_t a; ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + if(ndpi_struct->ndpi_log_level >= NDPI_LOG_TRACE) + NDPI_LOG(flow ? flow->detected_protocol_stack[0]:NDPI_PROTOCOL_UNKNOWN, + ndpi_struct, NDPI_LOG_TRACE, "START packet processing\n"); if(flow == NULL) return(ret); @@ -3911,7 +3949,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc flow->http.response_status_code[4]='\0'; - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", packet->http_response.len, packet->http_response.ptr); } @@ -4138,13 +4176,13 @@ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "called ndpi_check_for_email_address\n"); + NDPI_LOG_DBG2(ndpi_struct, "called ndpi_check_for_email_address\n"); if(packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "first letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "first letter\n"); counter++; while (packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') @@ -4152,44 +4190,44 @@ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_' || packet->payload[counter] == '.')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "further letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "further letter\n"); counter++; if(packet->payload_packet_len > counter && packet->payload[counter] == '@') { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "@\n"); + NDPI_LOG_DBG2(ndpi_struct, "@\n"); counter++; while (packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "letter\n"); counter++; if(packet->payload_packet_len > counter && packet->payload[counter] == '.') { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, ".\n"); + NDPI_LOG_DBG2(ndpi_struct, ".\n"); counter++; if(packet->payload_packet_len > counter + 1 && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') && (packet->payload[counter + 1] >= 'a' && packet->payload[counter + 1] <= 'z'))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "two letters\n"); + NDPI_LOG_DBG2(ndpi_struct, "two letters\n"); counter += 2; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "whitespace1\n"); + NDPI_LOG_DBG2(ndpi_struct, "whitespace1\n"); return counter; } else if(packet->payload_packet_len > counter && packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "one letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "one letter\n"); counter++; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "whitespace2\n"); + NDPI_LOG_DBG2(ndpi_struct, "whitespace2\n"); return counter; } else if(packet->payload_packet_len > counter && packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') { counter++; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "whitespace3\n"); + NDPI_LOG_DBG2(ndpi_struct, "whitespace3\n"); return counter; } else { return 0; @@ -4835,7 +4873,6 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *pr void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) printf("[%3d] %s\n", i, ndpi_mod->proto_defaults[i].protoName); } @@ -4941,7 +4978,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str strncpy(m, string_to_match, len); m[len] = '\0'; - printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", + NDPI_LOG_DBG2(ndpi_struct, "[NDPI] ndpi_match_host_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); } #endif @@ -4959,7 +4996,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str #ifdef DEBUG string_to_match[string_to_match_len] = '\0'; - printf("[NTOP] Unable to find a match for '%s'\n", string_to_match); + NDPI_LOG_DBG2(ndpi_struct, "[NTOP] Unable to find a match for '%s'\n", string_to_match); #endif return(NDPI_PROTOCOL_UNKNOWN); @@ -5073,7 +5110,6 @@ int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a) { void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a) { int i; - for(i=0; ipacket; + NDPI_LOG_DBG(ndpi_struct, "search AFP\n"); + if (packet->payload_packet_len >= sizeof(struct afpHeader)) { struct afpHeader *h = (struct afpHeader*)packet->payload; @@ -64,7 +70,7 @@ void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct nd get_u_int32_t(packet->payload, 8) == htonl(packet->payload_packet_len - 16) && get_u_int32_t(packet->payload, 12) == 0 && get_u_int16_t(packet->payload, 16) == htons(0x0104)) { - NDPI_LOG(NDPI_PROTOCOL_AFP, ndpi_struct, NDPI_LOG_DEBUG, "AFP: DSI OpenSession detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found AFP: DSI OpenSession\n"); ndpi_int_afp_add_connection(ndpi_struct, flow); return; } @@ -73,14 +79,13 @@ void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && ((h->command >= 1) && (h->command <= 8)) && (h->reserved == 0) && (packet->payload_packet_len >= (sizeof(struct afpHeader)+ntohl(h->length)))) { - NDPI_LOG(NDPI_PROTOCOL_AFP, ndpi_struct, NDPI_LOG_DEBUG, "AFP: DSI detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found AFP: DSI\n"); ndpi_int_afp_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_AFP, ndpi_struct, NDPI_LOG_DEBUG, "AFP excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AFP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index 147762815..fb439f817 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -23,10 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_AIMINI +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AIMINI + +#include "ndpi_api.h" + static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) @@ -50,43 +54,40 @@ static u_int8_t is_special_aimini_host(struct ndpi_int_one_line_struct host_line void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "search aimini.\n"); + NDPI_LOG_DBG(ndpi_struct, "search aimini\n"); if (packet->udp != NULL) { if (flow->l4.udp.aimini_stage == 0) { if (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) { flow->l4.udp.aimini_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 1\n"); return; } if (packet->payload_packet_len == 136 && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) { flow->l4.udp.aimini_stage = 4; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 4.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 4\n"); return; } if (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) { flow->l4.udp.aimini_stage = 7; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 7.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 7\n"); return; } if (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) { flow->l4.udp.aimini_stage = 10; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 10.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 10\n"); return; } if (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) { flow->l4.udp.aimini_stage = 13; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 13.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 13\n"); return; } if (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) { flow->l4.udp.aimini_stage = 16; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 16.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 16\n"); return; } } @@ -96,7 +97,7 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 1 && packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115) { flow->l4.udp.aimini_stage = 2; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 2.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 2\n"); return; } if (flow->l4.udp.aimini_stage == 2 && @@ -104,14 +105,14 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 0) == htons(0x010b)) || (packet->payload_packet_len == 88 && get_u_int16_t(packet->payload, 0) == ntohs(0x0115)))) { flow->l4.udp.aimini_stage = 3; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 3.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 3\n"); return; } if (flow->l4.udp.aimini_stage == 3 && ((packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) || (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) || (packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "found aimini (64, 0x010b), (>300, 0x0115), " + NDPI_LOG_INFO(ndpi_struct, "found aimini (64, 0x010b), (>300, 0x0115), " "(16, 0x010c || 64, 0x010b), (16, 0x010c || 64, 0x010b || >100, 0x0115).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -122,14 +123,14 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 4 && packet->payload_packet_len == 136 && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) { flow->l4.udp.aimini_stage = 5; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 5.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 5\n"); return; } if (flow->l4.udp.aimini_stage == 5 && (packet->payload_packet_len == 136 && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165))) { flow->l4.udp.aimini_stage = 6; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 6.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 6\n"); return; } if (flow->l4.udp.aimini_stage == 6 && ((packet->payload_packet_len == 136 @@ -137,7 +138,7 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct || ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9)) || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (136, 0x01c9), (136, 0x01c9)," "(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -148,18 +149,18 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 7 && packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) { flow->l4.udp.aimini_stage = 8; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 8.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 8\n"); return; } if (flow->l4.udp.aimini_stage == 8 && (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) { flow->l4.udp.aimini_stage = 9; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 9.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 9\n"); return; } if (flow->l4.udp.aimini_stage == 9 && (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (88, 0x0101), (88, 0x0101)," "(88, 0x0101),(88, 0x0101).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -170,19 +171,19 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 10 && packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) { flow->l4.udp.aimini_stage = 11; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 11.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 11\n"); return; } if (flow->l4.udp.aimini_stage == 11 && (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)) { flow->l4.udp.aimini_stage = 12; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 12.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 12\n"); return; } if (flow->l4.udp.aimini_stage == 12 && ((packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (104, 0x0102), (104, 0x0102), " "(104, 0x0102), (104, 0x0102).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -193,20 +194,20 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 13 && packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) { flow->l4.udp.aimini_stage = 14; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 14.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 14\n"); return; } if (flow->l4.udp.aimini_stage == 14 && ((packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) || (packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166))) { flow->l4.udp.aimini_stage = 15; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 15.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 15\n"); return; } if (flow->l4.udp.aimini_stage == 15 && ((packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166) || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166)||(32,0x01ca)).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -217,18 +218,18 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 16 && packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) { flow->l4.udp.aimini_stage = 17; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 17.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 17\n"); return; } if (flow->l4.udp.aimini_stage == 17 && (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) { flow->l4.udp.aimini_stage = 18; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 18.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 18\n"); return; } if (flow->l4.udp.aimini_stage == 18 && (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -238,11 +239,11 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct (memcmp(packet->payload, "GET /player/", NDPI_STATICSTRING_LEN("GET /player/")) == 0)) || (packet->payload_packet_len > NDPI_STATICSTRING_LEN("GET /play/?fid=") && (memcmp(packet->payload, "GET /play/?fid=", NDPI_STATICSTRING_LEN("GET /play/?fid=")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "HTTP packet detected.\n"); + NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->host_line.ptr != NULL && packet->host_line.len > 11 && (memcmp(&packet->host_line.ptr[packet->host_line.len - 11], ".aimini.net", 11) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "AIMINI HTTP traffic detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; } @@ -255,8 +256,8 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_STATICSTRING_LEN("download/")) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (is_special_aimini_host(packet->host_line) == 1) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, - "AIMINI HTTP traffic detected.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found AIMINI HTTP traffic\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; } @@ -266,8 +267,8 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_STATICSTRING_LEN("upload/")) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (is_special_aimini_host(packet->host_line) == 1) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, - "AIMINI HTTP traffic detected.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found AIMINI HTTP traffic detected.\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; } @@ -276,8 +277,7 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct } } - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "exclude aimini.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AIMINI); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 72bbc0a38..6b530c16d 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -18,10 +18,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_AMQP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMQP + +#include "ndpi_api.h" + + PACK_ON struct amqp_header { u_int8_t ptype; @@ -39,7 +44,7 @@ static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "search amqp. \n"); + NDPI_LOG_DBG(ndpi_struct, "search amqp\n"); if (packet->tcp != NULL) { if(packet->payload_packet_len > sizeof(struct amqp_header)) { @@ -57,7 +62,7 @@ void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct n u_int16_t method = htons(h->method); if(method <= 120 /* Method basic NACK */) { - NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "found amqp over tcp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found amqp over tcp\n"); ndpi_int_amqp_add_connection(ndpi_struct, flow); return; } @@ -65,6 +70,8 @@ void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct n } } } + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index a7ef0ce65..a80c39d7f 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_APPLEJUICE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLEJUICE + +#include "ndpi_api.h" + static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -37,21 +41,18 @@ void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_APPLEJUICE, ndpi_struct, NDPI_LOG_DEBUG, "search applejuice.\n"); + NDPI_LOG_DBG(ndpi_struct, "search applejuice\n"); if ((packet->payload_packet_len > 7) && (packet->payload[6] == 0x0d) && (packet->payload[7] == 0x0a) && (memcmp(packet->payload, "ajprot", 6) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_APPLEJUICE, ndpi_struct, NDPI_LOG_DEBUG, "detected applejuice.\n"); + NDPI_LOG_INFO(ndpi_struct, "found applejuice\n"); ndpi_int_applejuice_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_APPLEJUICE, ndpi_struct, NDPI_LOG_DEBUG, "exclude applejuice.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_APPLEJUICE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index 61a32326e..7f4fb9ec0 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -22,27 +22,26 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ARMAGETRON +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ARMAGETRON + +#include "ndpi_api.h" + static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ARMAGETRON, NDPI_PROTOCOL_UNKNOWN); } void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "search armagetron.\n"); + NDPI_LOG_DBG(ndpi_struct, "search armagetron\n"); if (packet->payload_packet_len > 10) { /* login request */ @@ -52,7 +51,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct goto exclude; if (get_u_int16_t(packet->payload, 6) == htons(0x0008) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "detected armagetron.\n"); + NDPI_LOG_INFO(ndpi_struct, "found armagetron\n"); ndpi_int_armagetron_add_connection(ndpi_struct, flow); return; } @@ -65,7 +64,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct goto exclude; if (get_u_int32_t(packet->payload, 6) == htonl(0x00000500) && get_u_int32_t(packet->payload, 6 + 4) == htonl(0x00010000) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "detected armagetron.\n"); + NDPI_LOG_INFO(ndpi_struct, "found armagetron\n"); ndpi_int_armagetron_add_connection(ndpi_struct, flow); return; } @@ -85,7 +84,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct && (get_u_int32_t(packet->payload, 6 + 10 + val) == htonl(0x00010000) || get_u_int32_t(packet->payload, 6 + 10 + val) == htonl(0x00000001)) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "detected armagetron.\n"); + NDPI_LOG_INFO(ndpi_struct, "found armagetron\n"); ndpi_int_armagetron_add_connection(ndpi_struct, flow); return; } @@ -94,8 +93,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct } exclude: - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "exclude armagetron.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ARMAGETRON); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 6e5401093..bc993cfe3 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -26,10 +26,14 @@ http://tools.ietf.org/html/rfc4891 */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_AYIYA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AYIYA + +#include "ndpi_api.h" + struct ayiya { u_int8_t flags[3]; u_int8_t next_header; @@ -42,6 +46,8 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search AYIYA\n"); + if(packet->udp && (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { /* Ayiya is udp based, port 5072 */ if ((packet->udp->source == htons(5072) || packet->udp->dest == htons(5072)) @@ -55,13 +61,15 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct now = flow->packet.tick_timestamp; - if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) + if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) { + NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN); + } return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AYIYA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c index 6087e67a4..23a3749b2 100644 --- a/src/lib/protocols/battlefield.c +++ b/src/lib/protocols/battlefield.c @@ -22,10 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_BATTLEFIELD +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BATTLEFIELD + +#include "ndpi_api.h" static void ndpi_int_battlefield_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -53,12 +56,12 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_BATTLEFIELD) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->battlefield_ts) < ndpi_struct->battlefield_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "battlefield : save src connection packet detected\n"); src->battlefield_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->battlefield_ts) < ndpi_struct->battlefield_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "battlefield : save dst connection packet detected\n"); dst->battlefield_ts = packet->tick_timestamp; } @@ -74,8 +77,7 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s } } else if (flow->l4.udp.battlefield_stage == 2 - packet->packet_direction) { if (packet->payload_packet_len > 8 && get_u_int32_t(packet->payload, 0) == flow->l4.udp.battlefield_msg_id) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, - NDPI_LOG_DEBUG, "Battlefield message and reply detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield message and reply detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } @@ -91,28 +93,26 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s } else if (flow->l4.udp.battlefield_stage == 4 - packet->packet_direction) { if (packet->payload_packet_len == 7 && (packet->payload[0] == 0x02 || packet->payload[packet->payload_packet_len - 1] == 0xe0)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, - "Battlefield message and reply detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield message and reply detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } } if (packet->payload_packet_len == 18 && memcmp(&packet->payload[5], "battlefield2\x00", 13) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, "Battlefield 2 hello packet detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield 2 hello packet detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } else if (packet->payload_packet_len > 10 && (memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\x50\xb9\x10\x11", 10) == 0 || memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\x30\xb9\x10\x11", 10) == 0 || memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\xa0\x98\x00\x11", 10) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, "Battlefield safe pattern detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield safe pattern detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BATTLEFIELD); - return; + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index a45514b7d..f7896968b 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -20,16 +20,24 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_BGP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BGP + +#include "ndpi_api.h" + + /* this detection also works asymmetrically */ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t bgp_port = htons(179); + NDPI_LOG_DBG(ndpi_struct, "search BGP\n"); + if(packet->tcp) { if(packet->payload_packet_len > 18 && packet->payload[18] < 5 @@ -38,13 +46,13 @@ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && (get_u_int64_t(packet->payload, 8) == 0xffffffffffffffffULL) && (ntohs(get_u_int16_t(packet->payload, 16)) <= packet->payload_packet_len)) { - NDPI_LOG(NDPI_PROTOCOL_BGP, ndpi_struct, NDPI_LOG_DEBUG, "BGP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found BGP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BGP, NDPI_PROTOCOL_UNKNOWN); return; } } - /* exclude BGP */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BGP); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index a3eef585c..727992702 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -23,8 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_BITTORRENT + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITTORRENT + +#include "ndpi_api.h" + #define NDPI_PROTOCOL_UNSAFE_DETECTION 0 #define NDPI_PROTOCOL_SAFE_DETECTION 1 @@ -87,10 +93,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module if(flow->packet_counter == 2 && packet->payload_packet_len > 20) { if(memcmp(&packet->payload[0], "BitTorrent protocol", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, - ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, 19, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } } @@ -99,19 +104,18 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* test for match 0x13+"BitTorrent protocol" */ if(packet->payload[0] == 0x13) { if(memcmp(&packet->payload[1], "BitTorrent protocol", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, 20, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } } } if(packet->payload_packet_len > 23 && memcmp(packet->payload, "GET /webseed?info_hash=", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "BT: plain webseed BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain webseed\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } /* seen Azureus as server for webseed, possibly other servers existing, to implement */ @@ -119,10 +123,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* no asymmetric detection possible for answer of pattern "GET /data?fid=". */ if(packet->payload_packet_len > 60 && memcmp(packet->payload, "GET /data?fid=", 14) == 0 && memcmp(&packet->payload[54], "&size=", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "BT: plain Bitcomet persistent seed protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain Bitcomet persistent seed\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } @@ -140,10 +143,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && ((packet->user_agent_line.len > 8 && memcmp(packet->user_agent_line.ptr, "Azureus ", 8) == 0) || (packet->user_agent_line.len >= 10 && memcmp(packet->user_agent_line.ptr, "BitTorrent", 10) == 0) || (packet->user_agent_line.len >= 11 && memcmp(packet->user_agent_line.ptr, "BTWebClient", 11) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "Azureus /Bittorrent user agent line detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Azureus /Bittorrent user agent\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } @@ -151,10 +153,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && (packet->user_agent_line.len >= 9 && memcmp(packet->user_agent_line.ptr, "Shareaza ", 9) == 0) && (packet->parsed_lines > 8 && packet->line[8].ptr != 0 && packet->line[8].len >= 9 && memcmp(packet->line[8].ptr, "X-Queue: ", 9) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "Bittorrent Shareaza detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Shareaza detected\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } @@ -186,9 +187,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && packet->line[8].ptr != NULL && packet->line[8].len > 22 && memcmp(packet->line[8].ptr, "Cache-Control: no-cache", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "Bitcomet LTS detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Bitcomet LTS\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -211,9 +212,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && packet->line[6].ptr != NULL && packet->line[6].len > 21 && memcmp(packet->line[6].ptr, "Connection: Keep-Alive", 22) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "FlashGet detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: FlashGet\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -232,9 +233,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && packet->line[5].ptr != NULL && packet->line[5].len > 21 && memcmp(packet->line[5].ptr, "Connection: Keep-Alive", 22) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "FlashGet detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: FlashGet\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -250,8 +251,7 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module ptr++; } - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, " BT stat: tracker info hash found\n"); + NDPI_LOG_DBG2(ndpi_struct, " BT stat: tracker info hash found\n"); /* len is > 50, so save operation here */ len -= 10; @@ -300,10 +300,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module } } - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, " BT stat: tracker info hash parsed\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: tracker info hash parsed\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -329,10 +328,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* did not see this pattern anywhere */ if((memcmp(&packet->payload[0], pattern_20_bytes, 20) == 0) && (memcmp(&packet->payload[52], pattern_12_bytes, 12) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "BT: Warez - Plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Warez - Plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } } @@ -344,11 +342,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* haven't fount this pattern anywhere */ if(packet->host_line.ptr != NULL && packet->host_line.len >= 9 && memcmp(packet->host_line.ptr, "ip2p.com:", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, - ndpi_struct, NDPI_LOG_TRACE, - "BT: Warez - Plain BitTorrent protocol detected due to Host: ip2p.com: pattern\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Warez - Plain Host: ip2p.com: pattern\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } } @@ -370,13 +366,11 @@ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct * /* exclude stage 0 detection from next run */ flow->bittorrent_stage = 1; if(ndpi_int_search_bittorrent_tcp_zero(ndpi_struct, flow) != 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_DEBUG, - "stage 0 has detected something, returning\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage 0 has detected something, returning\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_DEBUG, - "stage 0 has no direct detection, fall through\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage 0 has no direct detection, fall through\n"); } return; } @@ -392,7 +386,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st || (packet->udp && ((ntohs(packet->udp->source) == 3544) /* teredo.c */ || (ntohs(packet->udp->dest) == 3544))))) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BITTORRENT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -481,18 +475,16 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st if(bt_proto && (packet->payload_packet_len > 47)) memcpy(flow->protos.bittorrent.hash, &bt_proto[27], 20); - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, - ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return; } } return; } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BITTORRENT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 28ddede05..f9f690308 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -1,7 +1,10 @@ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_BJNP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BJNP + +#include "ndpi_api.h" static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -23,22 +26,21 @@ static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, st || (memcmp((const char *)packet->payload, "BJNB", 4) == 0) || (memcmp((const char *)packet->payload, "MFNP", 4) == 0) ) { - NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "Found bjnp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found bjnp\n"); ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0); return; } } } - NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "exclude bjnp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BJNP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "bjnp detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search bjnp\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BJNP) { diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 4d44198d1..66d9654bc 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -181,8 +181,8 @@ static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { _print_safe_str(msg,cbd->buf,cbd->v.s.s,cbd->v.s.l); } - #define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } + #define STREQ(a,b) !strcmp(a,b) diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index 6c2fc1829..e04fba936 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -4,10 +4,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_CISCOVPN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN + +#include "ndpi_api.h" + + static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CISCOVPN, NDPI_PROTOCOL_UNKNOWN); @@ -20,15 +25,15 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru u_int16_t tdport = 0, tsport = 0; - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "search CISCOVPN.\n"); + NDPI_LOG_DBG(ndpi_struct, "search CISCOVPN\n"); if(packet->tcp != NULL) { tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "calculated CISCOVPN over tcp ports.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated CISCOVPN over tcp ports\n"); } if(packet->udp != NULL) { usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "calculated CISCOVPN over udp ports.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated CISCOVPN over udp ports\n"); } if((tdport == 10000 && tsport == 10000) || @@ -42,8 +47,9 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru { /* This is a good query 17010000*/ - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "found CISCOVPN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found CISCOVPN\n"); ndpi_int_ciscovpn_add_connection(ndpi_struct, flow); + return; } else if( ( @@ -59,11 +65,10 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru /* This is a good query fe577e2b */ - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "found CISCOVPN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found CISCOVPN\n"); ndpi_int_ciscovpn_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "exclude CISCOVPN.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CISCOVPN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index 92607579c..7d6406bff 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_CITRIX + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CITRIX #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_CITRIX /* ************************************ */ @@ -45,26 +49,25 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, char citrix_header[] = { 0x07, 0x07, 0x49, 0x43, 0x41, 0x00 }; if(memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) { - NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n"); + NDPI_LOG_INFO(ndpi_struct, "found citrix\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN); } - return; } else if(payload_len > 4) { char citrix_header[] = { 0x1a, 0x43, 0x47, 0x50, 0x2f, 0x30, 0x31 }; if((memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) || (ndpi_strnstr((const char *)packet->payload, "Citrix.TcpProxyService", payload_len) != NULL)) { - NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n"); + NDPI_LOG_INFO(ndpi_struct, "found citrix\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN); } - return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); - } else if(flow->l4.tcp.citrix_packet_id > 3) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } else if(flow->l4.tcp.citrix_packet_id > 3) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } return; } @@ -74,7 +77,7 @@ void ndpi_search_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "citrix detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search citrix\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_CITRIX) diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index 252ffc9c4..288d15f23 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -21,10 +21,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_COAP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COAP + +#include "ndpi_api.h" + + #define CON 0 #define NO_CON 1 #define ACK 2 @@ -116,14 +121,12 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, u_int16_t d_port = ntohs(flow->packet.udp->dest); if((!isCoAPport(s_port) && !isCoAPport(d_port)) - || (packet->payload_packet_len < 4) // header too short - ) { - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "excluding Coap\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP); + || (packet->payload_packet_len < 4) ) { // header too short + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "calculating coap over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating coap over udp\n"); // check values in header if(h->version == 1) { @@ -133,7 +136,7 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, (h->code >= 128 && h->code <= 134) || (h->code >= 140 && h->code <= 143) || (h->code >= 160 && h->code <= 165)) { - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found...\n"); + NDPI_LOG_INFO(ndpi_struct, "found Coap\n"); ndpi_int_coap_add_connection(ndpi_struct,flow); return; } @@ -142,8 +145,7 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Coap ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 7e6227980..2d4a06bb3 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -19,16 +19,21 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_COLLECTD +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COLLECTD + +#include "ndpi_api.h" + + void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int len = 0; - NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "search collectd.\n"); + NDPI_LOG_DBG(ndpi_struct, "search collectd\n"); if (packet->udp == NULL) return; @@ -43,11 +48,10 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru } if(len == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "found COLLECTD.\n"); + NDPI_LOG_INFO(ndpi_struct, "found COLLECTD\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_COLLECTD, NDPI_PROTOCOL_UNKNOWN); } else { - NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "exclude COLLECTD.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COLLECTD); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index c16accc59..94e9f324a 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_CORBA + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CORBA #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_CORBA static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -31,18 +35,17 @@ void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "search for CORBA.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for CORBA\n"); if(packet->tcp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "calculating CORBA over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating CORBA over tcp\n"); /* Corba General Inter-ORB Protocol -> GIOP */ if ((packet->payload_packet_len >= 24 && packet->payload_packet_len <= 144) && memcmp(packet->payload, "GIOP", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "found corba.\n"); + NDPI_LOG_INFO(ndpi_struct, "found corba\n"); ndpi_int_corba_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "exclude CORBA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CORBA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index 5dfddf5c3..ea1dce66a 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -21,11 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" -/* include files */ -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_CROSSFIRE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CROSSFIRE + +#include "ndpi_api.h" + static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) @@ -37,21 +40,17 @@ static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struc void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "search crossfire.\n"); + NDPI_LOG_DBG(ndpi_struct, "search crossfire\n"); if (packet->udp != 0) { - if (packet->payload_packet_len == 25 && get_u_int32_t(packet->payload, 0) == ntohl(0xc7d91999) + if (packet->payload_packet_len == 25 + && get_u_int32_t(packet->payload, 0) == ntohl(0xc7d91999) && get_u_int16_t(packet->payload, 4) == ntohs(0x0200) - && get_u_int16_t(packet->payload, 22) == ntohs(0x7d00) - ) { - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "Crossfire: found udp packet.\n"); - ndpi_int_crossfire_add_connection(ndpi_struct, flow); - return; + && get_u_int16_t(packet->payload, 22) == ntohs(0x7d00)) { + NDPI_LOG_INFO(ndpi_struct, "found Crossfire: udp packet\n"); + ndpi_int_crossfire_add_connection(ndpi_struct, flow); + return; } } else if (packet->tcp != 0) { @@ -67,16 +66,15 @@ void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_str && (memcmp(packet->host_line.ptr, "crossfire", 9) == 0 || memcmp(packet->host_line.ptr, "www.crossfire", 13) == 0)) ) { - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "Crossfire: found HTTP request.\n"); - ndpi_int_crossfire_add_connection(ndpi_struct, flow); - return; + NDPI_LOG_DBG(ndpi_struct, "found Crossfire: HTTP request\n"); + ndpi_int_crossfire_add_connection(ndpi_struct, flow); + return; } } } - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "exclude crossfire.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CROSSFIRE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index 14073aef7..3bf0b4fe9 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -20,49 +20,51 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_CSGO -#include "ndpi_api.h" +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CSGO -#ifdef NDPI_PROTOCOL_CSGO +#include "ndpi_api.h" void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { struct ndpi_packet_struct* packet = &flow->packet; if (packet->udp != NULL) { uint32_t w = htonl(get_u_int32_t(packet->payload, 0)); - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "CSGO: word %08x\n", w); + NDPI_LOG_DBG2(ndpi_struct, "CSGO: word %08x\n", w); if (!flow->csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) { if (!memcmp(packet->payload + 5, "connect0x", 9)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x.\n"); flow->csgo_state++; memcpy(flow->csgo_strid, packet->payload + 5, 18); + NDPI_LOG_DBG2(ndpi_struct, "Found csgo connect0x\n"); return; } } if (flow->csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { if (!memcmp(packet->payload + 24, flow->csgo_strid, 18)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x reply.\n"); flow->csgo_state++; ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO( ndpi_struct, "found csgo connect0x reply\n"); return; } } if (packet->payload_packet_len == 8 && ( w == 0x3a180000 || w == 0x39180000) ) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 8b.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp 8b\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->payload_packet_len >= 36 && w == 0x56533031ul) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->payload_packet_len >= 36 && w == 0x01007364) { uint32_t w2 = htonl(get_u_int32_t(packet->payload, 4)); if (w2 == 0x70696e67) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp ping.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp ping\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -73,11 +75,11 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n if (!flow->csgo_s2) { flow->csgo_id2 = w2; flow->csgo_s2 = 1; - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1.\n"); + NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1\n"); return; } if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1 DUP.\n"); + NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1 DUP\n"); return; } flow->csgo_s2 = 3; @@ -85,7 +87,7 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n } if (packet->payload_packet_len == 15) { if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp 0d1d\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -94,23 +96,23 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n } if (packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) && !memcmp(&packet->payload[3], "lta\000mob\000tpc\000bhj\000bxd\000tae\000urg\000gkh\000", 32)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo dictionary udp.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo dictionary udp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->payload_packet_len >= 33 && packet->iph && packet->iph->daddr == 0xffffffff && !memcmp(&packet->payload[17], "LanSearch", 9)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo LanSearch udp.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo LanSearch udp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } } if (flow->packet_counter > 20) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CSGO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } -void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, - u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ ndpi_set_bitmask_protocol_detection("CSGO", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CSGO, ndpi_search_csgo, diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index 7be8ac027..3aef077cd 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DCERPC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DCERPC #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_DCERPC static void ndpi_int_dcerpc_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,20 +40,21 @@ void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search DCERPC\n"); + if((packet->tcp != NULL) && (packet->payload_packet_len >= 64) && (packet->payload[0] == 0x05) /* version 5 */ && (packet->payload[2] < 16) /* Packet type */ && (((packet->payload[9]<<8) | packet->payload[8]) == packet->payload_packet_len) /* Packet Length */ ) { - NDPI_LOG(NDPI_PROTOCOL_DCERPC, ndpi_struct, NDPI_LOG_DEBUG, "DCERPC match\n"); + NDPI_LOG_INFO(ndpi_struct, "found DCERPC\n"); ndpi_int_dcerpc_add_connection(ndpi_struct, flow); return; } - if(packet->payload_packet_len>1){ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC); - } + if(packet->payload_packet_len>1) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index cdf33947e..004d42379 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -18,11 +18,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_DHCP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP + +#include "ndpi_api.h" + /* freeradius/src/lib/dhcp.c */ #define DHCP_CHADDR_LEN 16 #define DHCP_SNAME_LEN 64 @@ -61,8 +64,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search DHCP\n"); /* this detection also works for asymmetric dhcp traffic */ @@ -87,7 +89,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(len == 0) break; #ifdef DHCP_DEBUG - printf("[DHCP] Id=%d [len=%d]\n", id, len); + NDPI_LOG_DBG2(ndpi_struct, "[DHCP] Id=%d [len=%d]\n", id, len); #endif if(id == 53 /* DHCP Message Type */) { @@ -95,8 +97,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(msg_type <= 8) foundValidMsgType = 1; } else if(id == 55 /* Parameter Request List / Fingerprint */) { - u_int idx, offset = 0, - hex_len = ndpi_min(len * 2, sizeof(flow->protos.dhcp.fingerprint)); + u_int idx, offset = 0; for(idx=0; idxprotos.dhcp.fingerprint[offset], @@ -109,9 +110,8 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru int j = 0; #ifdef DHCP_DEBUG - printf("[DHCP] "); - while(j < len) { printf("%c", name[j]); j++; } - printf("\n"); + NDPI_LOG_DBG2(ndpi_struct, "[DHCP] '%.*s'\n",name,len); +// while(j < len) { printf( "%c", name[j]); j++; }; printf("\n"); #endif j = ndpi_min(len, sizeof(flow->host_server_name)-1); strncpy((char*)flow->host_server_name, name, j); @@ -125,14 +125,14 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru //get_u_int16_t(packet->payload, 240) == htons(0x3501)) { if(foundValidMsgType) { - NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG, "DHCP found\n"); + NDPI_LOG_INFO(ndpi_struct, "found DHCP\n"); ndpi_int_dhcp_add_connection(ndpi_struct, flow); } return; } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index 31d912b39..98ed08cda 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -22,12 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_DHCPV6 -/* include files */ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCPV6 + +#include "ndpi_api.h" -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_DHCPV6 static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -40,21 +42,19 @@ void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search DHCPv6\n"); if (packet->payload_packet_len >= 4 && (packet->udp->source == htons(546) || packet->udp->source == htons(547)) && (packet->udp->dest == htons(546) || packet->udp->dest == htons(547)) && packet->payload[0] >= 1 && packet->payload[0] <= 13) { - NDPI_LOG(NDPI_PROTOCOL_DHCPV6, ndpi_struct, NDPI_LOG_DEBUG, "DHCPv6 detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found DHCPv6\n"); ndpi_int_dhcpv6_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_DHCPV6, ndpi_struct, NDPI_LOG_DEBUG, "DHCPv6 excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCPV6); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index e712df626..725e53348 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -23,9 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_DIRECTCONNECT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT + +#include "ndpi_api.h" + + //#define NDPI_DEBUG_DIRECTCONNECT //#define NDPI_DIRECTCONNECT_PORT_DEBUG //#define NDPI_DEBUG_DIRECTCONNECT_CONN @@ -58,9 +64,7 @@ static u_int16_t parse_binf_message(struct ndpi_detection_module_struct if (memcmp(&payload[i], "DCTM", 4) == 0) { if (memcmp(&payload[i + 15], "ADCS", 4) == 0) { ssl_port = ntohs_ndpi_bytestream_to_number(&payload[i + 25], 5, &bytes_read); - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ssl_port); - + NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ssl_port); } } } else { @@ -89,13 +93,11 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s if (packet->tcp != NULL && flow->setup_packet_direction != packet->packet_direction && src->detected_directconnect_port == 0) { src->detected_directconnect_port = packet->tcp->source; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect tcp PORT %u for src\n", ntohs(src->detected_directconnect_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC tcp PORT %u for src\n", ntohs(src->detected_directconnect_port)); } if (packet->udp != NULL && src->detected_directconnect_udp_port == 0) { src->detected_directconnect_udp_port = packet->udp->source; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect udp PORT %u for src\n", ntohs(src->detected_directconnect_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC udp PORT %u for src\n", ntohs(src->detected_directconnect_port)); } } @@ -113,9 +115,9 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s /* dst->detected_directconnect_port = packet->tcp->dest; - NDPI_LOG (NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect tcp PORT %u for dst\n", - ntohs (dst->detected_directconnect_port)); + NDPI_LOG_DBG2(ndpi_struct, + "DC tcp PORT %u for dst\n", + ntohs (dst->detected_directconnect_port)); */ } } @@ -148,14 +150,12 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if (dst != NULL) { dst->detected_directconnect_ssl_port = ntohs_ndpi_bytestream_to_number(&packet->payload[25], 5, &bytes_read); - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ntohs(dst->detected_directconnect_ssl_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ntohs(dst->detected_directconnect_ssl_port)); } if (src != NULL) { src->detected_directconnect_ssl_port = ntohs_ndpi_bytestream_to_number(&packet->payload[25], 5, &bytes_read); - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ntohs(src->detected_directconnect_ssl_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ntohs(src->detected_directconnect_ssl_port)); } @@ -168,15 +168,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); src->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(src->detected_directconnect_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_port)); + ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { src->detected_directconnect_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting src port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting src port due to timeout\n"); return; } } @@ -184,15 +182,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); src->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(src->detected_directconnect_ssl_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_ssl_port)); + ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { src->detected_directconnect_ssl_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting src port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting src port due to timeout\n"); return; } } @@ -204,15 +200,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); dst->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(dst->detected_directconnect_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_port)); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { dst->detected_directconnect_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting dst port due to timeout"); + NDPI_LOG_DBG(ndpi_struct, "resetting dst port due to timeout\n"); return; } } @@ -220,16 +214,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); dst->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(dst->detected_directconnect_ssl_port)); - + NDPI_LOG_DBG(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_ssl_port)); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { dst->detected_directconnect_ssl_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting dst port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting dst port due to timeout\n"); return; } } @@ -242,8 +233,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if (packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|' && (memcmp(&packet->payload[1], "Lock ", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "maybe first dc connect to hub detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect to hub detected\n"); flow->directconnect_stage = 1; return; } @@ -251,8 +241,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n && packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|' && (memcmp(&packet->payload[1], "MyNick ", 7) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "maybe first dc connect between peers detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect between peers detected\n"); flow->directconnect_stage = 2; return; } @@ -262,15 +251,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n /* did not see this pattern in any trace */ if (memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS0 E\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB); return; /* did not see this pattern in any trace */ } else if (memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect CSUP ADBAS0 E\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC CSUP ADBAS0 E\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER); return; @@ -283,19 +270,14 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n /* did not see this pattern in any trace */ if (memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS E in second packet\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS E in second packet\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB); - return; /* did not see this pattern in any trace */ } else if (memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS0 E in second packet\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E in second packet\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER); - - return; } @@ -304,12 +286,11 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if (packet->payload_packet_len > 6) { if ((packet->payload[0] == '$' || packet->payload[0] == '<') && packet->payload[packet->payload_packet_len - 1] == '|') { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "second dc detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC second\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB); - return; } else { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "second dc not detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "second dc not detected\n"); } } @@ -317,23 +298,17 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n /* get client hello answer or server message */ if (packet->payload_packet_len > 6) { if (packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|') { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "second dc between peers detected\n"); - - + NDPI_LOG_INFO(ndpi_struct, "found DC between peers\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER); - return; } else { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "second dc between peers not detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "second dc between peers not detected\n"); } } } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECTCONNECT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -352,15 +327,13 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct (packet->tick_timestamp - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); dst->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc udp port\n %d", ntohs(dst->detected_directconnect_udp_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using udp port %d\n", ntohs(dst->detected_directconnect_udp_port)); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { dst->detected_directconnect_udp_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting dst udp port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting dst udp port due to timeout\n"); return; } } @@ -380,20 +353,15 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct if (packet->payload[pos] == '(') { pos = pos - 44; if (pos > 2 && memcmp(&packet->payload[pos], "TTH:", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "dc udp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC udp\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER); return; } } } flow->directconnect_stage++; - - if (flow->directconnect_stage < 3) { - - + if (flow->directconnect_stage < 3) return; - } - } } @@ -411,7 +379,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct if (packet->payload[pos] == '(') { pos = pos - 44; if (pos > 2 && memcmp(&packet->payload[pos], "TTH:", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "dc udp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC udp\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER); return; } @@ -420,15 +388,11 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct flow->directconnect_stage++; if (flow->directconnect_stage < 3) return; - } } } - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, - "excluded at stage %d \n", flow->directconnect_stage); - - + NDPI_LOG_DBG(ndpi_struct, "excluded DC at stage %d \n", flow->directconnect_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECTCONNECT); @@ -442,7 +406,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - + NDPI_LOG_DBG(ndpi_struct, "search DC\n"); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_DIRECTCONNECT) { if (src != NULL && ((u_int32_t) @@ -458,8 +422,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct dst->directconnect_last_safe_access_time = packet->tick_timestamp; } else { packet->detected_protocol_stack[0] = NDPI_PROTOCOL_UNKNOWN; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect: skipping as unknown due to timeout\n"); + NDPI_LOG_DBG2(ndpi_struct, "skipping as unknown due to timeout\n"); } return; } diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 24375c90f..0a4d528f2 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK + +#include "ndpi_api.h" + #ifdef NDPI_DEBUG_DIRECT_DOWNLOAD_LINK //#define NDPI_DEBUG_DIRECT_DOWNLOAD_LINK_NOTHING_FOUND @@ -52,15 +57,12 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_m u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t filename_start = 0; u_int8_t i = 1; u_int16_t host_line_len_without_port; if (packet->payload_packet_len < 100) { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: Packet too small.\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: Packet too small\n"); goto end_ddl_nothing_found; } @@ -68,10 +70,10 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st if (memcmp(packet->payload, "POST ", 5) == 0) { filename_start = 5; // POST - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: POST FOUND\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: POST FOUND\n"); } else if (memcmp(packet->payload, "GET ", 4) == 0) { filename_start = 4; // GET - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: GET FOUND\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: GET FOUND\n"); } else { goto end_ddl_nothing_found; } @@ -79,16 +81,15 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->host_line.ptr == NULL) { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: NO HOST FOUND\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: NO HOST FOUND\n"); goto end_ddl_nothing_found; } - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: Host: found\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: Host: found\n"); if (packet->line[0].len < 9 + filename_start || memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) != 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, - NDPI_LOG_DEBUG, "DDL: PACKET NOT HTTP CONFORM.\nXXX%.*sXXX\n", + NDPI_LOG_DBG2(ndpi_struct, "DDL: PACKET NOT HTTP CONFORM.\nXXX%.*sXXX\n", 8, &packet->line[0].ptr[packet->line[0].len - 9]); goto end_ddl_nothing_found; } @@ -100,11 +101,11 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st i = 2; while (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] >= '0' && packet->host_line.ptr[host_line_len_without_port - i] <= '9') { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: number found\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: number found\n"); i++; } if (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] == ':') { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: ':' found\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: ':' found\n"); host_line_len_without_port = host_line_len_without_port - i; } } @@ -694,12 +695,12 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st */ end_ddl_nothing_found: - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Nothing Found\n"); return 0; end_ddl_found: - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: DIRECT DOWNLOAD LINK FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found DIRECT DOWNLOAD LINK\n"); ndpi_int_direct_download_link_add_connection(ndpi_struct, flow); return 1; } @@ -709,15 +710,12 @@ void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *n { struct ndpi_packet_struct *packet = &flow->packet; - /* struct ndpi_id_struct *src=ndpi_struct->src; */ - /* struct ndpi_id_struct *dst=ndpi_struct->dst; */ - /* do not detect again if it is already ddl */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) { if (search_ddl_domains(ndpi_struct, flow) != 0) { return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 5358cc8b7..bf4f9d9b6 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -21,10 +21,15 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_DNS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNS + +#include "ndpi_api.h" + + #define FLAGS_MASK 0x8000 /* #define DNS_DEBUG 1 */ @@ -64,7 +69,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd u_int8_t is_query; u_int16_t s_port = 0, d_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "search DNS.\n"); + NDPI_LOG_DBG(ndpi_struct, "search DNS\n"); if(flow->packet.udp != NULL) { s_port = ntohs(flow->packet.udp->source); @@ -75,8 +80,8 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd d_port = ntohs(flow->packet.tcp->dest); x = 2; } else { - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "exclude DNS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; } if((s_port == 53 || d_port == 53 || d_port == 5355) @@ -116,7 +121,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd x++; flow->protos.dns.query_type = get16(&x, flow->packet.payload); #ifdef DNS_DEBUG - printf("[%s:%d] query_type=%2d\n", __FILE__, __LINE__, flow->protos.dns.query_type); + NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type); #endif break; } else @@ -177,8 +182,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd } if(invalid) { - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "exclude DNS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -208,9 +212,8 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd strlen((const char*)flow->host_server_name), NDPI_PROTOCOL_DNS); -#ifdef DNS_DEBUG - printf("[%s:%d] [num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", - __FILE__, __LINE__, +#ifdef DNS_DEBUG + NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", flow->protos.dns.num_queries, flow->protos.dns.num_answers, flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name ); @@ -224,11 +227,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol **/ - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "found DNS.\n"); + NDPI_LOG_INFO(ndpi_struct, "found DNS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, (d_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS, NDPI_PROTOCOL_UNKNOWN); } else { - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "exclude DNS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index 26ccdb444..baed6c262 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -22,76 +22,68 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_DOFUS -#include "ndpi_api.h" +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DOFUS -#ifdef NDPI_PROTOCOL_DOFUS +#include "ndpi_api.h" static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found dofus\n"); } void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search dofus\n"); /* Dofus v 1.x.x */ if (packet->payload_packet_len == 13 && get_u_int16_t(packet->payload, 1) == ntohs(0x0508) && get_u_int16_t(packet->payload, 5) == ntohs(0x04a0) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == ntohs(0x0194)) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len > 2 && packet->payload[0] == 'A' - && (packet->payload[1] == 'x' || packet->payload[1] == 'X') - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2) - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; + if (flow->l4.tcp.dofus_stage == 0) { + if (packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0 + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0 + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0 + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len > 2 && packet->payload[0] == 'A' + && (packet->payload[1] == 'x' || packet->payload[1] == 'X') + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2) + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + } - if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0 && packet->payload[10] == 0x00) { - if (flow->l4.tcp.dofus_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); + if (flow->l4.tcp.dofus_stage == 1) { + if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0 + && packet->payload[10] == 0x00) { + ndpi_dofus_add_connection(ndpi_struct, flow); + return; + } + if (packet->payload_packet_len == 5 + && packet->payload[0] == 'A' && packet->payload[4] == 0x00 + && (packet->payload[1] == 'T' || packet->payload[1] == 'k')) { ndpi_dofus_add_connection(ndpi_struct, flow); return; } - } - if (flow->l4.tcp.dofus_stage == 1 && packet->payload_packet_len == 5 - && packet->payload[0] == 'A' && packet->payload[4] == 0x00 && (packet->payload[1] == 'T' - || packet->payload[1] == 'k')) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus asym.\n"); - ndpi_dofus_add_connection(ndpi_struct, flow); - return; } /* end Dofus 1.x.x */ @@ -109,7 +101,6 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct if (packet->payload_packet_len == 49 && ntohs(get_u_int16_t(packet->payload, 15)) + 17 != packet->payload_packet_len) { goto exclude; } - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } @@ -120,7 +111,6 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct goto exclude; len2 = ntohs(get_u_int16_t(packet->payload, 5 + len)); if (5 + len + 2 + len2 == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } @@ -135,16 +125,20 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct if ((12 + len + 2 + len2 + 1) > packet->payload_packet_len) goto exclude; if (12 + len + 2 + len2 + 1 == packet->payload_packet_len && packet->payload[12 + len + 2 + len2] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } } - exclude: - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "exclude dofus.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DOFUS); -} +exclude: + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + +maybe_dofus: + flow->l4.tcp.dofus_stage = 1; + NDPI_LOG_DBG2(ndpi_struct, "maybe dofus\n"); + return; +} void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 83a79ea82..72d708d13 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -17,10 +17,14 @@ * If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_DRDA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DRDA + +#include "ndpi_api.h" + struct ndpi_drda_hdr { u_int16_t length; u_int8_t magic; @@ -37,6 +41,8 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct * packet = &flow->packet; u_int16_t payload_len = packet->payload_packet_len; u_int count = 0; // prevent integer overflow + + NDPI_LOG_DBG(ndpi_struct, "search DRDA\n"); if(packet->tcp != NULL) { @@ -71,15 +77,14 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, } if(count != payload_len) goto no_drda; } - NDPI_LOG(NDPI_PROTOCOL_DRDA, ndpi_struct, NDPI_LOG_DEBUG, "found DRDA.\n"); + NDPI_LOG_INFO(ndpi_struct, "found DRDA\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DRDA, NDPI_PROTOCOL_UNKNOWN); return; } } no_drda: - NDPI_LOG(NDPI_PROTOCOL_DRDA, ndpi_struct, NDPI_LOG_DEBUG, "exclude DRDA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DRDA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d8babfb1b..6e8a2dcb0 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DROPBOX + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DROPBOX #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_DROPBOX #define DB_LSP_PORT 17500 @@ -51,7 +55,7 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if(payload_len > 2) { if(strncmp((const char *)packet->payload, "{\"host_int\"", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DROPBOX, ndpi_struct, NDPI_LOG_DEBUG, "Found dropbox.\n"); + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); return; } @@ -59,15 +63,14 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_DROPBOX, ndpi_struct, NDPI_LOG_DEBUG, "exclude dropbox.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DROPBOX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_DROPBOX, ndpi_struct, NDPI_LOG_DEBUG, "dropbox detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search dropbox\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DROPBOX) { diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 96ecacdde..3929b4ef6 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -24,12 +24,18 @@ http://www.brasilbandalarga.com.br */ + +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_EAQ + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EAQ + #include "ndpi_api.h" #define EAQ_DEFAULT_PORT 6000 #define EAQ_DEFAULT_SIZE 16 -#ifdef NDPI_PROTOCOL_EAQ static void ndpi_int_eaq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_UNKNOWN); @@ -40,33 +46,34 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd struct ndpi_packet_struct *packet = &flow->packet; u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); - if((packet->payload_packet_len != EAQ_DEFAULT_SIZE) - || ((sport != EAQ_DEFAULT_PORT) && (dport != EAQ_DEFAULT_PORT))) { - exclude_eaq: - NDPI_LOG(NDPI_PROTOCOL_EAQ, ndpi_struct, NDPI_LOG_DEBUG, "Exclude eaq.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_EAQ); - return; - } - - if(packet->udp != NULL) { - u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; - - if(flow->l4.udp.eaq_pkt_id == 0) - flow->l4.udp.eaq_sequence = seq; - else { - if((flow->l4.udp.eaq_sequence == seq) || ((flow->l4.udp.eaq_sequence+1) == seq)) { - ; /* Looks good */ - } else - goto exclude_eaq; - } + NDPI_LOG_DBG(ndpi_struct, "search eaq\n"); + + do { + if( (packet->payload_packet_len != EAQ_DEFAULT_SIZE) || + ((sport != EAQ_DEFAULT_PORT) && (dport != EAQ_DEFAULT_PORT)) ) + break; + + if(packet->udp != NULL) { + u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; + + if(flow->l4.udp.eaq_pkt_id == 0) + flow->l4.udp.eaq_sequence = seq; + else { + if( (flow->l4.udp.eaq_sequence != seq) && + ((flow->l4.udp.eaq_sequence+1) != seq)) break; + } - if(++flow->l4.udp.eaq_pkt_id == 4) { - /* We have collected enough packets so we assume it's EAQ */ - NDPI_LOG(NDPI_PROTOCOL_EAQ, ndpi_struct, NDPI_LOG_DEBUG, "found eaq.\n"); - ndpi_int_eaq_add_connection(ndpi_struct, flow); + if(++flow->l4.udp.eaq_pkt_id == 4) { + /* We have collected enough packets so we assume it's EAQ */ + NDPI_LOG_INFO(ndpi_struct, "found eaq\n"); + ndpi_int_eaq_add_connection(ndpi_struct, flow); + return; + } } - } else - goto exclude_eaq; + } while(0); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 5196cc9e5..34276bbcb 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -23,10 +23,15 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_EDONKEY + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EDONKEY #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_EDONKEY + static void ndpi_int_edonkey_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EDONKEY, NDPI_PROTOCOL_UNKNOWN); } @@ -159,24 +164,23 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "Exclude EDONKEY.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_EDONKEY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->edonkey_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "EDONKEY stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage 0: \n"); if (ndpi_edonkey_payload_check(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "Possible EDONKEY request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible EDONKEY request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->edonkey_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "EDONKEY stage %u: \n", flow->edonkey_stage); + NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage %u: \n", flow->edonkey_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->edonkey_stage - packet->packet_direction) == 1) { @@ -185,10 +189,10 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || (ndpi_edonkey_payload_check(packet->payload, payload_len))) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "Found EDONKEY.\n"); + NDPI_LOG_INFO(ndpi_struct, "found EDONKEY\n"); ndpi_int_edonkey_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to EDONKEY, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to EDONKEY, resetting the stage to 0\n"); flow->edonkey_stage = 0; } @@ -198,7 +202,7 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "EDONKEY detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search EDONKEY\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index c432f6754..016a15621 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -22,11 +22,13 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_FASTTRACK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTTRACK + +#include "ndpi_api.h" static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,13 +41,12 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n"); if ( (packet->payload != NULL) && (packet->payload_packet_len > 6) && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected 0d0a at the end of the packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected 0d0a at the end of the packet\n"); if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { u_int16_t i; @@ -56,20 +57,20 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "FASTTRACK GIVE DETECTED\n"); + NDPI_LOG_INFO(ndpi_struct, "found FASTTRACK\n"); ndpi_int_fasttrack_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /", 5) == 0) { u_int8_t a = 0; - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected GET /. \n"); + NDPI_LOG_DBG2(ndpi_struct, "detected GET /. \n"); ndpi_parse_packet_line_info(ndpi_struct, flow); for (a = 0; a < packet->parsed_lines; a++) { if ((packet->line[a].len > 17 && memcmp(packet->line[a].ptr, "X-Kazaa-Username: ", 18) == 0) || (packet->line[a].len > 23 && memcmp(packet->line[a].ptr, "User-Agent: PeerEnabler/", 24) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, - "detected X-Kazaa-Username: || User-Agent: PeerEnabler/\n"); + NDPI_LOG_INFO(ndpi_struct, + "found FASTTRACK X-Kazaa-Username: || User-Agent: PeerEnabler/\n"); ndpi_int_fasttrack_add_connection(ndpi_struct, flow); return; } @@ -78,8 +79,7 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, } exclude_fasttrack: - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "fasttrack/kazaa excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FASTTRACK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index a3e89af8f..9a9c78852 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -22,10 +22,14 @@ * */ -/* include files */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_FIESTA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIESTA + +#include "ndpi_api.h" + static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -35,18 +39,15 @@ static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct * void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "search fiesta.\n"); + NDPI_LOG_DBG(ndpi_struct, "search fiesta\n"); if (flow->l4.tcp.fiesta_stage == 0 && packet->payload_packet_len == 5 && get_u_int16_t(packet->payload, 0) == ntohs(0x0407) && (packet->payload[2] == 0x08) && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01)) { - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "maybe fiesta symmetric, first packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe fiesta symmetric, first packet\n"); flow->l4.tcp.fiesta_stage = 1 + packet->packet_direction; goto maybe_fiesta; } @@ -54,7 +55,7 @@ void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct && ((packet->payload_packet_len > 1 && packet->payload_packet_len - 1 == packet->payload[0]) || (packet->payload_packet_len > 3 && packet->payload[0] == 0 && get_l16(packet->payload, 1) == packet->payload_packet_len - 3))) { - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Maybe fiesta.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Maybe fiesta\n"); goto maybe_fiesta; } if (flow->l4.tcp.fiesta_stage == (1 + packet->packet_direction)) { @@ -79,16 +80,15 @@ void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct } } - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "exclude fiesta.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIESTA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; maybe_fiesta: - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Stage is set to %d.\n", flow->l4.tcp.fiesta_stage); + NDPI_LOG_DBG2(ndpi_struct, "Stage is set to %d\n", flow->l4.tcp.fiesta_stage); return; add_fiesta: - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "detected fiesta.\n"); + NDPI_LOG_INFO(ndpi_struct, "found fiesta\n"); ndpi_int_fiesta_add_connection(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/filetopia.c b/src/lib/protocols/filetopia.c index 167b63a8e..eb3215e48 100644 --- a/src/lib/protocols/filetopia.c +++ b/src/lib/protocols/filetopia.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_FILETOPIA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FILETOPIA + +#include "ndpi_api.h" + static void ndpi_int_filetopia_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,14 +40,13 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search Filetopia\n"); if (flow->l4.tcp.filetopia_stage == 0) { if (packet->payload_packet_len >= 50 && packet->payload_packet_len <= 70 && packet->payload[0] == 0x03 && packet->payload[1] == 0x9a && packet->payload[3] == 0x22 && packet->payload[packet->payload_packet_len - 1] == 0x2b) { - NDPI_LOG(NDPI_PROTOCOL_FILETOPIA, ndpi_struct, NDPI_LOG_DEBUG, "Filetopia stage 1 detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "Filetopia stage 1 detected\n"); flow->l4.tcp.filetopia_stage = 1; return; } @@ -59,7 +62,7 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_FILETOPIA, ndpi_struct, NDPI_LOG_DEBUG, "Filetopia stage 2 detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "Filetopia stage 2 detected\n"); flow->l4.tcp.filetopia_stage = 2; return; } @@ -69,7 +72,7 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, if (packet->payload_packet_len >= 4 && packet->payload_packet_len <= 100 && packet->payload[0] == 0x03 && packet->payload[1] == 0x9a && (packet->payload[3] == 0x22 || packet->payload[3] == 0x23)) { - NDPI_LOG(NDPI_PROTOCOL_FILETOPIA, ndpi_struct, NDPI_LOG_DEBUG, "Filetopia detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Filetopia\n"); ndpi_int_filetopia_add_connection(ndpi_struct, flow); return; } @@ -77,7 +80,7 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, } end_filetopia_nothing_found: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FILETOPIA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index b96454c3f..4f3f9849b 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -20,14 +20,21 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_FIX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIX + +#include "ndpi_api.h" + + void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search FIX\n"); if(packet->tcp) { // 8= if(packet->payload[0] == 0x38 && packet->payload[1] == 0x3d) { @@ -37,7 +44,7 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[4] == 0x58 && packet->payload[5] == 0x2e) { - NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found FIX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); return; } @@ -47,14 +54,14 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[4] == 0x39 && packet->payload[5] == 0x3d) { - NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found FIX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); return; } } } - /* exclude FIX */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIX); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index c694a2939..217874a6a 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -22,11 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" - -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_FLORENSIA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FLORENSIA + +#include "ndpi_api.h" + static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,44 +40,40 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "search florensia.\n"); + NDPI_LOG_DBG(ndpi_struct, "search florensia\n"); if (packet->tcp != NULL) { if (packet->payload_packet_len == 5 && get_l16(packet->payload, 0) == packet->payload_packet_len && packet->payload[2] == 0x65 && packet->payload[4] == 0xff) { if (flow->florensia_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (packet->payload_packet_len > 8 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0201) && get_u_int32_t(packet->payload, 4) == htonl(0xFFFFFFFF)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (packet->payload_packet_len == 406 && get_l16(packet->payload, 0) == packet->payload_packet_len && packet->payload[2] == 0x63) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (packet->payload_packet_len == 12 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0301)) { if (flow->florensia_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } @@ -82,19 +81,19 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str if (flow->florensia_stage == 1) { if (packet->payload_packet_len == 8 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0302) && get_u_int32_t(packet->payload, 4) == htonl(0xFFFFFFFF)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia asymmetrically\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 24 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0202) && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0xFFFFFFFF)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } if (flow->packet_counter < 10 && get_l16(packet->payload, 0) == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia\n"); return; } } @@ -103,20 +102,19 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str if (packet->udp != NULL) { if (flow->florensia_stage == 0 && packet->payload_packet_len == 6 && get_u_int16_t(packet->payload, 0) == ntohs(0x0503) && get_u_int32_t(packet->payload, 2) == htonl(0xFFFF0000)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (flow->florensia_stage == 1 && packet->payload_packet_len == 8 && get_u_int16_t(packet->payload, 0) == ntohs(0x0500) && get_u_int16_t(packet->payload, 4) == htons(0x4191)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "exclude florensia.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FLORENSIA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index e9ed7ee45..f23476db0 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_FTP_CONTROL + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_CONTROL #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_FTP_CONTROL static void ndpi_int_ftp_control_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_CONTROL, NDPI_PROTOCOL_UNKNOWN); @@ -944,31 +948,29 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str /* Exclude SMTP, which uses similar commands. */ if (packet->tcp->dest == htons(25) || packet->tcp->source == htons(25)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->ftp_control_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n"); if ((payload_len > 0) && ndpi_ftp_control_check_request(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_CONTROL request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible FTP_CONTROL request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->ftp_control_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); + NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->ftp_control_stage - packet->packet_direction) == 1) { @@ -977,10 +979,10 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len > 0) && ndpi_ftp_control_check_response(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Found FTP_CONTROL.\n"); + NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n"); ndpi_int_ftp_control_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0\n"); flow->ftp_control_stage = 0; } } @@ -990,7 +992,7 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search FTP_CONTROL\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_FTP_CONTROL) { diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index f5622ffb5..ec1e8d7d8 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -23,9 +23,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_FTP_DATA + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_DATA + +#include "ndpi_api.h" + static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_DATA, NDPI_PROTOCOL_UNKNOWN); } @@ -223,22 +228,21 @@ static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct || ndpi_match_ftp_data_port(ndpi_struct, flow) ) ) { - NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_DATA request detected...\n"); + NDPI_LOG_INFO(ndpi_struct, "found FTP_DATA request\n"); ndpi_int_ftp_data_add_connection(ndpi_struct, flow); } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_DATA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_DATA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_DATA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "FTP_DATA detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search FTP_DATA\n"); ndpi_check_ftp_data(ndpi_struct, flow); } diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index a60a94fe1..0b4192289 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -17,10 +17,16 @@ * If not, see . * */ + +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_GIT + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GIT + #include #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_GIT #define GIT_PORT 9418 @@ -29,6 +35,8 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct * packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search Git\n"); + if((packet->tcp != NULL) && (packet->payload_packet_len > 4)) { if((ntohs(packet->tcp->source) == GIT_PORT) || (ntohs(packet->tcp->dest) == GIT_PORT)) { @@ -52,15 +60,14 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, } if(found_git) { - NDPI_LOG(NDPI_PROTOCOL_GIT, ndpi_struct, NDPI_LOG_DEBUG, "found Git.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Git\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GIT, NDPI_PROTOCOL_UNKNOWN); return; } } } - NDPI_LOG(NDPI_PROTOCOL_GIT, ndpi_struct, NDPI_LOG_DEBUG, "exclude Git.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GIT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 1ead0570b..295cfaecd 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -22,12 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -/* include files */ +#ifdef NDPI_PROTOCOL_GNUTELLA -#include "ndpi_protocols.h" +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GNUTELLA + +#include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_GNUTELLA static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -38,22 +40,21 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct struct ndpi_id_struct *dst = flow->dst; ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GNUTELLA, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found GNUTELLA\n"); if (src != NULL) { src->gnutella_ts = packet->tick_timestamp; if (packet->udp != NULL) { if (!src->detected_gnutella_udp_port1) { src->detected_gnutella_udp_port1 = (packet->udp->source); - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "GNUTELLA UDP PORT1 DETECTED as %u\n", - src->detected_gnutella_udp_port1); + NDPI_LOG_DBG2(ndpi_struct, + "GNUTELLA UDP PORT1 DETECTED as %u\n", src->detected_gnutella_udp_port1); } else if ((ntohs(packet->udp->source) != src->detected_gnutella_udp_port1) && !src->detected_gnutella_udp_port2) { src->detected_gnutella_udp_port2 = (packet->udp->source); - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "GNUTELLA UDP PORT2 DETECTED as %u\n", - src->detected_gnutella_udp_port2); + NDPI_LOG_DBG2(ndpi_struct, + "GNUTELLA UDP PORT2 DETECTED as %u\n", src->detected_gnutella_udp_port2); } } @@ -71,16 +72,17 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru struct ndpi_id_struct *dst = flow->dst; u_int16_t c; + + NDPI_LOG_DBG(ndpi_struct, "search GNUTELLA\n"); + if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_GNUTELLA) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->gnutella_ts) < ndpi_struct->gnutella_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "gnutella : save src connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "save src connection packet detected\n"); src->gnutella_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->gnutella_ts) < ndpi_struct->gnutella_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "gnutella : save dst connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "save dst connection packet detected\n"); dst->gnutella_ts = packet->tick_timestamp; } if (src != NULL && (packet->tick_timestamp - src->gnutella_ts) > ndpi_struct->gnutella_timeout) { @@ -102,13 +104,11 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->tcp != NULL) { /* this case works asymmetrically */ if (packet->payload_packet_len > 10 && memcmp(packet->payload, "GNUTELLA/", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "GNUTELLA DETECTED\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } /* this case works asymmetrically */ if (packet->payload_packet_len > 17 && memcmp(packet->payload, "GNUTELLA CONNECT/", 17) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "GNUTELLA DETECTED\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -123,7 +123,6 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru || (packet->line[c].len > 7 && memcmp(packet->line[c].ptr, "X-Queue:", 8) == 0) || (packet->line[c].len > 36 && memcmp(packet->line[c].ptr, "Content-Type: application/x-gnutella-", 37) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, "DETECTED GNUTELLA GET.\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -135,7 +134,6 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && memcmp(packet->user_agent_line.ptr, "BearShare Lite ", 15) == 0) || (packet->accept_line.ptr != NULL && packet->accept_line.len > 24 && memcmp(packet->accept_line.ptr, "application n/x-gnutella", 24) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, "DETECTED GNUTELLA GET.\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } @@ -151,8 +149,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru } if (c < (packet->payload_packet_len - 9) && memcmp(&packet->payload[c], "urn:sha1:", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, - "detected GET /get/ or GET /uri-res/.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected GET /get/ or GET /uri-res/\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } @@ -161,14 +158,14 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru /* answer to this packet is HTTP/1.1 ..... Content-Type: application/x-gnutella-packets, * it is searched in the upper paragraph. */ if (packet->payload_packet_len > 30 && memcmp(packet->payload, "HEAD /gnutella/push-proxy?", 26) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected HEAD /gnutella/push-proxy?\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected HEAD /gnutella/push-proxy?\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } /* haven't found any trace with this pattern */ if (packet->payload_packet_len == 46 && memcmp(packet->payload, "\x50\x55\x53\x48\x20\x67\x75\x69\x64\x3a", 10) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "detected \x50\x55\x53\x48\x20\x67\x75\x69\x64\x3a\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; @@ -189,8 +186,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru 44) == 0) || (end - c > 10 && memcmp(&packet->payload[c], "\r\nX-Queue:", 10) == 0) || (end - c > 13 && memcmp(&packet->payload[c], "\r\nX-Features:", 13) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, - ndpi_struct, NDPI_LOG_TRACE, "FOXY :: GNUTELLA GET 2 DETECTED\n"); + NDPI_LOG_DBG2(ndpi_struct, "FOXY :: GNUTELLA GET 2 DETECTED\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -202,7 +198,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->payload_packet_len > 1 && packet->payload[packet->payload_packet_len - 1] == 0x0a && packet->payload[packet->payload_packet_len - 2] == 0x0a) { if (packet->payload_packet_len > 3 && memcmp(packet->payload, "GIV", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "MORPHEUS GIV DETECTED\n"); + NDPI_LOG_DBG2(ndpi_struct, "MORPHEUS GIV DETECTED\n"); /* Not Excluding the flow now.. We shall Check the next Packet too for Gnutella Patterns */ return; } @@ -211,21 +207,21 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->payload_packet_len == 46 && get_u_int32_t(packet->payload, 0) == htonl(0x802c0103) && get_u_int32_t(packet->payload, 4) == htonl(0x01000300) && get_u_int32_t(packet->payload, 8) == htonl(0x00002000) && get_u_int16_t(packet->payload, 12) == htons(0x0034)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected gnutella len == 46.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella len == 46\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 49 && memcmp(packet->payload, "\x80\x2f\x01\x03\x01\x00\x06\x00\x00\x00\x20\x00\x00\x34\x00\x00\xff\x4d\x6c", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected gnutella len == 49.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella len == 49\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 89 && memcmp(&packet->payload[43], "\x20\x4d\x6c", 3) == 0 && memcmp(packet->payload, "\x16\x03\x01\x00\x54\x01\x00\x00\x50\x03\x01\x4d\x6c", 13) == 0 && memcmp(&packet->payload[76], "\x00\x02\x00\x34\x01\x00\x00\x05", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella asymmetrically len == 388.\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; @@ -235,7 +231,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && get_u_int16_t(packet->payload, 8) == htons(0x4903) && get_u_int16_t(packet->payload, 76) == htons(0x0002) && get_u_int32_t(packet->payload, 78) == htonl(0x00340100)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected len == 82.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected len == 82\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -244,7 +240,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (src != NULL && (packet->udp->source == src->detected_gnutella_udp_port1 || packet->udp->source == src->detected_gnutella_udp_port2) && (packet->tick_timestamp - src->gnutella_ts) < ndpi_struct->gnutella_timeout) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, "port based detection\n\n"); + NDPI_LOG_DBG2(ndpi_struct, "port based detection\n\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } /* observations: @@ -257,8 +253,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[16] == 0x41 && packet->payload[17] == 0x01 && packet->payload[18] == 0x00 && packet->payload[19] == 0x00 && packet->payload[20] == 0x00 && packet->payload[21] == 0x00 && packet->payload[22] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 23.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 23\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; @@ -267,29 +262,25 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[26] == 0x50 && packet->payload[27] == 0x40 && packet->payload[28] == 0x83 && packet->payload[29] == 0x53 && packet->payload[30] == 0x43 && packet->payload[31] == 0x50 && packet->payload[32] == 0x41) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 35.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 35\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 32 && (memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00\x4c\x49\x4d\x45", 11) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 32.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 32\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 34 && (memcmp(&packet->payload[25], "SCP@", 4) == 0) && (memcmp(&packet->payload[30], "DNA@", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 34.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 34\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if ((packet->payload_packet_len == 73 || packet->payload_packet_len == 96) && memcmp(&packet->payload[32], "urn:sha1:", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 73,96.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 73,96\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -308,8 +299,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && (memcmp(&packet->payload[6], "\x01\x01\x5c\x1b\x50\x55\x53\x48\x48\x10", 10) == 0)) || (packet->payload_packet_len > 200 && packet->payload_packet_len < 300 && packet->payload[3] == 0x03) || (packet->payload_packet_len > 300 && (packet->payload[3] == 0x01 || packet->payload[3] == 0x03))) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, GND.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, GND\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -317,15 +307,13 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if ((packet->payload_packet_len == 32) && memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 32 ii.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 32 ii\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if ((packet->payload_packet_len == 23) && memcmp(&packet->payload[16], "\x00\x01\x00\x00\x00\x00\x00", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 23 ii.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 23 ii\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -350,8 +338,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && flow->l4.tcp.gnutella_msg_id[1] == packet->payload[2] && flow->l4.tcp.gnutella_msg_id[2] == packet->payload[4] && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_GNUTELLA)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_TRACE, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); + NDPI_LOG_DBG2(ndpi_struct, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -361,15 +348,14 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && flow->l4.tcp.gnutella_msg_id[1] == packet->payload[2] && flow->l4.tcp.gnutella_msg_id[2] == packet->payload[4] && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_GNUTELLA)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_TRACE, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); + NDPI_LOG_DBG2(ndpi_struct, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GNUTELLA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 88235f2a8..0bdc4d8ee 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -18,10 +18,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_GTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GTP + +#include "ndpi_api.h" + struct gtp_header_generic { u_int8_t flags, message_type; u_int16_t message_len; @@ -50,7 +54,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str u_int16_t message_len = ntohs(gtp->message_len); if(message_len <= (payload_len-sizeof(struct gtp_header_generic))) { - NDPI_LOG(NDPI_PROTOCOL_GTP, ndpi_struct, NDPI_LOG_DEBUG, "Found gtp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found gtp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP, NDPI_PROTOCOL_UNKNOWN); return; } @@ -58,7 +62,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -66,7 +70,7 @@ void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_GTP, ndpi_struct, NDPI_LOG_DEBUG, "gtp detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search gtp\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_GTP) diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 108e5ee05..7b6581851 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_GUILDWARS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS + +#include "ndpi_api.h" + static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -35,35 +39,31 @@ static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struc void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "search guildwars.\n"); + NDPI_LOG_DBG(ndpi_struct, "search guildwars\n"); if (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 1) == ntohs(0x050c) && memcmp(&packet->payload[50], "@2&P", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 29.350: found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 29.350\n"); ndpi_int_guildwars_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 1) == ntohs(0x040c) && get_u_int16_t(packet->payload, 4) == ntohs(0xa672) && packet->payload[8] == 0x01 && packet->payload[12] == 0x04) { - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 29.350: found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 29.350\n"); ndpi_int_guildwars_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 21 && get_u_int16_t(packet->payload, 0) == ntohs(0x0100) && get_u_int32_t(packet->payload, 5) == ntohl(0xf1001000) && packet->payload[9] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 216.107.245.50: found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 216.107.245.50\n"); ndpi_int_guildwars_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "exclude guildwars.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GUILDWARS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 31d578455..31c353a27 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -7,10 +7,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_H323 +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_H323 + +#include "ndpi_api.h" + + struct tpkt { u_int8_t version, reserved; u_int16_t len; @@ -21,10 +26,10 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "search H323.\n"); + NDPI_LOG_DBG(ndpi_struct, "search H323\n"); if(packet->tcp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "calculated dport over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated dport over tcp\n"); /* H323 */ if(packet->payload_packet_len >= 3 @@ -44,6 +49,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n /* ISO 8073/X.224 */ if((packet->payload[5] == 0xE0 /* CC Connect Request */) || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) { + NDPI_LOG_INFO(ndpi_struct, "found RDP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN); return; } @@ -52,23 +58,24 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n flow->l4.tcp.h323_valid_packets++; if(flow->l4.tcp.h323_valid_packets >= 2) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); } } else { /* This is not H.323 */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_H323); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; } } } else if(packet->udp != NULL) { sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "calculated dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated dport over udp\n"); if(packet->payload_packet_len >= 6 && packet->payload[0] == 0x80 && packet->payload[1] == 0x08 && (packet->payload[2] == 0xe7 || packet->payload[2] == 0x26) && packet->payload[4] == 0x00 && packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } @@ -77,19 +84,19 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n { if(packet->payload[0] == 0x16 && packet->payload[1] == 0x80 && packet->payload[4] == 0x06 && packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } else { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_H323); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 365ea21b5..5319424fa 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_HALFLIFE2 +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HALFLIFE2 + +#include "ndpi_api.h" + static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,15 +41,14 @@ void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, str { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search halflife2\n"); if (flow->l4.udp.halflife2_stage == 0) { if (packet->payload_packet_len >= 20 && get_u_int32_t(packet->payload, 0) == 0xFFFFFFFF && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { flow->l4.udp.halflife2_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_HALFLIFE2, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "halflife2 client req detected, waiting for server reply\n"); return; } @@ -53,13 +57,12 @@ void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, str && get_u_int32_t(packet->payload, 0) == 0xFFFFFFFF && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { ndpi_int_halflife2_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HALFLIFE2, ndpi_struct, NDPI_LOG_DEBUG, "halflife2 server reply detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found halflife2\n"); return; } } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HALFLIFE2); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 4555c6c75..de35653ea 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -17,10 +17,16 @@ * If not, see . * */ -#include "ndpi_api.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_HANGOUT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT + +#include "ndpi_api.h" + + /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 #define HANGOUT_UDP_HIGH_PORT 19309 @@ -73,19 +79,20 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct * packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search Hangout\n"); + if((packet->payload_packet_len > 24) && is_google_flow(ndpi_struct, flow)) { if( ((packet->udp != NULL) && (isHangoutUDPPort(ntohs(packet->udp->source)) || isHangoutUDPPort(ntohs(packet->udp->dest)))) || ((packet->tcp != NULL) && (isHangoutTCPPort(ntohs(packet->tcp->source)) || isHangoutTCPPort(ntohs(packet->tcp->dest))))) { - NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "Found Hangout.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Hangout\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "No Hangout.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HANGOUT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* ***************************************************************** */ diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c index 516e430e7..1c7617c88 100644 --- a/src/lib/protocols/hep.c +++ b/src/lib/protocols/hep.c @@ -24,9 +24,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_HEP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HEP + +#include "ndpi_api.h" + + static void ndpi_int_hep_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -39,17 +45,16 @@ void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct nd const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "searching for HEP.\n"); + NDPI_LOG_DBG(ndpi_struct, "searching HEP\n"); if (payload_len > 10) { if (memcmp(packet_payload, "HEP3", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "found HEP3.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HEP3\n"); ndpi_int_hep_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "exclude HEP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HEP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index c57c73aac..1d12ea2e9 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -20,10 +20,15 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_HTTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP + +#include "ndpi_api.h" + /* global variables used for 1kxun protocol and iqiyi service */ @@ -63,7 +68,7 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { - NDPI_LOG(NDPI_CONTENT_FLASH, ndpi_struct, NDPI_LOG_DEBUG, "Flash content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Flash content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_FLASH); } } @@ -75,7 +80,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "called avi_check_http_payload: %u %u %u\n", + NDPI_LOG_DBG2(ndpi_struct, "called avi_check_http_payload: %u %u %u\n", packet->empty_line_position_set, flow->l4.tcp.http_empty_line_seen, packet->empty_line_position); if(packet->empty_line_position_set == 0 && flow->l4.tcp.http_empty_line_seen == 0) @@ -90,7 +95,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if(flow->l4.tcp.http_empty_line_seen == 1) { if(packet->payload_packet_len > 20 && memcmp(packet->payload, "RIFF", 4) == 0 && memcmp(packet->payload + 8, "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Avi content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } flow->l4.tcp.http_empty_line_seen = 0; @@ -105,11 +110,11 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str u_int32_t p = packet->empty_line_position + 2; // check for avi header - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "p = %u\n", p); + NDPI_LOG_DBG2(ndpi_struct, "p = %u\n", p); if((p + 16) <= packet->payload_packet_len && memcmp(&packet->payload[p], "RIFF", 4) == 0 && memcmp(&packet->payload[p + 8], "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Avi content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } } @@ -122,7 +127,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n struct ndpi_packet_struct *packet = &flow->packet; const u_int8_t *pos; - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "called teamviewer_check_http_payload: %u %u %u\n", + NDPI_LOG_DBG2(ndpi_struct, "called teamviewer_check_http_payload: %u %u %u\n", packet->empty_line_position_set, flow->l4.tcp.http_empty_line_seen, packet->empty_line_position); if(packet->empty_line_position_set == 0 || (packet->empty_line_position + 5) > (packet->payload_packet_len)) @@ -131,7 +136,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n pos = &packet->payload[packet->empty_line_position] + 2; if(pos[0] == 0x17 && pos[1] == 0x24) { - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "TeamViewer content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found TeamViewer content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER); } } @@ -145,7 +150,7 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct struct ndpi_packet_struct *packet = &flow->packet; if(packet->accept_line.len >= 28 && memcmp(packet->accept_line.ptr, "application/x-rtsp-tunnelled", 28) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "RTSP accept line detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found RTSP accept line\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTSP); } } @@ -199,12 +204,12 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* PPStream */ if(flow->l4.tcp.ppstream_stage > 0 && flow->iqiyi_counter == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "PPStream found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPStream\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_HTTP); } else if(flow->iqiyi_counter > 0) { - NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found iQiyi\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_HTTP); } @@ -213,7 +218,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* 1KXUN */ if(flow->kxun_counter > 0) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found 1kxun\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_HTTP); } @@ -330,12 +335,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } else if(memcmp(ua, "netflix-ios-app", 15) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found netflix\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NETFLIX); return; } } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "User Agent Type line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -343,7 +349,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->host_line.ptr != NULL) { u_int len; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "HOST line found %.*s\n", packet->host_line.len, packet->host_line.ptr); /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ @@ -395,6 +401,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { + NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", + ndpi_get_proto_name(ndpi_struct, packet->detected_protocol_stack[0])); ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); return; /* We have identified a sub-protocol so we're done */ } @@ -409,7 +417,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* check for accept line */ if(packet->accept_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "Accept line found %.*s\n", packet->accept_line.len, packet->accept_line.ptr); #ifdef NDPI_PROTOCOL_RTSP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) { @@ -422,7 +430,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #ifdef NDPI_CONTENT_MPEG for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len > 11 && memcmp(packet->line[a].ptr, "Icy-MetaData", 12) == 0) { - NDPI_LOG(NDPI_CONTENT_MPEG, ndpi_struct, NDPI_LOG_DEBUG, "MPEG: Icy-MetaData found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_MPEG); return; } @@ -432,7 +440,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #endif if(packet->content_line.ptr != NULL && packet->content_line.len != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Content Type line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) @@ -444,7 +452,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "called check_http_payload.\n"); + NDPI_LOG_DBG2(ndpi_struct, "called check_http_payload\n"); #ifdef NDPI_CONTENT_FLASH if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_FLASH) != 0) @@ -466,54 +474,55 @@ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, * @returnvalue 0 if no valid request has been found * @returnvalue >0 indicates start of filename but not necessarily in packet limit */ + +#define STATIC_STRING_L(a) {.str=a, .len=sizeof(a)-1 } + +static struct l_string { + const char *str; + size_t len; +} http_methods[] = { + STATIC_STRING_L("GET "), + STATIC_STRING_L("POST "), + STATIC_STRING_L("OPTIONS "), + STATIC_STRING_L("HEAD "), + STATIC_STRING_L("PUT "), + STATIC_STRING_L("DELETE "), + STATIC_STRING_L("CONNECT "), + STATIC_STRING_L("PROPFIND "), + STATIC_STRING_L("REPORT ") }; +static const char *http_fs = "CDGHOPR"; + +static inline uint8_t non_ctrl(uint8_t c) { + return c < 32 ? '.':c; +} + static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + int i; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> HTTP: %c%c%c%c [len: %u]\n", - packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], + NDPI_LOG_DBG2(ndpi_struct, "====>>>> HTTP: %c%c%c%c [len: %u]\n", + non_ctrl(packet->payload[0]), non_ctrl(packet->payload[1]), + non_ctrl(packet->payload[2]), non_ctrl(packet->payload[3]), packet->payload_packet_len); + /* Check first char */ + if(!strchr(http_fs,packet->payload[0])) return 0; /** FIRST PAYLOAD PACKET FROM CLIENT **/ - - /* check if the packet starts with POST or GET */ - if(packet->payload_packet_len >= 4 && memcmp(packet->payload, "GET ", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: GET FOUND\n"); - return 4; - } else if(packet->payload_packet_len >= 5 && memcmp(packet->payload, "POST ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: POST FOUND\n"); - return 5; - } else if(packet->payload_packet_len >= 8 && memcmp(packet->payload, "OPTIONS ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: OPTIONS FOUND\n"); - return 8; - } else if(packet->payload_packet_len >= 5 && memcmp(packet->payload, "HEAD ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: HEAD FOUND\n"); - return 5; - } else if(packet->payload_packet_len >= 4 && memcmp(packet->payload, "PUT ", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: PUT FOUND\n"); - return 4; - } else if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "DELETE ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: DELETE FOUND\n"); - return 7; - } else if(packet->payload_packet_len >= 8 && memcmp(packet->payload, "CONNECT ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: CONNECT FOUND\n"); - return 8; - } else if(packet->payload_packet_len >= 9 && memcmp(packet->payload, "PROPFIND ", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: PROFIND FOUND\n"); - return 9; - } else if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "REPORT ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REPORT FOUND\n"); - return 7; + for(i=0; i < sizeof(http_methods)/sizeof(http_methods[0]); i++) { + if(packet->payload_packet_len >= http_methods[i].len && + memcmp(packet->payload,http_methods[i].str,http_methods[i].len) == 0) { + NDPI_LOG_DBG2(ndpi_struct, "HTTP: %sFOUND\n",http_methods[i].str); + return http_methods[i].len; + } } - return 0; } -static void http_bitmask_exclude(struct ndpi_flow_struct *flow) +static void http_bitmask_exclude_other(struct ndpi_flow_struct *flow) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP); #ifdef NDPI_CONTENT_MPEG NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_MPEG); #endif @@ -554,18 +563,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->l4.tcp.http_stage == 0) { /* Expected a request */ flow->http_detected = 0; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", - flow->l4.tcp.http_stage); + NDPI_LOG_DBG2(ndpi_struct, "HTTP stage %d: \n", flow->l4.tcp.http_stage); filename_start = http_request_url_offset(ndpi_struct, flow); if(filename_start == 0) { /* not a regular request. In the HTTP first stage, may be a truncated flow or other protocols */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "Filename HTTP not found, we look for possible truncate flow...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Filename HTTP not found, we look for possible truncate flow..\n"); if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP response found (truncated flow ?)\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP response\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -589,18 +595,18 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); - http_bitmask_exclude(flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Filename HTTP found: %d, we look for line info..\n", filename_start); ndpi_parse_packet_line_info(ndpi_struct, flow); if(packet->parsed_lines <= 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Found just one line, we will look further for the next packet...\n"); packet->http_method.ptr = packet->line[0].ptr; @@ -611,7 +617,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Found more than one line, we look further for the next packet...\n"); if(packet->line[0].len >= (9 + filename_start) @@ -643,6 +649,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -652,6 +659,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct x = 1; while(packet->line[x].len != 0) { if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found FACEBOOK\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -704,19 +712,19 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->http_url_name.len > 7) && (!strncmp((const char*) packet->http_url_name.ptr, "http://", 7))) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_PROXY Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP_PROXY\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_PROXY); check_content_type_and_change_protocol(ndpi_struct, flow); } if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { /* nathan@getoffmalawn.com */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP_CONNECT\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { @@ -729,10 +737,11 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ + NDPI_LOG_INFO(ndpi_struct, "found HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); } else { flow->http_detected = 1; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "HTTP START Found, we will look further for the response...\n"); flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } @@ -742,13 +751,12 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); - http_bitmask_exclude(flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", - flow->l4.tcp.http_stage); + NDPI_LOG_DBG2(ndpi_struct, "HTTP stage %u: \n", flow->l4.tcp.http_stage); if(flow->l4.tcp.http_stage == 1) { @@ -769,7 +777,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->http_detected) return; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, " SECOND PAYLOAD TRAFFIC FROM CLIENT, FIRST PACKET MIGHT HAVE BEEN HTTP...UNKNOWN TRAFFIC, HERE FOR HTTP again.. \n"); ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -780,14 +788,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->parsed_lines <= 1) { /* wait some packets in case request is split over more than 2 packets */ if(flow->packet_counter < 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "line still not finished, search next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "line still not finished, search next packet\n"); return; } else { /* stop parsing here */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); - http_bitmask_exclude(flow); + NDPI_LOG_DBG2(ndpi_struct, "exclude HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); return; } } @@ -795,11 +802,11 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->line[0].len >= 9 && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "HTTP START Found in 2. packet, we will look further for the response....\n"); flow->http_detected = 1; } @@ -817,15 +824,17 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct */ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { /* In Apache if you do "GET /\n\n" the response comes without any header */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP. (apache)\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP. (apache)\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); return; } /* If we already detected the HTTP request, we can add the connection and then check for the sub-protocol */ - if(flow->http_detected) + if(flow->http_detected) { + NDPI_LOG_INFO(ndpi_struct, "found HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); + } /* Parse packet line and we look for the subprotocols */ ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -836,7 +845,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); + NDPI_LOG_DBG2(ndpi_struct, "empty line. check_http_payload\n"); check_http_payload(ndpi_struct, flow); } @@ -852,8 +861,8 @@ void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP.\n"); - http_bitmask_exclude(flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); return; } @@ -861,7 +870,7 @@ void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search HTTP\n"); ndpi_check_http_tcp(ndpi_struct, flow); } diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c index 8f17af8d6..55451f6bf 100644 --- a/src/lib/protocols/http_activesync.c +++ b/src/lib/protocols/http_activesync.c @@ -24,8 +24,14 @@ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC + +#include "ndpi_api.h" + static void ndpi_int_activesync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, NDPI_PROTOCOL_HTTP); @@ -35,20 +41,19 @@ void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search activesync\n"); if (packet->tcp != NULL) { if (packet->payload_packet_len > 150 && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { ndpi_int_activesync_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ndpi_struct, NDPI_LOG_DEBUG, - " flow marked as ActiveSync \n"); + NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude activesync\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index 84e039c2b..7f6e960f1 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_IAX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IAX + +#include "ndpi_api.h" + + #define NDPI_IAX_MAX_INFORMATION_ELEMENTS 15 static void ndpi_int_iax_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -58,7 +63,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru && packet->payload[11] <= 15) { if (packet->payload_packet_len == 12) { - NDPI_LOG(NDPI_PROTOCOL_IAX, ndpi_struct, NDPI_LOG_DEBUG, "found IAX.\n"); + NDPI_LOG_INFO(ndpi_struct, "found IAX\n"); ndpi_int_iax_add_connection(ndpi_struct, flow); return; } @@ -66,7 +71,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru for (i = 0; i < NDPI_IAX_MAX_INFORMATION_ELEMENTS; i++) { packet_len = packet_len + 2 + packet->payload[packet_len + 1]; if (packet_len == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_IAX, ndpi_struct, NDPI_LOG_DEBUG, "found IAX.\n"); + NDPI_LOG_INFO(ndpi_struct, "found IAX\n"); ndpi_int_iax_add_connection(ndpi_struct, flow); return; } @@ -77,16 +82,13 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IAX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_flow_struct *flow=ndpi_struct->flow; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; if(packet->udp && (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 3e89cc043..23aca33e9 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ICECAST +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST + +#include "ndpi_api.h" + static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ICECAST, NDPI_PROTOCOL_UNKNOWN); @@ -37,17 +40,17 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s struct ndpi_packet_struct *packet = &flow->packet; u_int8_t i; - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "search icecast.\n"); + NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); if ((packet->payload_packet_len < 500 && packet->payload_packet_len >= 7 && memcmp(packet->payload, "SOURCE ", 7) == 0) || flow->l4.tcp.icecast_stage) { ndpi_parse_packet_line_info_any(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast lines=%d\n", packet->parsed_lines); + NDPI_LOG_DBG2(ndpi_struct, "Icecast lines=%d\n", packet->parsed_lines); for (i = 0; i < packet->parsed_lines; i++) { if (packet->line[i].ptr != NULL && packet->line[i].len > 4 && memcmp(packet->line[i].ptr, "ice-", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Icecast\n"); ndpi_int_icecast_add_connection(ndpi_struct, flow); return; } @@ -75,18 +78,17 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s if (packet->server_line.ptr != NULL && packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast") && memcmp(packet->server_line.ptr, "Icecast", NDPI_STATICSTRING_LEN("Icecast")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast detected.\n"); /* TODO maybe store the previous protocol type as subtype? * e.g. ogg or mpeg */ + NDPI_LOG_INFO(ndpi_struct, "found Icecast\n"); ndpi_int_icecast_add_connection(ndpi_struct, flow); return; } } icecast_exclude: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ICECAST); - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast excluded.\n"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index 2135f297f..fcf25a758 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -22,11 +22,15 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_IPP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPP + +#include "ndpi_api.h" + + static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { @@ -36,22 +40,20 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int8_t i; - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "search ipp\n"); + NDPI_LOG_DBG(ndpi_struct, "search ipp\n"); + if (packet->payload_packet_len > 20) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.\n"); /* this pattern means that there is a printer saying that his state is idle, * means that he is not printing anything at the moment */ i = 0; if (packet->payload[i] < '0' || packet->payload[i] > '9') { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "payload does not begin with a number.\n"); + NDPI_LOG_DBG2(ndpi_struct, "payload does not begin with a number\n"); goto search_for_next_pattern; } @@ -60,37 +62,37 @@ void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct nd if (!((packet->payload[i] >= '0' && packet->payload[i] <= '9') || (packet->payload[i] >= 'a' && packet->payload[i] <= 'f') || (packet->payload[i] >= 'A' && packet->payload[i] <= 'F')) || i > 8) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "read symbols while the symbol is a number.\n"); break; } } if (packet->payload[i++] != ' ') { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "there is no blank following the number.\n"); + NDPI_LOG_DBG2(ndpi_struct, "there is no blank following the number\n"); goto search_for_next_pattern; } if (packet->payload[i] < '0' || packet->payload[i] > '9') { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "no number following the blank.\n"); + NDPI_LOG_DBG2(ndpi_struct, "no number following the blank\n"); goto search_for_next_pattern; } for (;;) { i++; if (packet->payload[i] < '0' || packet->payload[i] > '9' || i > 12) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "read symbols while the symbol is a number.\n"); break; } } if (memcmp(&packet->payload[i], " ipp://", 7) != 0) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "the string ' ipp://' does not follow.\n"); + NDPI_LOG_DBG2(ndpi_struct, "the string ' ipp://' does not follow\n"); goto search_for_next_pattern; } - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "found ipp\n"); + NDPI_LOG_INFO(ndpi_struct, "found ipp\n"); ndpi_int_ipp_add_connection(ndpi_struct, flow); return; } @@ -101,13 +103,12 @@ void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct nd ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->content_line.ptr != NULL && packet->content_line.len > 14 && memcmp(packet->content_line.ptr, "application/ipp", 15) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "found ipp via POST ... application/ipp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ipp via POST ... application/ipp\n"); ndpi_int_ipp_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "no ipp detected.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index b2b73ac5f..2cadf0a32 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_IRC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IRC + +#include "ndpi_api.h" + #define NDPI_IRC_FIND_LESS(time_err,less) {int t1 = 0; \ u_int32_t timestamp = time_err[0]; \ for(t1=0;t1 < NDPI_PROTOCOL_IRC_MAXPORT;t1++) { \ @@ -65,7 +70,7 @@ static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_st for (i = 0; i < packet->payload_packet_len - 7; i++) { if (packet->payload[i] == 'N' || packet->payload[i] == 'P') { if (memcmp(&packet->payload[i + 1], "OTICE ", 6) == 0 || memcmp(&packet->payload[i + 1], "RIVMSG ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "found NOTICE or PRIVMSG\n"); + NDPI_LOG_DBG2(ndpi_struct, "found NOTICE or PRIVMSG\n"); return 1; } } @@ -94,7 +99,7 @@ static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndp if ((((packetl - (i + 1)) >= 4) && memcmp(&packet->payload[i + 1], "ick=", 4) == 0) || (((packetl - (i + 1)) >= 8) && (memcmp(&packet->payload[i + 1], "ickname=", 8) == 0)) || (((packetl - (i + 1)) >= 8) && (memcmp(&packet->payload[i + 1], "ickName=", 8) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "found HTTP IRC Nickname pattern\n"); + NDPI_LOG_DBG2(ndpi_struct, "found HTTP IRC Nickname pattern\n"); return 1; } } @@ -114,7 +119,7 @@ static u_int8_t ndpi_check_for_cmd(struct ndpi_detection_module_struct *ndpi_str for (i = 0; i < packet->payload_packet_len - 4; i++) { if (packet->payload[i] == 'c') { if (memcmp(&packet->payload[i + 1], "md=", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "found HTTP IRC cmd pattern \n"); + NDPI_LOG_DBG2(ndpi_struct, "found HTTP IRC cmd pattern \n"); return 1; } } @@ -147,8 +152,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "called ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast\n"); + NDPI_LOG_DBG(ndpi_struct, "start fast detect\n"); /* case 1: len 1460, len 1460, len 1176 several times in one direction, than len = 4, 4096, 8192 in the other direction */ if (packet->payload_packet_len == 1460 @@ -174,7 +178,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 0x1000 || ntohs(get_u_int16_t(packet->payload, 2)) == 0x2000)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1460,1460,1176,<-4096||8192"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1460,1460,1176,<-4096||8192"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -185,27 +189,27 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det 1 + packet->packet_direction))) { flow->l4.tcp.irc_stage2 = 4; flow->l4.tcp.irc_direction = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "len = 1448 first\n"); + NDPI_LOG_DBG2(ndpi_struct, "len = 1448 first\n"); return 1; } if (packet->payload_packet_len == 1448 && flow->l4.tcp.irc_stage2 == 4 && flow->l4.tcp.irc_direction == 1 + packet->packet_direction) { flow->l4.tcp.irc_stage2 = 5; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "len = 1448 second \n"); + NDPI_LOG_DBG2(ndpi_struct, "len = 1448 second \n"); return 1; } if (packet->payload_packet_len == 1200 && flow->l4.tcp.irc_stage2 == 5 && flow->l4.tcp.irc_direction == 1 + packet->packet_direction) { flow->l4.tcp.irc_stage2 = 6; flow->l4.tcp.irc_0x1000_full = 1; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "len = 1200 \n"); + NDPI_LOG_DBG2(ndpi_struct, "len = 1200 \n"); return 1; } if (packet->payload_packet_len == 4 && (flow->l4.tcp.irc_stage2 == 6 || flow->l4.tcp.irc_0x1000_full == 1) && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 0x1000 || ntohs(get_u_int16_t(packet->payload, 2)) == 0x2000)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1448,1448,1200,<-4096||8192"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,1448,1200,<-4096||8192"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -222,7 +226,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1380 || ntohs(get_u_int16_t(packet->payload, 2)) == 2760)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1380,<-1380||2760"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1380,<-1380||2760"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -237,7 +241,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1200 || ntohs(get_u_int16_t(packet->payload, 2)) == 2400)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1200,<-1200||2400"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1200,<-1200||2400"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -252,7 +256,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1024 || ntohs(get_u_int16_t(packet->payload, 2)) == 2048)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1024,<-1024||2048"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,<-1024||2048"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -267,7 +271,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1248 || ntohs(get_u_int16_t(packet->payload, 2)) == 2496)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1248,<-1248||2496"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1248,<-1248||2496"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -282,7 +286,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1448 || ntohs(get_u_int16_t(packet->payload, 2)) == 2896)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1448,<-1448||2896"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,<-1448||2896"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -305,8 +309,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det if (packet->payload_packet_len == 4 && flow->l4.tcp.irc_stage2 == 14 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 8192) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "IRC SSL detected: ->1448,1448,1448,1448,1448,952,<-8192"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,1448,1448,1448,1448,952,<-8192"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -339,8 +342,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det if (packet->payload_packet_len == 4 && flow->l4.tcp.irc_stage2 == 19 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 7168) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "IRC SSL detected: ->1024,1448,1448,1200,1448,600,<-7168"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,1448,1448,1200,1448,600,<-7168"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -353,7 +355,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det if (packet->payload_packet_len == 4 && flow->l4.tcp.irc_stage2 == 20 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 2404) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1024,1380 <-2404"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,1380 <-2404"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; @@ -382,26 +384,26 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc u_int16_t http_content_ptr_len = 0; u_int8_t space = 0; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "irc : search irc\n"); + NDPI_LOG_DBG(ndpi_struct, "search irc\n"); if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && flow->packet_counter > 70) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "exclude irc, packet_counter > 70\n"); + NDPI_LOG_DBG(ndpi_struct, "exclude irc, packet_counter > 70\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IRC); return; } if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && flow->packet_counter > 30 && flow->l4.tcp.irc_stage2 == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter > 30, exclude irc.\n"); + NDPI_LOG_DBG(ndpi_struct, "exclude irc, packet_counter > 30\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IRC); return; } if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_IRC) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->irc_ts) < ndpi_struct->irc_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "irc : save src connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "irc : save src connection packet detected\n"); src->irc_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->irc_ts) < ndpi_struct->irc_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "irc : save dst connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "irc : save dst connection packet detected\n"); dst->irc_ts = packet->tick_timestamp; } } @@ -423,8 +425,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc for (counter = 0; counter < dst->irc_number_of_port; counter++) { if (dst->irc_port[counter] == sport || dst->irc_port[counter] == dport) { dst->last_time_port_used[counter] = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "dest port matched with the DCC port and the flow is marked as IRC"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: dest port matched with the DCC port"); ndpi_int_irc_add_connection(ndpi_struct, flow); return; } @@ -434,9 +435,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc for (counter = 0; counter < src->irc_number_of_port; counter++) { if (src->irc_port[counter] == sport || src->irc_port[counter] == dport) { src->last_time_port_used[counter] = packet->tick_timestamp; + NDPI_LOG_INFO(ndpi_struct, "found IRC: Source port matched with the DCC port"); ndpi_int_irc_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "Source port matched with the DCC port and the flow is marked as IRC"); return; } } @@ -465,8 +465,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (memcmp(&packet->payload[c1], "irc.discostars.de1", 18) == 0) || (memcmp(&packet->payload[c1], "irc.rizon.net", 13) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "IRC SSL detected with :- irc.hackthissite.org0 | irc.gamepad.ca1 | dungeon.axenet.org0 " + NDPI_LOG_INFO(ndpi_struct, + "found IRC SSL: - irc.hackthissite.org0 | irc.gamepad.ca1 | dungeon.axenet.org0 " "| dazed.nuggethaus.net | irc.indymedia.org | irc.discostars.de1 "); ndpi_int_irc_add_connection(ndpi_struct, flow); break; @@ -496,14 +496,14 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (packet->line[i].ptr[0] == ':') { flow->l4.tcp.irc_3a_counter++; if (flow->l4.tcp.irc_3a_counter == 7) { /* ':' == 0x3a */ - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "0x3a. seven times. found irc."); + NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times."); ndpi_int_irc_add_connection(ndpi_struct, flow); goto detected_irc; } } } if (flow->l4.tcp.irc_3a_counter == 7) { /* ':' == 0x3a */ - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "0x3a. seven times. found irc."); + NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times."); ndpi_int_irc_add_connection(ndpi_struct, flow); goto detected_irc; } @@ -518,19 +518,19 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (memcmp(packet->payload, "NOTICE ", 7) == 0) || (memcmp(packet->payload, "PRIVMSG ", 8) == 0) || (memcmp(packet->payload, "VERSION ", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "USER, NICK, PASS, NOTICE, PRIVMSG one time"); if (flow->l4.tcp.irc_stage == 2) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "found irc"); + NDPI_LOG_INFO(ndpi_struct, "found irc"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; } if (flow->l4.tcp.irc_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "second time, stage=2"); + NDPI_LOG_DBG2(ndpi_struct, "second time, stage=2"); flow->l4.tcp.irc_stage = 2; } if (flow->l4.tcp.irc_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "first time, stage=1"); + NDPI_LOG_DBG2(ndpi_struct, "first time, stage=1"); flow->l4.tcp.irc_stage = 1; } /* irc packets can have either windows line breaks (0d0a) or unix line breaks (0a) */ @@ -538,13 +538,11 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && packet->payload[packet->payload_packet_len - 1] == 0x0a) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines > 1) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "packet contains more than one line"); + NDPI_LOG_DBG2(ndpi_struct, "packet contains more than one line"); for (c = 1; c < packet->parsed_lines; c++) { if (packet->line[c].len > 4 && (memcmp(packet->line[c].ptr, "NICK ", 5) == 0 || memcmp(packet->line[c].ptr, "USER ", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, - NDPI_LOG_TRACE, "two icq signal words in the same packet"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; return; @@ -555,14 +553,12 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } else if (packet->payload[packet->payload_packet_len - 1] == 0x0a) { ndpi_parse_packet_line_info_any(ndpi_struct, flow); if (packet->parsed_lines > 1) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "packet contains more than one line"); + NDPI_LOG_DBG2(ndpi_struct, "packet contains more than one line"); for (c = 1; c < packet->parsed_lines; c++) { if (packet->line[c].len > 4 && (memcmp(packet->line[c].ptr, "NICK ", 5) == 0 || memcmp(packet->line[c].ptr, "USER ", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "two icq signal words in the same packet"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; return; @@ -594,7 +590,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (ndpi_check_for_IRC_traces(packet->http_url_name.ptr, packet->http_url_name.len))) || ((packet->referer_line.ptr) && (ndpi_check_for_IRC_traces(packet->referer_line.ptr, packet->referer_line.len)))) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "IRC detected from the Http URL/ Referer header "); flow->l4.tcp.irc_stage = 1; // HTTP POST Request body is not in the same packet. @@ -613,22 +609,21 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (((packet->payload_packet_len - http_content_ptr_len) > 5) && (memcmp(packet->payload + http_content_ptr_len, "item=", 5) == 0) && (ndpi_check_for_cmd(ndpi_struct, flow) != 0))) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC Nickname, cmd, one time"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: Nickname, cmd, one time"); ndpi_int_irc_add_connection(ndpi_struct, flow); return; } } detected_irc: - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "detected_irc:"); + NDPI_LOG_DBG2(ndpi_struct, "detected_irc:"); if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_IRC) { /* maybe this can be deleted at the end */ if (packet->payload[packet->payload_packet_len - 2] != 0x0d && packet->payload[packet->payload_packet_len - 1] == 0x0a) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "ndpi_parse_packet_line_info_any(ndpi_struct, flow);"); + NDPI_LOG_DBG2(ndpi_struct, "ndpi_parse_packet_line_info_any(ndpi_struct, flow);"); ndpi_parse_packet_line_info_any(ndpi_struct, flow); } else if (packet->payload[packet->payload_packet_len - 2] == 0x0d) { ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -637,27 +632,27 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } for (i = 0; i < packet->parsed_lines; i++) { if (packet->line[i].len > 6 && memcmp(packet->line[i].ptr, "NOTICE ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "NOTICE"); + NDPI_LOG_DBG2(ndpi_struct, "NOTICE"); for (j = 7; j < packet->line[i].len - 8; j++) { if (packet->line[i].ptr[j] == ':') { if (memcmp(&packet->line[i].ptr[j + 1], "DCC SEND ", 9) == 0 || memcmp(&packet->line[i].ptr[j + 1], "DCC CHAT ", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_INFO(ndpi_struct, "found NOTICE and DCC CHAT or DCC SEND."); } } } } if (packet->payload_packet_len > 0 && packet->payload[0] == 0x3a /* 0x3a = ':' */ ) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "3a"); + NDPI_LOG_DBG2(ndpi_struct, "3a"); for (j = 1; j < packet->line[i].len - 9; j++) { if (packet->line[i].ptr[j] == ' ') { j++; if (packet->line[i].ptr[j] == 'P') { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "P"); + NDPI_LOG_DBG2(ndpi_struct, "P"); j++; if (memcmp(&packet->line[i].ptr[j], "RIVMSG ", 7) == 0) - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "RIVMSG"); + NDPI_LOG_DBG2(ndpi_struct, "RIVMSG"); h = j + 7; goto read_privmsg; } @@ -665,25 +660,24 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } if (packet->line[i].len > 7 && (memcmp(packet->line[i].ptr, "PRIVMSG ", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "PRIVMSG "); + NDPI_LOG_DBG2(ndpi_struct, "PRIVMSG "); h = 7; read_privmsg: for (j = h; j < packet->line[i].len - 9; j++) { if (packet->line[i].ptr[j] == ':') { if (memcmp(&packet->line[i].ptr[j + 1], "xdcc ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "xdcc should match."); + NDPI_LOG_DBG2(ndpi_struct, "xdcc should match."); } j += 2; if (memcmp(&packet->line[i].ptr[j], "DCC ", 4) == 0) { j += 4; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "found DCC."); + NDPI_LOG_DBG2(ndpi_struct, "found DCC."); if (memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0 || (memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0) || (memcmp(&packet->line[i].ptr[j], "chat", 4) == 0) || (memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0) || (memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "found CHAT,chat,sslchat,TSEND."); + NDPI_LOG_DBG2(ndpi_struct, "found CHAT,chat,sslchat,TSEND."); j += 4; while (packet->line[i].len > j && @@ -696,35 +690,29 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (packet->line[i].ptr[j] == ' ') { space++; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "space %u.", space); + NDPI_LOG_DBG2(ndpi_struct, "space %u.", space); } if (space == 3) { j++; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "read port."); + NDPI_LOG_DBG2(ndpi_struct, "read port."); if (src != NULL) { k = j; port = ntohs_ndpi_bytestream_to_number (&packet->line[i].ptr[j], packet->payload_packet_len - j, &j); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "port %u.", + NDPI_LOG_DBG2(ndpi_struct, "port %u.", port); j = k; // hier jetzt überlegen, wie die ports abgespeichert werden sollen if (src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT) - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT."); + NDPI_LOG_DBG2(ndpi_struct, "src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT."); if (src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT && port != 0) { if (!ndpi_is_duplicate(src, port)) { src->irc_port[src->irc_number_of_port] = port; src->irc_number_of_port++; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", + NDPI_LOG_DBG2(ndpi_struct, "found port=%d jjeeeeeeeeeeeeeeeeeeeeeeeee", ntohs(get_u_int16_t(src->irc_port, 0))); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "jjeeeeeeeeeeeeeeeeeeeeeeeee"); } src->irc_ts = packet->tick_timestamp; } else if (port != 0 && src->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { @@ -732,11 +720,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc less = 0; NDPI_IRC_FIND_LESS(src->last_time_port_used, less); src->irc_port[less] = port; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", - ntohs(get_u_int16_t(src->irc_port, 0))); + NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(src->irc_port, 0))); } src->irc_ts = packet->tick_timestamp; } @@ -747,8 +731,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (dst != NULL) { port = ntohs_ndpi_bytestream_to_number (&packet->line[i].ptr[j], packet->payload_packet_len - j, &j); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "port %u.", - port); + NDPI_LOG_DBG2(ndpi_struct, "port %u.", port); // hier das gleiche wie oben. /* hier werden NDPI_PROTOCOL_IRC_MAXPORT ports pro irc flows mitgespeichert. könnte man denn nicht ein- * fach an die dst oder src einen flag setzten, dass dieser port für eine bestimmte @@ -759,13 +742,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc dst->irc_port[dst->irc_number_of_port] = port; dst->irc_number_of_port++; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", - ntohs(get_u_int16_t(dst->irc_port, 0))); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "juuuuuuuuuuuuuuuu"); + NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(dst->irc_port, 0))); + NDPI_LOG_DBG2(ndpi_struct, "juuuuuuuuuuuuuuuu"); } dst->irc_ts = packet->tick_timestamp; } else if (port != 0 && dst->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { @@ -774,11 +752,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_IRC_FIND_LESS(dst->last_time_port_used, less); dst->irc_port[less] = port; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", - ntohs(get_u_int16_t(dst->irc_port, 0))); + NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(dst->irc_port, 0))); } dst->irc_ts = packet->tick_timestamp; } diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index d8be54adf..05950d8c5 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNENCRYPTED_JABBER #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER struct jabber_string { char *string; u_int ndpi_protocol; @@ -70,51 +74,47 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st u_int16_t x; - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER detection....\n"); + NDPI_LOG_DBG(ndpi_struct, "search JABBER\n"); /* search for jabber file transfer */ /* this part is working asymmetrically */ if (packet->tcp != NULL && packet->tcp->syn != 0 && packet->payload_packet_len == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "check jabber syn\n"); + NDPI_LOG_DBG2(ndpi_struct, "check jabber syn\n"); if (src != NULL && src->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "src jabber ft port set, ports are: %u, %u\n", ntohs(src->jabber_file_transfer_port[0]), - ntohs(src->jabber_file_transfer_port[1])); + NDPI_LOG_DBG2(ndpi_struct, "src jabber ft port set, ports are: %u, %u\n", + ntohs(src->jabber_file_transfer_port[0]), + ntohs(src->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - src->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER src stun timeout %u %u\n", src->jabber_stun_or_ft_ts, - packet->tick_timestamp); + NDPI_LOG_DBG2(ndpi_struct, "JABBER src stun timeout %u %u\n", + src->jabber_stun_or_ft_ts, packet->tick_timestamp); src->jabber_file_transfer_port[0] = 0; src->jabber_file_transfer_port[1] = 0; } else if (src->jabber_file_transfer_port[0] == packet->tcp->dest || src->jabber_file_transfer_port[0] == packet->tcp->source || src->jabber_file_transfer_port[1] == packet->tcp->dest || src->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "found jabber file transfer.\n"); + NDPI_LOG_INFO(ndpi_struct, "found jabber file transfer\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); } } if (dst != NULL && dst->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "dst jabber ft port set, ports are: %u, %u\n", ntohs(dst->jabber_file_transfer_port[0]), - ntohs(dst->jabber_file_transfer_port[1])); + NDPI_LOG_DBG2(ndpi_struct, "dst jabber ft port set, ports are: %u, %u\n", + ntohs(dst->jabber_file_transfer_port[0]), + ntohs(dst->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - dst->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER dst stun timeout %u %u\n", dst->jabber_stun_or_ft_ts, - packet->tick_timestamp); + NDPI_LOG_DBG2(ndpi_struct, "JABBER dst stun timeout %u %u\n", + dst->jabber_stun_or_ft_ts, packet->tick_timestamp); dst->jabber_file_transfer_port[0] = 0; dst->jabber_file_transfer_port[1] = 0; } else if (dst->jabber_file_transfer_port[0] == packet->tcp->dest || dst->jabber_file_transfer_port[0] == packet->tcp->source || dst->jabber_file_transfer_port[1] == packet->tcp->dest || dst->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "found jabber file transfer.\n"); + NDPI_LOG_INFO(ndpi_struct, "found jabber file transfer\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); @@ -135,17 +135,17 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st /* check for google jabber voip connections ... */ /* need big packet */ if (packet->payload_packet_len < 100) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet too small, return.\n"); + NDPI_LOG_DBG2(ndpi_struct, "packet too small, return\n"); return; } /* need message to or type for file-transfer */ if (memcmp(packet->payload, "payload, "payload_packet_len - 11; for (x = 10; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG_DBG2(ndpi_struct, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -155,30 +155,25 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL) { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[0] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; } } if (dst != NULL) { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; } @@ -191,7 +186,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else if (memcmp(packet->payload, "payload, "payload, "payload_packet_len - 21; for (x = 8; x < lastlen; x++) { /* invalid character */ @@ -199,7 +194,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st return; } if (packet->payload[x] == '@') { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER @\n"); + NDPI_LOG_DBG2(ndpi_struct, "JABBER @\n"); break; } } @@ -211,7 +206,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st for (; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG_DBG2(ndpi_struct, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -222,8 +217,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL && src->jabber_voice_stun_used_ports < JABBER_MAX_STUN_PORTS - 1) { if (packet->payload[5] == 'o') { @@ -232,13 +226,12 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[0] = j_port = %u;\n", + ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", - ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[1] = j_port = %u;\n", + ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; } } @@ -251,13 +244,12 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", + ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", - ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", + ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; } } @@ -291,16 +283,14 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "packet_counter: %u\n", flow->packet_counter); + NDPI_LOG_DBG2(ndpi_struct, "packet_counter: %u\n", flow->packet_counter); return; } - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER Excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); #ifdef NDPI_PROTOCOL_TRUPHONE - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TRUPHONE); + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE,__FILE__,__FUNCTION__,__LINE__); #endif } diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index fbdc8eac6..87c1ef061 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -24,13 +24,20 @@ http://www.kakao.com/services/talk/voices */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KAKAOTALK_VOICE + #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search kakaotalk_voice\n"); + if(packet->iph && packet->udp && (packet->payload_packet_len >= 4) @@ -48,14 +55,14 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */) || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */)) { + NDPI_LOG_INFO(ndpi_struct, "found kakaotalk_voice\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); return; } } } - NDPI_LOG(NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KAKAOTALK_VOICE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index b86b58a20..71f4a8636 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -22,24 +22,28 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_KERBEROS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KERBEROS + +#include "ndpi_api.h" + + static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KERBEROS, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_DBG(ndpi_struct, "trace KERBEROS\n"); } void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search KERBEROS\n"); /* I have observed 0a,0c,0d,0e at packet->payload[19/21], maybe there are other possibilities */ if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) == packet->payload_packet_len - 4) { @@ -47,7 +51,6 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, stru packet->payload[14] == 0x05 && (packet->payload[19] == 0x0a || packet->payload[19] == 0x0c || packet->payload[19] == 0x0d || packet->payload[19] == 0x0e)) { - NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "found KERBEROS\n"); ndpi_int_kerberos_add_connection(ndpi_struct, flow); return; @@ -56,18 +59,12 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, stru packet->payload[16] == 0x05 && (packet->payload[21] == 0x0a || packet->payload[21] == 0x0c || packet->payload[21] == 0x0d || packet->payload[21] == 0x0e)) { - NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "found KERBEROS\n"); ndpi_int_kerberos_add_connection(ndpi_struct, flow); return; } - - - } - - NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "no KERBEROS detected.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KERBEROS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 6bd55cdc5..425fd6b1b 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -23,44 +23,46 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_KONTIKI +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KONTIKI + +#include "ndpi_api.h" + + static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KONTIKI, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found Kontiki UDP\n"); } void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - + NDPI_LOG_DBG(ndpi_struct, "search Kontiki\n"); if (packet->payload_packet_len == 4 && (get_u_int32_t(packet->payload, 0) == htonl(0x02010100))) { - NDPI_LOG(NDPI_PROTOCOL_KONTIKI, ndpi_struct, NDPI_LOG_DEBUG, "Kontiki UDP detected.\n"); ndpi_int_kontiki_add_connection(ndpi_struct, flow); return; } + if (packet->payload_packet_len > 0 && packet->payload[0] == 0x02) { if (packet->payload_packet_len == 20 && (get_u_int32_t(packet->payload, 16) == htonl(0x02040100))) { - NDPI_LOG(NDPI_PROTOCOL_KONTIKI, ndpi_struct, NDPI_LOG_DEBUG, "Kontiki UDP detected.\n"); ndpi_int_kontiki_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 16 && (get_u_int32_t(packet->payload, 12) == htonl(0x000004e4))) { - NDPI_LOG(NDPI_PROTOCOL_KONTIKI, ndpi_struct, NDPI_LOG_DEBUG, "Kontiki UDP detected.\n"); ndpi_int_kontiki_add_connection(ndpi_struct, flow); return; } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KONTIKI); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index fee99a92d..4adb7c471 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -22,11 +22,15 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_LDAP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LDAP + +#include "ndpi_api.h" + + static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,15 +41,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - -// u_int16_t dport; - - - - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "search ldap\n"); - + NDPI_LOG_DBG(ndpi_struct, "search ldap\n"); if (packet->payload_packet_len >= 14 && packet->payload[0] == 0x30) { @@ -55,14 +51,14 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n if (packet->payload[3] == 0x01 && (packet->payload[5] == 0x60 || packet->payload[5] == 0x61) && packet->payload[6] == 0x07) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap simple type 1\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap simple type 1\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } if (packet->payload[3] == 0x02 && (packet->payload[6] == 0x60 || packet->payload[6] == 0x61) && packet->payload[7] == 0x07) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap simple type 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap simple type 2\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } @@ -75,7 +71,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n (packet->payload[9] == 0x60 || packet->payload[9] == 0x61 || packet->payload[9] == 0x63 || packet->payload[9] == 0x64) && packet->payload[10] == 0x84) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap type 1\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap type 1\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } @@ -84,7 +80,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n (packet->payload[10] == 0x60 || packet->payload[10] == 0x61 || packet->payload[10] == 0x63 || packet->payload[10] == 0x64) && packet->payload[11] == 0x84) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap type 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap type 2\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } @@ -92,8 +88,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n } - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "ldap excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LDAP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 01e445398..e507be9f9 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,6 +1,11 @@ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_LISP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP + +#include "ndpi_api.h" + #define LISP_PORT 4341 #define LISP_PORT1 4342 @@ -16,9 +21,8 @@ static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; - u_int32_t payload_len = packet->payload_packet_len; - if(packet->udp != NULL) { + if(packet->udp != NULL) { u_int16_t lisp_port = htons(LISP_PORT); u_int16_t lisp_port1 = htons(LISP_PORT1); @@ -28,22 +32,21 @@ static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, st ((packet->udp->source == lisp_port1) && (packet->udp->dest == lisp_port1)) ) { - NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "Found lisp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found lisp\n"); ndpi_int_lisp_add_connection(ndpi_struct, flow, 0); return; } } - NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "lisp detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search lisp\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) { diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 37c4cf896..5750c50cd 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_LOTUS_NOTES + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LOTUS_NOTES #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_LOTUS_NOTES /* ************************************ */ @@ -32,38 +36,35 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_str // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(packet->tcp != NULL) { - flow->l4.tcp.lotus_notes_packet_id++; - - if((flow->l4.tcp.lotus_notes_packet_id == 1) - /* We have seen the 3-way handshake */ - && flow->l4.tcp.seen_syn - && flow->l4.tcp.seen_syn_ack - && flow->l4.tcp.seen_ack) { - if(payload_len > 16) { - char lotus_notes_header[] = { 0x00, 0x00, 0x02, 0x00, 0x00, 0x40, 0x02, 0x0F }; - - if(memcmp(&packet->payload[6], lotus_notes_header, sizeof(lotus_notes_header)) == 0) { - NDPI_LOG(NDPI_PROTOCOL_LOTUS_NOTES, ndpi_struct, NDPI_LOG_DEBUG, "Found lotus_notes.\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LOTUS_NOTES, NDPI_PROTOCOL_UNKNOWN); - } - - return; + if(packet->tcp == NULL) return; + + flow->l4.tcp.lotus_notes_packet_id++; + + if((flow->l4.tcp.lotus_notes_packet_id == 1) + /* We have seen the 3-way handshake */ + && flow->l4.tcp.seen_syn + && flow->l4.tcp.seen_syn_ack + && flow->l4.tcp.seen_ack) { + if(payload_len > 16) { + char lotus_notes_header[] = { 0x00, 0x00, 0x02, 0x00, 0x00, 0x40, 0x02, 0x0F }; + + if(memcmp(&packet->payload[6], lotus_notes_header, sizeof(lotus_notes_header)) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found lotus_notes\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LOTUS_NOTES, NDPI_PROTOCOL_UNKNOWN); } + return; + } + + } else if(flow->l4.tcp.lotus_notes_packet_id <= 3) return; - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LOTUS_NOTES); - } else if(flow->l4.tcp.lotus_notes_packet_id > 3) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LOTUS_NOTES); - - return; - } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_LOTUS_NOTES, ndpi_struct, NDPI_LOG_DEBUG, "lotus_notes detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search lotus_notes\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LOTUS_NOTES) diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 4e352583e..2c3d3d2d7 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -22,10 +22,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAIL_IMAP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_IMAP + +#include "ndpi_api.h" + + static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAP, NDPI_PROTOCOL_UNKNOWN); @@ -40,11 +45,11 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t saw_command = 0; /* const u_int8_t *command = 0; */ - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "search IMAP.\n"); + NDPI_LOG_DBG(ndpi_struct, "search IMAP_IMAP\n"); if (flow->l4.tcp.mail_imap_starttls == 2) { #ifdef NDPI_PROTOCOL_SSL - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "starttls detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); return; @@ -275,7 +280,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, if (saw_command == 1) { if (flow->l4.tcp.mail_imap_stage == 3 || flow->l4.tcp.mail_imap_stage == 5) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "mail imap identified\n"); + NDPI_LOG_INFO(ndpi_struct, "found MAIL_IMAP\n"); ndpi_int_mail_imap_add_connection(ndpi_struct, flow); return; } @@ -283,7 +288,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if (packet->payload_packet_len > 1 && packet->payload[packet->payload_packet_len - 1] == ' ') { - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe a split imap command -> need next packet and imap_stage is set to 4.\n"); flow->l4.tcp.mail_imap_stage = 4; return; @@ -295,13 +300,12 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, // if the packet count is low enough and at least one command or response was seen before if ((packet->payload_packet_len >= 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) && flow->packet_counter < 6 && flow->l4.tcp.mail_imap_stage >= 1) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "no imap command or response but packet count < 6 and imap stage >= 1 -> skip\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "exclude IMAP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 0e487c4a5..4f9a6ea5f 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAIL_POP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_POP + +#include "ndpi_api.h" + + #define POP_BIT_AUTH 0x0001 #define POP_BIT_APOP 0x0002 #define POP_BIT_USER 0x0004 @@ -52,9 +57,6 @@ static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_mod { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 4) { if ((packet->payload[0] == 'A' || packet->payload[0] == 'a') && (packet->payload[1] == 'U' || packet->payload[1] == 'u') @@ -133,13 +135,10 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; u_int8_t a = 0; u_int8_t bit_count = 0; - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "search mail_pop\n"); + NDPI_LOG_DBG(ndpi_struct, "search mail_pop\n"); @@ -165,12 +164,12 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct } } - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "mail_pop +OK/-ERR responses: %u, unique commands: %u\n", flow->l4.tcp.mail_pop_stage, bit_count); if ((bit_count + flow->l4.tcp.mail_pop_stage) >= 3) { if (flow->l4.tcp.mail_pop_stage > 0) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "mail_pop identified\n"); + NDPI_LOG_INFO(ndpi_struct, "mail_pop identified\n"); ndpi_int_mail_pop_add_connection(ndpi_struct, flow); return; } else { @@ -182,7 +181,7 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct } else { // first part of a split packet - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "mail_pop command without line ending -> skip\n"); return; } @@ -193,13 +192,12 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct if (((packet->payload_packet_len > 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) || flow->l4.tcp.pop_command_bitmask != 0 || flow->l4.tcp.mail_pop_stage != 0) && flow->packet_counter < 12) { // maybe part of a split pop packet - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe part of split mail_pop packet -> skip\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "exclude mail_pop\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_POP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 422ed0dc2..252c74ffe 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAIL_SMTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_SMTP + +#include "ndpi_api.h" + + #define SMTP_BIT_220 0x01 #define SMTP_BIT_250 0x02 #define SMTP_BIT_235 0x04 @@ -53,12 +58,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "search mail_smtp.\n"); - + NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n"); if (packet->payload_packet_len > 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { u_int8_t a; @@ -152,11 +152,11 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct bit_count += (flow->l4.tcp.smtp_command_bitmask >> a) & 0x01; } } - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "seen smtp commands and responses: %u.\n", + NDPI_LOG_DBG2(ndpi_struct, "seen smtp commands and responses: %u\n", bit_count); if (bit_count >= 3) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "mail smtp identified\n"); + NDPI_LOG_INFO(ndpi_struct, "mail smtp identified\n"); ndpi_int_mail_smtp_add_connection(ndpi_struct, flow); return; } @@ -169,12 +169,11 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct packet->payload_packet_len >= 4 && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a || memcmp(packet->payload, "220", 3) == 0 || memcmp(packet->payload, "EHLO", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe SMTP, need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe SMTP, need next packet\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude smtp\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_SMTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index fa6feffd0..a55c2cc11 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -22,10 +22,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAPLESTORY +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAPLESTORY + +#include "ndpi_api.h" + static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_UNKNOWN); @@ -36,16 +40,13 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - + NDPI_LOG_DBG(ndpi_struct, "search maplestory\n"); if (packet->payload_packet_len == 16 && (ntohl(get_u_int32_t(packet->payload, 0)) == 0x0e003a00 || ntohl(get_u_int32_t(packet->payload, 0)) == 0x0e003b00 || ntohl(get_u_int32_t(packet->payload, 0)) == 0x0e004200) && ntohs(get_u_int16_t(packet->payload, 4)) == 0x0100 && (packet->payload[6] == 0x32 || packet->payload[6] == 0x33)) { - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "found maplestory.\n"); + NDPI_LOG_INFO(ndpi_struct, "found maplestory\n"); ndpi_int_maplestory_add_connection(ndpi_struct, flow); return; } @@ -63,7 +64,7 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_STATICSTRING_LEN("patch")) == 0 && memcmp(packet->user_agent_line.ptr, "Patcher", NDPI_STATICSTRING_LEN("Patcher")) == 0 && memcmp(packet->host_line.ptr, "patch.", NDPI_STATICSTRING_LEN("patch.")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "found maplestory update.\n"); + NDPI_LOG_INFO(ndpi_struct, "found maplestory update\n"); ndpi_int_maplestory_add_connection(ndpi_struct, flow); return; } @@ -71,14 +72,13 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st && memcmp(&packet->payload[NDPI_STATICSTRING_LEN("GET /maple")], "story/", NDPI_STATICSTRING_LEN("story/")) == 0 && memcmp(packet->user_agent_line.ptr, "AspINet", NDPI_STATICSTRING_LEN("AspINet")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "found maplestory update.\n"); + NDPI_LOG_INFO(ndpi_struct, "found maplestory update\n"); ndpi_int_maplestory_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "exclude maplestory.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAPLESTORY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index d805a0bca..aa3c3f525 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -20,10 +20,14 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MDNS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS + +#include "ndpi_api.h" + #define NDPI_MAX_MDNS_REQUESTS 128 PACK_ON @@ -65,7 +69,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct if(((packet->payload[2] & 0x80) == 0) && (questions <= NDPI_MAX_MDNS_REQUESTS) && (answers <= NDPI_MAX_MDNS_REQUESTS)) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with question query\n"); return 1; } else if(((packet->payload[2] & 0x80) != 0) @@ -86,7 +90,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct strncpy(flow->protos.mdns.answer, (const char *)answer, len); flow->protos.mdns.answer[len] = '\0'; - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with answer query\n"); return 1; } @@ -98,6 +102,8 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport; + NDPI_LOG_DBG(ndpi_struct, "search MDNS\n"); + /** information from http://www.it-administrator.de/lexikon/multicast-dns.html */ @@ -112,8 +118,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n /* mdns protocol must have destination address 224.0.0.251 */ if(packet->iph != NULL /* && ntohl(packet->iph->daddr) == 0xe00000fb */) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { ndpi_int_mdns_add_connection(ndpi_struct, flow); @@ -125,8 +130,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; if(daddr[0] == htonl(0xff020000) /* && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb) */) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address ff02::fb\n"); if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { ndpi_int_mdns_add_connection(ndpi_struct, flow); @@ -137,7 +141,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n #endif } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index 7b7d910de..bb317f5d5 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -18,16 +18,20 @@ * If not, see . */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_MEGACO + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEGACO #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_MEGACO void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_MEGACO, ndpi_struct, NDPI_LOG_DEBUG, "search for MEGACO.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for MEGACO\n"); if(packet->udp != NULL) { if((packet->payload_packet_len > 4 && packet->payload[0] == '!' && packet->payload[1] == '/' && @@ -36,14 +40,13 @@ void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct packet->payload[2] == 'G' && packet->payload[3] == 'A' && packet->payload[4] == 'C' && packet->payload[5] == 'O' && packet->payload[6] == '/' && packet->payload[7] == '1' && packet->payload[8] == ' ' && packet->payload[9] == '[')) { - NDPI_LOG(NDPI_PROTOCOL_MEGACO, ndpi_struct, NDPI_LOG_DEBUG, "found MEGACO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MEGACO\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MEGACO, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_MEGACO, ndpi_struct, NDPI_LOG_DEBUG, "exclude MEGACO.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MEGACO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index e16091642..69fe33fac 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -20,10 +20,16 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MGCP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MGCP + +#include "ndpi_api.h" + + static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,40 +45,39 @@ void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct n u_int16_t pos = 5; - if (packet->payload_packet_len < 8) { - goto mgcp_excluded; - } - - /* packet must end with 0x0d0a or with 0x0a */ - if (packet->payload[packet->payload_packet_len - 1] != 0x0a) { - goto mgcp_excluded; - } - - if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && - packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && - packet->payload[0] != 'R') { - goto mgcp_excluded; - } - if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && - memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && - memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && - memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && - memcmp(packet->payload, "RSIP ", 5) != 0) { - goto mgcp_excluded; - } - // now search for string "MGCP " in the rest of the message - while ((pos + 4) < packet->payload_packet_len) { - if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "MGCP match.\n"); - ndpi_int_mgcp_add_connection(ndpi_struct, flow); - return; + NDPI_LOG_DBG(ndpi_struct, "search MGCP\n"); + + do { + if (packet->payload_packet_len < 8) break; + + /* packet must end with 0x0d0a or with 0x0a */ + if (packet->payload[packet->payload_packet_len - 1] != 0x0a) break; + + if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && + packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && + packet->payload[0] != 'R') + break; + + if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && + memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && + memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && + memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && + memcmp(packet->payload, "RSIP ", 5) != 0) + break; + + // now search for string "MGCP " in the rest of the message + while ((pos + 4) < packet->payload_packet_len) { + if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found MGCP\n"); + ndpi_int_mgcp_add_connection(ndpi_struct, flow); + return; + } + pos++; } - pos++; - } - mgcp_excluded: - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude MGCP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MGCP); + } while(0); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mms.c b/src/lib/protocols/mms.c index d6b4edbca..42391b5fc 100644 --- a/src/lib/protocols/mms.c +++ b/src/lib/protocols/mms.c @@ -23,10 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_CONTENT_MMS +#define NDPI_CURRENT_PROTO NDPI_CONTENT_MMS + +#include "ndpi_api.h" + static void ndpi_int_mms_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,9 +43,7 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - + NDPI_LOG_DBG(ndpi_struct, "search MMS\n"); /* search MSMMS packets */ if (packet->payload_packet_len >= 20) { @@ -49,7 +51,7 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && packet->payload[5] == 0xfa && packet->payload[6] == 0x0b && packet->payload[7] == 0xb0 && packet->payload[12] == 0x4d && packet->payload[13] == 0x4d && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS: MSMMS Request found \n"); + NDPI_LOG_INFO(ndpi_struct, "found MMS: MSMMS Request \n"); flow->l4.tcp.mms_stage = 1 + packet->packet_direction; return; } @@ -59,7 +61,7 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && packet->payload[6] == 0x0b && packet->payload[7] == 0xb0 && packet->payload[12] == 0x4d && packet->payload[13] == 0x4d && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS: MSMMS Response found \n"); + NDPI_LOG_INFO(ndpi_struct, "found MMS: MSMMS Response \n"); ndpi_int_mms_add_connection(ndpi_struct, flow); return; } @@ -67,12 +69,11 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc #ifdef NDPI_PROTOCOL_HTTP if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { #endif /* NDPI_PROTOCOL_HTTP */ - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS: exclude\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_MMS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); #ifdef NDPI_PROTOCOL_HTTP } else { - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS avoid early exclude from http\n"); + NDPI_LOG_DBG(ndpi_struct, "MMS avoid early exclude from http\n"); } #endif /* NDPI_PROTOCOL_HTTP */ diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 4970147e1..3558bdce7 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -19,16 +19,19 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MPEGTS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MPEGTS + +#include "ndpi_api.h" + void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "search for MPEGTS.\n"); + NDPI_LOG_DBG(ndpi_struct, "search MPEGTS\n"); if((packet->udp != NULL) && ((packet->payload_packet_len % 188) == 0)) { u_int i, num_chunks = packet->payload_packet_len / 188; @@ -40,13 +43,13 @@ void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct } /* This looks MPEG TS */ + NDPI_LOG_INFO(ndpi_struct, "found MPEGTS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MPEGTS, NDPI_PROTOCOL_UNKNOWN); return; } no_mpegts: - NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "Excluded MPEGTS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MPEGTS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 37c469066..950dde5d1 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -21,9 +21,15 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_MQTT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MQTT + +#include "ndpi_api.h" + + /** * The type of control messages in mqtt version 3.1.1 * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 @@ -52,7 +58,7 @@ static void ndpi_int_mqtt_add_connection (struct ndpi_detection_module_struct *n struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_MQTT,NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt\n"); } /** @@ -61,95 +67,96 @@ static void ndpi_int_mqtt_add_connection (struct ndpi_detection_module_struct *n void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt search called...\n"); + u_int8_t rl,pt,flags; + + NDPI_LOG_DBG(ndpi_struct, "search Mqtt\n"); struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt detection...\n"); if (flow->packet_counter > 10) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. mandatory header not found!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> Mqtt header: %4x%4x%4x%4x [len: %u]\n", + NDPI_LOG_DBG2(ndpi_struct, "====>>>> Mqtt header: %4x%4x%4x%4x [len: %u]\n", packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], packet->payload_packet_len); if (packet->payload_packet_len < 2) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. mandatory header not found!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (packet->payload_packet_len > 258) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. maximum packet size exceeded!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. maximum packet size exceeded!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } // we extract the remaining length - u_int8_t rl = (u_int8_t) (packet->payload[1]); + rl = (u_int8_t) (packet->payload[1]); if (packet->payload_packet_len != (rl + 2)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. packet size exceeded!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. packet size exceeded!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } // we extract the packet type - u_int8_t pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Mqtt packet type: [%d]\n",pt); + pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Mqtt packet type: [%d]\n",pt); if ((pt == 0) || (pt == 15)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. invalid packet type!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. invalid packet type!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } // we extract the flags - u_int8_t flags = (u_int8_t) (packet->payload[0] & 0x0F); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Mqtt flags type: [%d]\n",flags); + flags = (u_int8_t) (packet->payload[0] & 0x0F); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Mqtt flags type: [%d]\n",flags); // first stage verification if (((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) || (pt == PUBCOMP) || (pt == SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) && (flags > 0)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination flag!=0\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Flag combination flag!=0\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (((pt == PUBREL) || (pt == SUBSCRIBE) || (pt == UNSUBSCRIBE)) && (flags != 2)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination flag!=2\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Flag combination flag!=2\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed first stage of identification\n"); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Passed first stage of identification\n"); // second stage verification (no payload, just variable headers) if ((pt == CONNACK) || (pt == PUBACK) || (pt == PUBREL) || (pt == PUBREC) || (pt == PUBCOMP) || (pt == UNSUBACK)) { if (packet->payload_packet_len != 4) { // these packets are always 4 bytes long - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length < 4 \n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Length < 4 \n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found CONNACK/PUBACK/PUBREL/PUBREC/PUBCOMP/UNSUBACK\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt CONNACK/PUBACK/PUBREL/PUBREC/PUBCOMP/UNSUBACK\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } if ((pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) { if (packet->payload_packet_len != 2) { // these packets are always 2 bytes long - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length <2 \n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Length <2 \n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PING/PINGRESP/DISCONNECT\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt PING/PINGRESP/DISCONNECT\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed second stage of identification\n"); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Passed second stage of identification\n"); // third stage verification (payload) if (pt == CONNECT) { if (packet->payload_packet_len >= 8 && memcmp(&(packet->payload[4]),"MQTT",4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found CONNECT\n"); + NDPI_LOG_DBG(ndpi_struct, "found Mqtt CONNECT\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid CONNECT\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid CONNECT\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } @@ -160,79 +167,78 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t retain = (u_int8_t) (flags & 0x01); u_int8_t dup = (u_int8_t) (flags & 0x04); if (qos > 2) { // qos values possible are 0,1,2 - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (retain > 1) { // retain flag possible 0,1 - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH retain\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH retain\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (dup > 1) { // dup flag possible 0,1 - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH dup\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH dup\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (qos == 0) { if (dup != 0) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos0 and dup combination\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos0 and dup combination\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (packet->payload_packet_len < 5) { // at least topic (3Bytes + 2Bytes fixed header) - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos0 size\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos0 size\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } } if ((qos == 1) || (qos == 2)) { if (packet->payload_packet_len < 7 ) { // at least topic + pkt identifier (3Bytes + 2Bytes + 2Bytes fixed header) - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos1&2\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos1&2\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PUBLISH\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt PUBLISH\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } if (pt == SUBSCRIBE) { if (packet->payload_packet_len < 8) { // at least one topic+filter is required in the payload - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid SUBSCRIBE\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid SUBSCRIBE\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found SUBSCRIBE\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt SUBSCRIBE\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } if (pt == SUBACK ) { if (packet->payload_packet_len <5 ) { // must have at least a response code - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid SUBACK\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid SUBACK\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found SUBACK\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt SUBACK\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } if (pt == UNSUBSCRIBE) { if (packet->payload_packet_len < 7) { // at least a topic - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid UNSUBSCRIBE\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid UNSUBSCRIBE\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found UNSUBSCRIBE\n",pt); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt UNSUBSCRIBE\n",pt); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed third stage of identification"); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end excluding Mqtt ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Passed third stage of identification"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /** @@ -241,7 +247,6 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt dissector init...\n"); ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MQTT, ndpi_search_mqtt, diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 2938d39b8..4c5b73dcd 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -21,10 +21,16 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" + +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_MSN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSN + +#include "ndpi_api.h" + #define MAX_PACKETS_FOR_MSN 100 static void ndpi_int_msn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -59,17 +65,16 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct u_int16_t plen; u_int16_t status = 0; - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp detection...\n"); #ifdef NDPI_PROTOCOL_SSL if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "msn ssl ft test\n"); + NDPI_LOG_DBG2(ndpi_struct, "msn ssl ft test\n"); if(flow->packet_counter < 10) { if(flow->packet_counter == 7 && packet->payload_packet_len > 300) { if(memcmp(packet->payload + 24, "MSNSLP", 6) == 0 || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "detected MSN File Transfer, ifdef ssl.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -77,12 +82,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->packet_counter >= 5 && flow->packet_counter <= 10 && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) { flow->l4.tcp.msn_ssl_ft++; - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "increased msn ft ssl stage to: %u at packet nr: %u\n", flow->l4.tcp.msn_ssl_ft, flow->packet_counter); if (flow->l4.tcp.msn_ssl_ft == 2) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "detected MSN File Transfer, ifdef ssl 2.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found MSN File Transfer, ifdef ssl 2.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); } return; @@ -109,18 +114,13 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6) || (ntohl(get_u_int32_t(packet->payload, 20)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 24)) == 0x72c64bc6))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_INFO(ndpi_struct, "found MSN in packets that also contain voice.messenger.live.com.\n"); /* TODO this is an alternative pattern for video detection */ /* if (packet->payload_packet_len > 100 && get_u_int16_t(packet->payload, 86) == htons(0x05dc)) { */ - if(packet->payload_packet_len > 101 && packet->payload[101] == 0x02) { - ndpi_int_msn_add_connection(ndpi_struct, flow); - } else { - ndpi_int_msn_add_connection(ndpi_struct, flow); - } - + ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -133,14 +133,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if (memcmp(&packet->payload[packet->payload_packet_len - 6], "CVR", 3) == 0 || memcmp(&packet->payload[packet->payload_packet_len - 8], "MSNP", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN by pattern VER...CVR/MSNP ODOA.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN by pattern VER...CVR/MSNP ODOA\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } if (ndpi_match_strprefix(&packet->payload[4], packet->payload_packet_len-4, "MSNFT")) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN FT by pattern VER MSNFT...0d0a.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN FT by pattern VER MSNFT...0d0a\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -157,6 +155,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len > NDPI_STATICSTRING_LEN("Messenger/") && memcmp(packet->user_agent_line.ptr, "Messenger/", NDPI_STATICSTRING_LEN("Messenger/")) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found MSN Messenger/\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -184,8 +183,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct (packet->content_line.len >= NDPI_STATICSTRING_LEN("text/x-msnmsgr") && memcmp(packet->content_line.ptr, "text/x-msnmsgr", NDPI_STATICSTRING_LEN("text/x-msnmsgr")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN by pattern POST http:// .... application/x-msn-messenger.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN POST application/x-msn-messenger\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -209,16 +207,14 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct for(c = 13; c < 50; c++) { if(memcmp(&packet->payload[c], "/", 1) == 0) { if(memcmp(&packet->payload[c], "/gateway/gateway.dll", 20) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found pattern http://.../gateway/gateway.ddl.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found pattern http://.../gateway/gateway.ddl\n"); status = 1; break; } } } } else if((memcmp(&packet->payload[5], "/gateway/gateway.dll", 20) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found pattern http://.../gateway/gateway.ddl.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found pattern http://.../gateway/gateway.ddl\n"); status = 1; } } @@ -239,7 +235,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if ((src != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0) || (dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found MSN with pattern text/xml; charset=utf-8.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN with pattern text/xml; charset=utf-8\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -248,10 +244,8 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct || memcmp(packet->line[a].ptr, "VER ", 4) == 0 || memcmp(packet->line[a].ptr, "ANS ", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN with pattern text/sml; charset0utf-8.\n"); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, - NDPI_LOG_TRACE, "MSN xml CVS / VER / ANS found\n"); + NDPI_LOG_DBG2(ndpi_struct, "found MSN with pattern text/sml; charset0utf-8\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN xml CVS / VER / ANS found\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -280,13 +274,13 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct (packet->content_line.len >= NDPI_STATICSTRING_LEN("text/x-msnmsgr") && memcmp(packet->content_line.ptr, "text/x-msnmsgr", NDPI_STATICSTRING_LEN("text/x-msnmsgr")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "HTTP/1.0 200 OK .... application/x-msn-messenger.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found MSN application/x-msn-messenger.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } if(ndpi_int_find_xmsn(ndpi_struct, flow) == 1) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "HTTP/1.0 200 OK .... X-MSN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN X-MSN\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -296,7 +290,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct /* now block proxy connection */ if(packet->payload_packet_len >= 42) { if(memcmp(packet->payload, "CONNECT messenger.hotmail.com:1863 HTTP/1.", 42) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found MSN with pattern CONNECT messenger.hotmail.com:1863 HTTP/1..\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN with pattern CONNECT messenger.hotmail.com:1863 HTTP/1.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -322,7 +316,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct while (plen < endlen) { if (ndpi_check_for_email_address(ndpi_struct, flow, plen) != 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found mail address\n"); + NDPI_LOG_DBG2(ndpi_struct, "found mail address\n"); break; } if (packet->payload_packet_len > plen + 1 @@ -334,7 +328,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct goto ndpi_msn_exclude; } } - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found MSN with pattern USR/ANS ...mail_address.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN with pattern USR/ANS ...mail_address\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -362,12 +356,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct (packet->content_line.len >= NDPI_STATICSTRING_LEN("text/x-msnmsgr") && memcmp(packet->content_line.ptr, "text/x-msnmsgr", NDPI_STATICSTRING_LEN("text/x-msnmsgr")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "HTTP/1.0 200 OK .... application/x-msn-messenger.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN application/x-msn-messenger\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } if(ndpi_int_find_xmsn(ndpi_struct, flow) == 1) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "HTTP/1.0 200 OK .... X-MSN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN X-MSN\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -381,7 +375,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0)) { if (flow->packet_counter == 1 && packet->payload_packet_len > 12 && memcmp(packet->payload, "recipientid=", 12) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "detected file transfer.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN file transfer\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -396,7 +390,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->payload_packet_len == 4 || packet->payload_packet_len == 8) && get_u_int32_t(packet->payload, 0) == htonl(0x04000000)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "maybe first TCP MSN detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe first TCP MSN detected\n"); if(packet->payload_packet_len == 8 && get_u_int32_t(packet->payload, 4) == htonl(0x666f6f00)) { flow->l4.tcp.msn_stage = 5 + packet->packet_direction; @@ -409,12 +403,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } else if (flow->l4.tcp.msn_stage == 1 + packet->packet_direction) { if (packet->payload_packet_len > 10 && get_u_int32_t(packet->payload, 0) == htonl(0x666f6f00)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 1\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 1\n"); return; } /* did not see this pattern in any trace */ if (packet->payload_packet_len == 56 && get_u_int32_t(packet->payload, 16) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "maybe Second TCP MSN detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe Second TCP MSN detected\n"); flow->l4.tcp.msn_stage = 3 + packet->packet_direction; return; } @@ -423,30 +417,30 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } else if (flow->l4.tcp.msn_stage == 2 - packet->packet_direction && packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x30000000)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 2\n"); return; } else if ((flow->l4.tcp.msn_stage == 3 + packet->packet_direction) || (flow->l4.tcp.msn_stage == 4 - packet->packet_direction)) { if (packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x30000000)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 2\n"); return; } } else if (flow->l4.tcp.msn_stage == 6 - packet->packet_direction) { if ((packet->payload_packet_len == 4) && (get_u_int32_t(packet->payload, 0) == htonl(0x10000000) || get_u_int32_t(packet->payload, 0) == htonl(0x30000000))) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 3\n"); return; } } else if (flow->l4.tcp.msn_stage == 5 + packet->packet_direction) { if ((packet->payload_packet_len == 20) && get_u_int32_t(packet->payload, 0) == htonl(0x10000000)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 3\n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "msn 7.\n"); + NDPI_LOG_DBG(ndpi_struct, "msn 7\n"); if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { if (memcmp(&packet->payload[0], "MSG ", 4) == 0 @@ -459,13 +453,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct || memcmp(&packet->payload[0], "XFR ", 4) == 0) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN\n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp excluded.\n"); ndpi_msn_exclude: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* search over UDP */ @@ -482,7 +475,7 @@ static void ndpi_search_msn_udp_misc(struct ndpi_detection_module_struct if ((src == NULL || NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) == 0) && (dst == NULL || NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) == 0)) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -490,7 +483,7 @@ static void ndpi_search_msn_udp_misc(struct ndpi_detection_module_struct if (packet->payload_packet_len == 20 && get_u_int32_t(packet->payload, 4) == 0 && packet->payload[9] == 0 && get_u_int16_t(packet->payload, 10) == htons(0x0100)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "msn udp misc data connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN udp misc data connection\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); } @@ -504,6 +497,7 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search msn\n"); /* this if request should always be true */ if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSN) == 0) { /* we deal with tcp now */ diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 42cecb8e2..75507fd52 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -22,10 +22,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MSSQL_TDS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSSQL_TDS + +#include "ndpi_api.h" + + struct tds_packet_header { u_int8_t type; u_int8_t status; @@ -46,24 +51,24 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; + NDPI_LOG_DBG(ndpi_struct, "search mssql_tds\n"); + if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { - NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } if((h->type >= 1 && h->type <= 8) || (h->type >= 14 && h->type <= 18)) { if(h->status == 0x00 || h->status == 0x01 || h->status == 0x02 || h->status == 0x04 || h->status == 0x08 || h->status == 0x09 || h->status == 0x10) { if(ntohs(h->length) == packet->payload_packet_len && h->window == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "found mssql_tds\n"); + NDPI_LOG_INFO(ndpi_struct, "found mssql_tds\n"); ndpi_int_mssql_tds_add_connection(ndpi_struct, flow); return; } } } - NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index e500b2976..d1e695e55 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MYSQL +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MYSQL + +#include "ndpi_api.h" + + static void ndpi_int_mysql_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,9 +41,9 @@ static void ndpi_int_mysql_add_connection(struct ndpi_detection_module_struct void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search MySQL\n"); - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; if(packet->tcp) { if (packet->payload_packet_len > 38 //min length && get_u_int16_t(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length @@ -55,7 +60,7 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str && get_u_int64_t(packet->payload, a + 19) == 0x0ULL //13 more && get_u_int32_t(packet->payload, a + 27) == 0x0 //filler bytes && get_u_int8_t(packet->payload, a + 31) == 0x0) { - NDPI_LOG(NDPI_PROTOCOL_MYSQL, ndpi_struct, NDPI_LOG_DEBUG, "MySQL detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); ndpi_int_mysql_add_connection(ndpi_struct, flow); return; } @@ -65,7 +70,7 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MYSQL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index c899086eb..d10a33b1a 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NETBIOS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETBIOS + +#include "ndpi_api.h" + + struct netbios_header { u_int16_t transaction_id, flags, questions, answer_rrs, authority_rrs, additional_rrs; }; @@ -81,10 +86,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc u_int16_t dport; char name[64]; + NDPI_LOG_DBG(ndpi_struct, "search netbios\n"); if(packet->udp != NULL) { dport = ntohs(packet->udp->dest); - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios udp start\n"); /*check standard NETBIOS over udp to port 137 */ if((dport == 137 || 0) && packet->payload_packet_len >= 50) { @@ -95,16 +100,14 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.questions = ntohs(h.questions), h.answer_rrs = ntohs(h.answer_rrs), h.authority_rrs = ntohs(h.authority_rrs), h.additional_rrs = ntohs(h.additional_rrs); - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios port 137 and payload_packet_len 50\n"); + NDPI_LOG_DBG(ndpi_struct, "found netbios port 137 and payload_packet_len 50\n"); if(h.flags == 0 && h.questions == 1 && h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -114,8 +117,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); @@ -128,8 +130,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 1) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers, authority, additional = 0 \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -139,8 +140,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 1) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -150,8 +150,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 1 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 8400 questions = 0 and answers = 1, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -162,8 +161,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 1 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 8500 questions = 0 and answers = 1, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -174,8 +172,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 1) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 2910, questions = 1 and answers, authority=0, additional = 1 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -186,8 +183,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 1 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag ad86 questions = 0 and answers = 1, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -198,8 +194,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 0110 questions = 1 and answers = 0, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -208,7 +203,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc if((h.flags & 0xf800) == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request\n"); + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request\n"); if(get_u_int16_t(packet->payload, 4) == htons(1) && get_u_int16_t(packet->payload, 6) == 0 && @@ -217,12 +212,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request, one question\n"); if(packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request, length matches\n"); /* null terminated? */ @@ -230,7 +225,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query request\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -238,7 +233,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } } } else if((h.flags & 0xf800) == 0x8000) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response\n"); if(get_u_int16_t(packet->payload, 4) == 0 && @@ -248,12 +243,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios positive name query response, one answer\n"); if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response, length matches\n"); /* null terminated? */ @@ -261,7 +256,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query response\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -274,12 +269,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios negative name query response, one answer\n"); if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response, length matches\n"); /* null terminated? */ @@ -287,7 +282,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x000A) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query response\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -300,12 +295,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios redirect name query response, one answer\n"); if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response, length matches\n"); /* null terminated? */ @@ -313,7 +308,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0002) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query response\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -332,17 +327,14 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc packet->payload_packet_len >= 14 && ntohs(get_u_int16_t(packet->payload, 10)) == packet->payload_packet_len - 14) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios port 138 and payload length >= 112 \n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n"); if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n"); if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); @@ -357,21 +349,17 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc if(packet->tcp != NULL) { dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios tcp start\n"); - /* destination port must be 139 */ if(dport == 139) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with destination port 139\n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios with destination port 139\n"); /* payload_packet_len must be 72 */ if(packet->payload_packet_len == 72) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with payload_packen_len = 72. \n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios with payload_packen_len = 72. \n"); if(packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with session request = 81, flags=0 and length od following bytes = 68. \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -382,8 +370,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "exclude netbios\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETBIOS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index 54c634263..a553e4b6a 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_NETFLOW + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETFLOW #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_NETFLOW #ifdef WIN32 extern int gettimeofday(struct timeval * tp, struct timezone * tzp); @@ -95,7 +99,7 @@ struct flow_ver7_rec { u_int32_t router_sc; /* Router which is shortcut by switch */ }; -static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; @@ -103,6 +107,8 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, time_t now; struct timeval now_tv; + NDPI_LOG_DBG(ndpi_struct, "search netflow\n"); + if((packet->udp != NULL) && (payload_len >= 24)) { u_int16_t version = (packet->payload[0] << 8) + packet->payload[1], uptime_offset; u_int32_t when, *_when; @@ -132,7 +138,7 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, } if((expected_len > 0) && (expected_len != payload_len)) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETFLOW); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -159,20 +165,13 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, if(((version == 1) && (when == 0)) || ((when >= 946684800 /* 1/1/2000 */) && (when <= now))) { - NDPI_LOG(NDPI_PROTOCOL_NETFLOW, ndpi_struct, NDPI_LOG_DEBUG, "Found netflow.\n"); + NDPI_LOG_INFO(ndpi_struct, "found netflow\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETFLOW, NDPI_PROTOCOL_UNKNOWN); return; } } } -void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - NDPI_LOG(NDPI_PROTOCOL_NETFLOW, ndpi_struct, NDPI_LOG_DEBUG, "netflow detection...\n"); - ndpi_check_netflow(ndpi_struct, flow); -} - - void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("NetFlow", ndpi_struct, detection_bitmask, *id, diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index 36fc007d6..c074b9d3b 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NFS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NFS + +#include "ndpi_api.h" + + static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,8 +42,7 @@ void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search NFS\n"); u_int8_t offset = 0; if (packet->tcp != NULL) @@ -47,41 +51,41 @@ void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct nd if (packet->payload_packet_len < (40 + offset)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS user match stage 1\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS user match stage 1\n"); if (offset != 0 && get_u_int32_t(packet->payload, 0) != htonl(0x80000000 + packet->payload_packet_len - 4)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS user match stage 2\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS user match stage 2\n"); if (get_u_int32_t(packet->payload, 4 + offset) != 0) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS user match stage 3\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS user match stage 3\n"); if (get_u_int32_t(packet->payload, 8 + offset) != htonl(0x02)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS match stage 3\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS match stage 3\n"); if (get_u_int32_t(packet->payload, 12 + offset) != htonl(0x000186a5) && get_u_int32_t(packet->payload, 12 + offset) != htonl(0x000186a3) && get_u_int32_t(packet->payload, 12 + offset) != htonl(0x000186a0)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS match stage 4\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS match stage 4\n"); if (ntohl(get_u_int32_t(packet->payload, 16 + offset)) > 4) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS match\n"); + NDPI_LOG_INFO(ndpi_struct, "found NFS\n"); ndpi_int_nfs_add_connection(ndpi_struct, flow); return; exclude_nfs: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NFS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index d4f289d66..8b76f33a6 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -21,11 +21,14 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NINTENDO +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NINTENDO + +#include "ndpi_api.h" + static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -43,15 +46,14 @@ void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, stru const char nintendo_pattern[] = { 0x32, 0xab, 0x98, 0x64, 0x02 }; if(memcmp(payload, nintendo_pattern, 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Found nintendo.\n"); + NDPI_LOG_INFO(ndpi_struct, "found nintendo\n"); ndpi_int_nintendo_add_connection(ndpi_struct, flow, 0); return; } } } - NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Nintendo.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NINTENDO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 814cfc4a0..9899b056b 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -5,28 +5,32 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_NOE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NOE #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_NOE static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NOE, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found noe\n"); } void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "search for NOE.\n"); + NDPI_LOG_DBG(ndpi_struct, "search NOE\n"); if(packet->udp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); if (packet->payload_packet_len == 1 && ( packet->payload[0] == 0x05 || packet->payload[0] == 0x04 )) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n"); ndpi_int_noe_add_connection(ndpi_struct, flow); return; } else if((packet->payload_packet_len == 5 || packet->payload_packet_len == 12) && @@ -34,19 +38,18 @@ void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct nd (packet->payload[1] == 0x00 ) && (packet->payload[2] != 0x00 ) && (packet->payload[3] == 0x00 )) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n"); ndpi_int_noe_add_connection(ndpi_struct, flow); + return; } else if((packet->payload_packet_len >= 25) && (packet->payload[0] == 0x00 && packet->payload[1] == 0x06 && packet->payload[2] == 0x62 && packet->payload[3] == 0x6c)) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n"); ndpi_int_noe_add_connection(ndpi_struct, flow); + return; } } else { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "exclude NOE.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NOE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 6e355c9f8..3b8eb3d7d 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -22,10 +22,13 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NTP + +#include "ndpi_api.h" static void ndpi_int_ntp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -37,31 +40,28 @@ void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struc { struct ndpi_packet_struct *packet = &flow->packet; - if (!(packet->udp->dest == htons(123) || packet->udp->source == htons(123))) - goto exclude_ntp; - - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "NTP port detected\n"); - - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "NTP length detected\n"); + NDPI_LOG_DBG(ndpi_struct, "search NTP\n"); + + if (packet->udp->dest == htons(123) || packet->udp->source == htons(123)) { + NDPI_LOG_DBG2(ndpi_struct, "NTP port and length detected\n"); - if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "detected NTP."); + if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { - // 38 in binary representation is 00111000 - flow->protos.ntp.version = (packet->payload[0] & 0x38) >> 3; + // 38 in binary representation is 00111000 + flow->protos.ntp.version = (packet->payload[0] & 0x38) >> 3; - if (flow->protos.ntp.version == 2) { - flow->protos.ntp.request_code = packet->payload[3]; - } + if (flow->protos.ntp.version == 2) { + flow->protos.ntp.request_code = packet->payload[3]; + } - ndpi_int_ntp_add_connection(ndpi_struct, flow); - return; + NDPI_LOG_INFO(ndpi_struct, "found NTP\n"); + ndpi_int_ntp_add_connection(ndpi_struct, flow); + return; + } } - - exclude_ntp: - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "NTP excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index c4a10645b..4a86a067f 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_OPENFT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT + +#include "ndpi_protocols.h" + static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,21 +41,18 @@ void ndpi_search_openft_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OPENFT, ndpi_struct, NDPI_LOG_DEBUG, "HTTP packet detected.\n"); + NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines >= 2 && packet->line[1].len > 13 && memcmp(packet->line[1].ptr, "X-OpenftAlias:", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OPENFT, ndpi_struct, NDPI_LOG_DEBUG, "OpenFT detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found OpenFT\n"); ndpi_int_openft_add_connection(ndpi_struct, flow); return; } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENFT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 234f18df8..6756c173d 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -21,10 +21,15 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_OPENVPN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENVPN + +#include "ndpi_api.h" + + #define P_CONTROL_HARD_RESET_CLIENT_V1 (0x01 << 3) #define P_CONTROL_HARD_RESET_CLIENT_V2 (0x07 << 3) #define P_CONTROL_HARD_RESET_SERVER_V1 (0x02 << 3) @@ -81,7 +86,7 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, if (check_pkid_and_detect_hmac_size(ovpn_payload) > 0) { memcpy(flow->ovpn_session_id, ovpn_payload+1, 8); - NDPI_LOG(NDPI_PROTOCOL_OPENVPN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "session key: %02x%02x%02x%02x%02x%02x%02x%02x\n", flow->ovpn_session_id[0], flow->ovpn_session_id[1], flow->ovpn_session_id[2], flow->ovpn_session_id[3], flow->ovpn_session_id[4], flow->ovpn_session_id[5], flow->ovpn_session_id[6], flow->ovpn_session_id[7]); @@ -95,10 +100,12 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, alen = ovpn_payload[P_PACKET_ID_ARRAY_LEN_OFFSET(hmac_size)]; session_remote = ovpn_payload + P_PACKET_ID_ARRAY_LEN_OFFSET(hmac_size) + 1 + alen * 4; - if (memcmp(flow->ovpn_session_id, session_remote, 8) == 0) - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN); + if (memcmp(flow->ovpn_session_id, session_remote, 8) == 0) { + NDPI_LOG_INFO(ndpi_struct,"found openvpn\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN); + } else { - NDPI_LOG(NDPI_PROTOCOL_OPENVPN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "key mismatch: %02x%02x%02x%02x%02x%02x%02x%02x\n", session_remote[0], session_remote[1], session_remote[2], session_remote[3], session_remote[4], session_remote[5], session_remote[6], session_remote[7]); @@ -111,8 +118,9 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, flow->ovpn_counter++; - if (failed) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENVPN); + if (failed) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } } } diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index 0a12b8676..5fda78672 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -18,11 +18,15 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_ORACLE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ORACLE #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_ORACLE static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -34,11 +38,11 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "search for ORACLE.\n"); + NDPI_LOG_DBG(ndpi_struct, "search ORACLE\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "calculating ORACLE over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating ORACLE over tcp\n"); /* Oracle Database 9g,10g,11g */ if ((dport == 1521 || sport == 1521) && (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00)) @@ -46,17 +50,16 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct && (packet->payload[1] != 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00)))) { - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n"); + NDPI_LOG_INFO(ndpi_struct, "found oracle\n"); ndpi_int_oracle_add_connection(ndpi_struct, flow); } else if (packet->payload_packet_len == 213 && packet->payload[0] == 0x00 && packet->payload[1] == 0xd5 && packet->payload[2] == 0x00 && packet->payload[3] == 0x00 ) { - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n"); + NDPI_LOG_INFO(ndpi_struct, "found oracle\n"); ndpi_int_oracle_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "exclude ORACLE.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index d6ca25cde..6dec353a5 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -22,6 +22,11 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_OSCAR + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OSCAR #include "ndpi_api.h" @@ -69,7 +74,6 @@ #define EMAIL 0x0018 #define IS_EXT 0x0085 -#ifdef NDPI_PROTOCOL_OSCAR static void ndpi_int_oscar_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -146,28 +150,28 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct /* No TLVs */ if(packet->payload_packet_len == 10) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Sign In \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Sign In \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* /\* SCREEN_NAME *\/ */ /* if (get_u_int16_t(packet->payload, 10) == htons(SCREEN_NAME)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x01 *\/ */ /* { */ - /* NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Screen Name \n"); */ + /* NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Screen Name \n"); */ /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */ /* return; */ /* } */ /* /\* PASSWD *\/ */ /* if (get_u_int16_t(packet->payload, 10) == htons(PASSWD)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x02 *\/ */ /* { */ - /* NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Password (roasted) \n"); */ + /* NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Password (roasted) \n"); */ /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */ /* return; */ /* } */ /* CLIENT_NAME */ if (get_u_int16_t(packet->payload, 10) == htons(CLIENT_NAME)) /* packet->payload[10] == 0x00 && packet->payload[11] == 0x03 */ { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Client Name \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Client Name \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -182,7 +186,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x01) || (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x03)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Login \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Login \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -191,35 +195,35 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct /* MAJOR_VERSION */ if (get_u_int16_t(packet->payload, 10) == htons(MAJOR_VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Major_Version \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Major_Version \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* MINOR_VERSION */ if (get_u_int16_t(packet->payload, 10) == htons(MINOR_VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Minor_Version \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Minor_Version \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* POINT_VERSION */ if (get_u_int16_t(packet->payload, 10) == htons(POINT_VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Point_Version \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Point_Version \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* BUILD_NUM */ if (get_u_int16_t(packet->payload, 10) == htons(BUILD_NUM)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Build_Num \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Build_Num \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* CLIENT_RECONNECT */ if (get_u_int16_t(packet->payload, 10) == htons(CLIENT_RECONNECT)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Client_Reconnect \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Client_Reconnect \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -254,7 +258,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct type = 0; if (family == 0 || type == 0) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -565,8 +569,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if(excluded == 1) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "exclude oscar.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* flag */ @@ -581,7 +584,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct req_ID = get_u_int32_t(packet->payload, 12); if((req_ID <= ((u_int32_t)-1))) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -595,7 +598,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct */ if (channel == O_ERROR) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Error frame \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Error frame \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -605,7 +608,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct */ if (channel == SIGNOFF) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Signoff frame \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Signoff frame \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -615,7 +618,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct */ if (channel == KEEP_ALIVE) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Keep Alive frame \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Keep Alive frame \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -628,8 +631,8 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); if (packet->host_line.len >= 18 && packet->host_line.ptr != NULL) { if (memcmp(packet->host_line.ptr, "lifestream.aol.com", 18) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, - "OSCAR over HTTP found, POST method\n"); + NDPI_LOG_INFO(ndpi_struct, + "found OSCAR over HTTP, POST method\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -643,7 +646,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct (memcmp(&packet->payload[5], "aim/gromit/aim_express", 22) == 0) || (memcmp(&packet->payload[5], "b/ss/aolwpaim", 13) == 0) || (memcmp(&packet->payload[5], "hss/storage/aimtmpshare", 23) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR over HTTP found, GET /aim/\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR over HTTP, GET /aim/\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -656,7 +659,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct (memcmp(packet->user_agent_line.ptr, "mobileICQ/", 10) == 0) || (memcmp(packet->user_agent_line.ptr, "AIM%20Free/", NDPI_STATICSTRING_LEN("AIM%20Free/")) == 0) || (memcmp(packet->user_agent_line.ptr, "AIM/", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR over HTTP found\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR over HTTP\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -670,8 +673,8 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct for (i = 0; i < (packet->referer_line.len - 22); i++) { if (packet->referer_line.ptr[i] == 'a') { if (memcmp(&packet->referer_line.ptr[i + 1], "im/gromit/aim_express", 21) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, - "OSCAR over HTTP found : aim/gromit/aim_express\n"); + NDPI_LOG_INFO(ndpi_struct, + "found OSCAR over HTTP : aim/gromit/aim_express\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -682,12 +685,12 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct } if (memcmp(packet->payload, "CONNECT ", 8) == 0) { if (memcmp(packet->payload, "CONNECT login.icq.com:443 HTTP/1.", 33) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR ICQ-HTTP FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR ICQ-HTTP\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } if (memcmp(packet->payload, "CONNECT login.oscar.aol.com:5190 HTTP/1.", 40) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR AIM-HTTP FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR AIM-HTTP\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -697,33 +700,33 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if (packet->payload_packet_len > 43 && memcmp(packet->payload, "GET http://http.proxy.icq.com/hello HTTP/1.", 43) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR ICQ-HTTP PROXY FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR ICQ-HTTP PROXY\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 46 && memcmp(packet->payload, "GET http://aimhttp.oscar.aol.com/hello HTTP/1.", 46) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR AIM-HTTP PROXY FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR AIM-HTTP PROXY\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 5 && get_u_int32_t(packet->payload, 0) == htonl(0x05010003)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "Maybe OSCAR Picturetransfer\n"); + NDPI_LOG_DBG2(ndpi_struct, "Maybe OSCAR Picturetransfer\n"); return; } if (packet->payload_packet_len == 10 && get_u_int32_t(packet->payload, 0) == htonl(0x05000001) && get_u_int32_t(packet->payload, 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "Maybe OSCAR Picturetransfer\n"); + NDPI_LOG_DBG2(ndpi_struct, "Maybe OSCAR Picturetransfer\n"); return; } if (packet->payload_packet_len >= 70 && memcmp(&packet->payload[packet->payload_packet_len - 26], "\x67\x00\x65\x00\x74\x00\x43\x00\x61\x00\x74\x00\x61\x00\x6c\x00\x6f\x00\x67", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR PICTURE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -751,7 +754,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct == 0) )))) { // FILE TRANSFER PATTERN:: OFT3 or OFT2 - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR FILE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR FILE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -759,7 +762,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if (memcmp(packet->payload, "ODC2", 4) == 0 && memcmp(&packet->payload[6], "\x00\x01\x00\x06", 4) == 0) { //PICTURE TRANSFER PATTERN EXMAPLE:: //4f 44 43 32 00 4c 00 01 00 06 00 00 00 00 00 00 ODC2.L.......... - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR PICTURE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -770,7 +773,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct && packet->payload[packet->payload_packet_len - 12] == 'L' && (memcmp(&packet->payload[packet->payload_packet_len - 6], "DEST", 4) == 0) && (memcmp(&packet->payload[packet->payload_packet_len - 2], "\x00\x00", 2) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR PICTURE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); if (ntohs(packet->tcp->dest) == 443 || ntohs(packet->tcp->source) == 443) { flow->oscar_ssl_voice_stage = 1; @@ -787,7 +790,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_OSCAR) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } @@ -795,8 +798,8 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct void ndpi_search_oscar(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search OSCAR\n"); if (packet->tcp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR :: TCP\n"); ndpi_search_oscar_tcp_connect(ndpi_struct, flow); } } diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c index b906e7ed9..e5f292550 100644 --- a/src/lib/protocols/pando.c +++ b/src/lib/protocols/pando.c @@ -23,9 +23,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_PANDO + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PANDO + +#include "ndpi_api.h" + static void ndpi_int_pando_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PANDO, NDPI_PROTOCOL_UNKNOWN); } @@ -35,7 +40,7 @@ static void ndpi_check_pando_tcp(struct ndpi_detection_module_struct *ndpi_struc u_int32_t payload_len = packet->payload_packet_len; if (ndpi_match_strprefix(packet->payload, payload_len, "\x0ePan")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } } @@ -45,11 +50,11 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ + NDPI_LOG_DBG2(ndpi_struct, "PANDO stage %u: \n", flow->pando_stage); if (flow->pando_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage 0: \n"); if ((payload_len >= 4) && (packet->payload[0] == 0x00) && (packet->payload[1] == 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x09)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Possible PANDO request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PANDO request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pando_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -57,7 +62,7 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc } if (ndpi_match_strprefix(packet->payload, payload_len, "UDPA")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Possible PANDO request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PANDO request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pando_stage = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 @@ -65,7 +70,7 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc } if (ndpi_match_strprefix(packet->payload, payload_len, "UDPR") || ndpi_match_strprefix(packet->payload, payload_len, "UDPE")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Possible PANDO request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PANDO request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pando_stage = packet->packet_direction + 5; // packet_direction 0: stage 5, packet_direction 1: stage 6 @@ -73,7 +78,6 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc } } else if ((flow->pando_stage == 1) || (flow->pando_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage %u: \n", flow->pando_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pando_stage - packet->packet_direction) == 1) { @@ -82,15 +86,14 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || ((payload_len >= 4) && (packet->payload[0] == 0x00) && (packet->payload[1] == 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x09))) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PANDO, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0..\n"); flow->pando_stage = 0; } } else if ((flow->pando_stage == 3) || (flow->pando_stage == 4)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage %u: \n", flow->pando_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pando_stage - packet->packet_direction) == 3) { @@ -99,15 +102,14 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || (ndpi_match_strprefix(packet->payload, payload_len, "UDPR") || ndpi_match_strprefix(packet->payload, payload_len, "UDPE"))) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PANDO, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0..\n"); flow->pando_stage = 0; } } else if ((flow->pando_stage == 5) || (flow->pando_stage == 6)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage %u: \n", flow->pando_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pando_stage - packet->packet_direction) == 5) { @@ -116,10 +118,10 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "UDPA")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PANDO, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0\n") flow->pando_stage = 0; } } @@ -128,10 +130,10 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search PANDO\n"); /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PANDO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -144,7 +146,6 @@ void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO detection...\n"); ndpi_check_pando_tcp(ndpi_struct, flow); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PANDO) { diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c index b1e11e0a2..56b68b567 100644 --- a/src/lib/protocols/pcanywhere.c +++ b/src/lib/protocols/pcanywhere.c @@ -23,9 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_PCANYWHERE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PCANYWHERE + +#include "ndpi_api.h" + + static void ndpi_int_pcanywhere_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,19 +43,15 @@ void ndpi_search_pcanywhere(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->udp != NULL && packet->udp->dest == htons(5632) && packet->payload_packet_len == 2 && (memcmp(packet->payload, "NQ", 2) == 0 || memcmp(packet->payload, "ST", 2) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_PCANYWHERE, ndpi_struct, NDPI_LOG_DEBUG, - "PC Anywhere name or status query detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "PC Anywhere name or status query detected\n"); ndpi_int_pcanywhere_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PCANYWHERE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index f1dc352a7..e23d316e4 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_POSTGRES +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_POSTGRES + +#include "ndpi_api.h" + static void ndpi_int_postgres_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -37,10 +42,6 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t size; if (flow->l4.tcp.postgres_stage == 0) { @@ -65,13 +66,13 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct if (flow->l4.tcp.postgres_stage == 2 - packet->packet_direction) { //SSL accepted if (packet->payload_packet_len == 1 && packet->payload[0] == 'S') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "PostgreSQL detected, SSL accepted.\n"); + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, SSL accepted\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } //SSL denied if (packet->payload_packet_len == 1 && packet->payload[0] == 'N') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "PostgreSQL detected, SSL denied.\n"); + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, SSL denied\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } @@ -81,40 +82,40 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct if (packet->payload_packet_len > 8 && ntohl(get_u_int32_t(packet->payload, 5)) < 10 && ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1 && packet->payload[0] == 0x52) { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "PostgreSQL detected, no SSL.\n"); + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, no SSL\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } if (flow->l4.tcp.postgres_stage == 6 && ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1 && packet->payload[0] == 'p') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } if (flow->l4.tcp.postgres_stage == 5 && packet->payload[0] == 'R') { if (ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1) { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } size = (u_int16_t)ntohl(get_u_int32_t(packet->payload, 1)) + 1; if (packet->payload[size - 1] == 'S') { if ((size + get_u_int32_t(packet->payload, (size + 1))) == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } } size += get_u_int32_t(packet->payload, (size + 1)) + 1; if (packet->payload[size - 1] == 'S') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_POSTGRES); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/pplive.c b/src/lib/protocols/pplive.c index 2e4747159..6f874d7b6 100644 --- a/src/lib/protocols/pplive.c +++ b/src/lib/protocols/pplive.c @@ -24,9 +24,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_PPLIVE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPLIVE + +#include "ndpi_api.h" + static void ndpi_int_pplive_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPLIVE, NDPI_PROTOCOL_UNKNOWN); } @@ -37,10 +42,10 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* Check if we so far detected the protocol in the request or not. */ if (flow->pplive_stage1 == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage 0: \n"); if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage1 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -48,7 +53,7 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str } if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x42\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage1 = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 @@ -56,7 +61,7 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str } if (ndpi_match_strprefix(packet->payload, payload_len, "\x1c\x1c\x32\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage1 = packet->packet_direction + 5; // packet_direction 0: stage 5, packet_direction 1: stage 6 @@ -64,7 +69,7 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str } } else if ((flow->pplive_stage1 == 1) || (flow->pplive_stage1 == 2)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage1); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage1 - packet->packet_direction) == 1) { @@ -73,15 +78,15 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x42\x01") || ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage1 = 0; } } else if ((flow->pplive_stage1 == 3) || (flow->pplive_stage1 == 4)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage1); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage1 - packet->packet_direction) == 3) { @@ -90,14 +95,14 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage1 = 0; } } else if ((flow->pplive_stage1 == 5) || (flow->pplive_stage1 == 6)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage1); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage1 - packet->packet_direction) == 5) { @@ -106,10 +111,10 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\x1c\x1c\x32\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage1 = 0; } } @@ -121,19 +126,17 @@ static void ndpi_check_pplive_udp2(struct ndpi_detection_module_struct *ndpi_str u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage2); if (flow->pplive_stage2 == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage 0: \n"); if ((payload_len == 57) && ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage2 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage2); - /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage2 - packet->packet_direction) == 1) { return; @@ -141,10 +144,10 @@ static void ndpi_check_pplive_udp2(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (payload_len == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage2 = 0; } @@ -156,11 +159,11 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ + NDPI_LOG_DBG(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage3); if (flow->pplive_stage3 == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage 0: \n"); if ((payload_len == 94) && (packet->udp->dest == htons(5041) || packet->udp->source == htons(5041) || packet->udp->dest == htons(8303) || packet->udp->source == htons(8303))) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage3 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -168,7 +171,6 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str } } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage3); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage3 - packet->packet_direction) == 1) { @@ -177,10 +179,10 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || (payload_len == 49) ||(payload_len == 94)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage3 = 0; } } @@ -190,10 +192,11 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str void ndpi_search_pplive(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search PPLIVE\n"); + /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude PPLIVE.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPLIVE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -201,7 +204,6 @@ void ndpi_search_pplive(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE detection...\n"); ndpi_check_pplive_udp1(ndpi_struct, flow); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PPLIVE) { diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 04259def9..08d2f8ade 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -20,10 +20,15 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_PPSTREAM +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPSTREAM + +#include "ndpi_api.h" + #define PPS_PORT 17788 @@ -31,6 +36,7 @@ static void ndpi_int_ppstream_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found PPStream over UDP\n"); } @@ -39,6 +45,7 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search PPStream\n"); /** PPS over TCP is detected inside HTTP dissector */ @@ -66,8 +73,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -91,8 +96,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -106,8 +109,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -131,8 +132,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -152,8 +151,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -172,8 +169,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -194,8 +189,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -210,8 +203,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -223,16 +214,13 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over udp.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } } } - /* EXCLUDE PPS */ - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "exclude PPStream.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPSTREAM); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index 393604cbb..9bacdeded 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -22,12 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_PPTP -/* include files */ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPTP -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_PPTP +#include "ndpi_api.h" static void ndpi_int_pptp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -40,9 +41,7 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search pptp\n"); if (packet->payload_packet_len >= 10 && get_u_int16_t(packet->payload, 0) == htons(packet->payload_packet_len) && get_u_int16_t(packet->payload, 2) == htons(0x0001) /* message type: control message */ @@ -50,13 +49,12 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct &&(get_u_int16_t(packet->payload, 8) == htons(0x0001) /* control type: start-control-connection-request */ )) { - NDPI_LOG(NDPI_PROTOCOL_PPTP, ndpi_struct, NDPI_LOG_DEBUG, "found pptp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found pptp\n"); ndpi_int_pptp_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_PPTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude pptp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 0507efa36..7eae869ac 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_QQ + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QQ #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_QQ static void ndpi_int_qq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -243,7 +247,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t no_of_patterns = 12, index = 0; - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "search qq udp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search qq udp\n"); if (flow->qq_stage <= 3) { @@ -273,8 +277,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, } */ flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, - "found qq udp pattern 030001 or 000e35 four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 030001 or 000e35 four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -287,8 +290,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, flow->qq_stage++; // maybe we can test here packet->payload[4] == packet->payload_packet_len if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, - "found qq udp pattern 02 ... 03 four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 ... 03 four times\n"); /* if (packet->payload[0] == 0x04) { ndpi_int_qq_add_connection(ndpi_struct, flow, NDPI_REAL_PROTOCOL); @@ -309,11 +311,11 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, /* if (flow->qq_stage == 3 && flow->packet_direction_counter[0] > 0 && flow->packet_direction_counter[1] > 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq udp pattern four times.\n"); + NDPI_LOG_DBG(ndpi_struct, "found qq udp pattern four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow, NDPI_REAL_PROTOCOL); return; } else */ if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq udp pattern four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -332,7 +334,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, && packet->payload[packet->payload_packet_len - 1] == 0x03) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 04 1159 ... 03 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -345,7 +347,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, || packet->payload[packet->payload_packet_len - 1] == 0x03)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02/06 0100 ... 03/00 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -357,7 +359,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, && ntohs(get_u_int16_t(packet->payload, 1)) == 0x1131 && packet->payload[packet->payload_packet_len - 1] == 0x03) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 1131 ... 03 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -370,7 +372,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, get_u_int16_t(packet->payload, 4) == htons(0x0b0b)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 0203[packet_length_0b0b] three times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -384,7 +386,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, && ntohs(get_u_int16_t(packet->payload, 2)) == packet->payload_packet_len) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 02 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -398,18 +400,18 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, if (ndpi_is_valid_qq_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over udp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq packet stage %d\n", flow->qq_stage); + NDPI_LOG_DBG2(ndpi_struct, "found qq packet stage %d\n", flow->qq_stage); return; } if (ndpi_is_valid_qq_ft_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq ft over udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq ft over udp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -420,8 +422,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "QQ excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -434,22 +435,15 @@ __forceinline static void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - - u_int16_t i = 0; - // u_int16_t a = 0; - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "search qq tcp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search qq tcp\n"); if (packet->payload_packet_len == 39 && get_u_int32_t(packet->payload, 0) == htonl(0x27000000) && get_u_int16_t(packet->payload, 4) == htons(0x0014) && get_u_int32_t(packet->payload, 11) != 0 && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == htons(0x0000)) { if (flow->qq_stage == 4) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp - maybe ft/audio/video.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp - maybe ft/audio/video\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -496,7 +490,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -506,7 +500,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (ndpi_is_valid_qq_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -516,7 +510,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (ndpi_is_valid_qq_ft_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq ft over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq ft over tcp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -537,7 +531,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct && get_u_int16_t(packet->payload, 3) == htons(0x0f5f)))) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq udp pattern 02 ... 03 four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 ... 03 four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -561,7 +555,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[packet->payload_packet_len - 1] == 0x03) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 04 1159 ... 03 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -573,9 +567,9 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (packet->payload_packet_len > 100 && ((memcmp(packet->payload, "GET", 3) == 0) || (memcmp(packet->payload, "POST", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found GET or POST.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found GET or POST\n"); if (memcmp(packet->payload, "GET /qqfile/qq", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp GET /qqfile/qq.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp GET /qqfile/qq\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -583,21 +577,21 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (packet->user_agent_line.ptr != NULL && (packet->user_agent_line.len > 7 && memcmp(packet->user_agent_line.ptr, "QQClient", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp GET...QQClient\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp GET...QQClient\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } for (i = 0; i < packet->parsed_lines; i++) { if (packet->line[i].len > 3 && memcmp(packet->line[i].ptr, "QQ: ", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp GET...QQ: \n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp GET...QQ: \n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } } if (packet->host_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "host line ptr\n"); + NDPI_LOG_DBG2(ndpi_struct, "host line ptr\n"); if (packet->host_line.len > 11 && memcmp(&packet->host_line.ptr[0], "www.qq.co.za", 12) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp Host: www.qq.co.za\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp Host: www.qq.co.za\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -610,7 +604,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct break; } if (i == 81) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq Mail.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq Mail\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -619,18 +613,18 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->qq_stage == 0 && packet->payload_packet_len == 182 && get_u_int32_t(packet->payload, 0) == htonl(0x000000b2) && get_u_int32_t(packet->payload, 4) == htonl(0x01020000) && get_u_int32_t(packet->payload, 8) == htonl(0x04015151) && get_u_int32_t(packet->payload, 12) == htonl(0x4d61696c)) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq Mail.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq Mail\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 204 && flow->qq_stage == 0 && get_u_int32_t(packet->payload, 200) == htonl(0xfbffffff)) { for (i = 0; i < 200; i++) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "i = %u\n", i); + NDPI_LOG_DBG2(ndpi_struct, "i = %u\n", i); if (packet->payload[i] != 0) { break; } if (i == 199) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq chat or file transfer\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq chat or file transfer\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -641,7 +635,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct #endif /* NDPI_PROTOCOL_HTTP */ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "QQ tcp excluded; len %u\n", + NDPI_LOG_DBG(ndpi_struct, "QQ tcp excluded; len %u\n", packet->payload_packet_len); #ifdef NDPI_PROTOCOL_HTTP diff --git a/src/lib/protocols/quake.c b/src/lib/protocols/quake.c index b119ec765..6f00c4296 100644 --- a/src/lib/protocols/quake.c +++ b/src/lib/protocols/quake.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_QUAKE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUAKE #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_QUAKE static void ndpi_int_quake_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,10 +40,9 @@ static void ndpi_int_quake_add_connection(struct ndpi_detection_module_struct void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search Quake\n"); + if ((packet->payload_packet_len == 14 && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getInfo", 7) == 0) || (packet->payload_packet_len == 17 @@ -47,7 +50,7 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct || (packet->payload_packet_len > 20 && packet->payload_packet_len < 30 && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getServers", 10) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake IV detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake IV\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } @@ -55,20 +58,20 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct /* Quake III/Quake Live */ if (packet->payload_packet_len == 15 && get_u_int32_t(packet->payload, 0) == 0xffffffff && memcmp(&packet->payload[4], "getinfo", NDPI_STATICSTRING_LEN("getinfo")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake III Arena/Quake Live detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 16 && get_u_int32_t(packet->payload, 0) == 0xffffffff && memcmp(&packet->payload[4], "getchallenge", NDPI_STATICSTRING_LEN("getchallenge")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake III Arena/Quake Live detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 20 && packet->payload_packet_len < 30 && get_u_int32_t(packet->payload, 0) == 0xffffffff && memcmp(&packet->payload[4], "getservers", NDPI_STATICSTRING_LEN("getservers")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake III Arena/Quake Live detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } @@ -84,8 +87,7 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct Quake Wars ????? */ - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUAKE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 5a7fc70ab..24a2b8f12 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -22,10 +22,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_QUIC +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC + +#include "ndpi_api.h" + static int quic_ports(u_int16_t sport, u_int16_t dport) { if ((sport == 443 || dport == 443 || sport == 80 || dport == 80) && @@ -68,6 +72,8 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, u_int seq_len = quic_len((packet->payload[0] & 0x30) >> 4); u_int quic_hlen = 1 /* flags */ + version_len + seq_len + cid_len; + NDPI_LOG_DBG(ndpi_struct, "search QUIC\n"); + if(packet->udp != NULL && (udp_len > (quic_hlen+4 /* QXXX */)) && ((packet->payload[0] & 0xC2) == 0x00) @@ -78,7 +84,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, if((version_len > 0) && (packet->payload[1+cid_len] != 'Q')) goto no_quic; - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found QUIC.\n"); + NDPI_LOG_INFO(ndpi_struct, "found QUIC\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN); if(packet->payload[quic_hlen+12] != 0xA0) @@ -126,8 +132,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, } no_quic: - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude QUIC.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* ***************************************************************** */ diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index 308049522..e0eb2657b 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RADIUS + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RADIUS #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RADIUS struct radius_header { u_int8_t code; @@ -42,13 +46,12 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, && (h->code > 0) && (h->code <= 5) && (ntohs(h->len) == payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "Found radius.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found radius\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_PROTOCOL_UNKNOWN); return; } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RADIUS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } @@ -57,7 +60,7 @@ void ndpi_search_radius(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "radius detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search radius\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_RADIUS) diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index ee3dd3ca6..9ce692893 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_RDP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RDP + +#include "ndpi_api.h" + static void ndpi_int_rdp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,8 +41,7 @@ void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search RDP\n"); if (packet->payload_packet_len > 10 && get_u_int8_t(packet->payload, 0) > 0 @@ -45,12 +49,12 @@ void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && get_u_int8_t(packet->payload, 4) == packet->payload_packet_len - 5 && get_u_int8_t(packet->payload, 5) == 0xe0 && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == 0 && get_u_int8_t(packet->payload, 10) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RDP, ndpi_struct, NDPI_LOG_DEBUG, "RDP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found RDP\n"); ndpi_int_rdp_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RDP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 4a9eeec46..4b51908fd 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_REDIS + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_REDIS #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_REDIS static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_REDIS, NDPI_PROTOCOL_UNKNOWN); @@ -36,8 +40,7 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -66,11 +69,10 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s && ((flow->redis_d2s_first_char == '+') || (flow->redis_d2s_first_char == ':'))) || ((flow->redis_d2s_first_char == '*') && ((flow->redis_s2d_first_char == '+') || (flow->redis_s2d_first_char == ':')))) { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Found Redis.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Redis\n"); ndpi_int_redis_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } else return; /* Too early */ @@ -79,7 +81,7 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Redis detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search Redis\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_REDIS) { diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 2b85da72b..157b2e0e0 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -19,10 +19,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RSYNC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RSYNC #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RSYNC static void ndpi_int_rsync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -33,10 +37,10 @@ void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "search for RSYNC.\n"); + NDPI_LOG_DBG(ndpi_struct, "search RSYNC\n"); if(packet->tcp) { - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "calculating RSYNC over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating RSYNC over tcp\n"); /* * Should match: memcmp(packet->payload, "@RSYNCD: 28", 14) == 0) */ @@ -45,12 +49,11 @@ void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct packet->payload[3] == 0x59 && packet->payload[4] == 0x4e && packet->payload[5] == 0x43 && packet->payload[6] == 0x44 && packet->payload[7] == 0x3a ) { - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "found rsync.\n"); + NDPI_LOG_INFO(ndpi_struct, "found rsync\n"); ndpi_int_rsync_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude RSYNC.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index cc6265220..b924b476d 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -4,11 +4,14 @@ * Copyright (C) 2013 Remy Mudingay * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_RTCP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTCP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RTCP static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -20,18 +23,18 @@ void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "search for RTCP.\n"); + NDPI_LOG_DBG(ndpi_struct, "search RTCP\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over tcp\n"); if(packet->payload_packet_len > 13 && (sport == 554 || dport == 554) && packet->payload[0] == 0x00 && packet->payload[1] == 0x00 && packet->payload[2] == 0x01 && packet->payload[3] == 0x01 && packet->payload[4] == 0x08 && packet->payload[5] == 0x0a && packet->payload[6] == 0x00 && packet->payload[7] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found rtcp\n"); ndpi_int_rtcp_add_connection(ndpi_struct, flow); } } else if(packet->udp != NULL) { @@ -48,20 +51,19 @@ void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct n offset += rtcp_section_len; } - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); /* TODO changed a pair of length condition to the && from ||. Is it correct? */ if(((packet->payload_packet_len >= 28 && packet->payload_packet_len <= 1200) && ((packet->payload[0] == 0x80) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00))) || (packet->payload_packet_len >= 3 && ((packet->payload[0] == 0x81) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00)))) { - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found rtcp\n"); ndpi_int_rtcp_add_connection(ndpi_struct, flow); } } else { exclude_rtcp: - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude RTCP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index b6d7db2f1..52492a290 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -23,10 +23,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RTMP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTMP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RTMP static void ndpi_int_rtmp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTMP, NDPI_PROTOCOL_UNKNOWN); @@ -39,24 +43,23 @@ static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, st /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude RTMP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTMP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->rtmp_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "RTMP stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "RTMP stage 0: \n"); if ((payload_len >= 4) && ((packet->payload[0] == 0x03) || (packet->payload[0] == 0x06))) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "Possible RTMP request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible RTMP request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->rtmp_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "RTMP stage %u: \n", flow->rtmp_stage); + NDPI_LOG_DBG2(ndpi_struct, "RTMP stage %u: \n", flow->rtmp_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->rtmp_stage - packet->packet_direction) == 1) { @@ -65,10 +68,10 @@ static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, st /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len >= 4) && ((packet->payload[0] == 0x03) || (packet->payload[0] == 0x06) || (packet->payload[0] == 0x08) || (packet->payload[0] == 0x09) || (packet->payload[0] == 0x0a))) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "Found RTMP.\n"); + NDPI_LOG_INFO(ndpi_struct, "found RTMP\n"); ndpi_int_rtmp_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to RTMP, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to RTMP, resetting the stage to 0\n"); flow->rtmp_stage = 0; } @@ -79,7 +82,7 @@ void ndpi_search_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "RTMP detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search RTMP\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_RTMP) { diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..3acf71b61 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RTP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RTP /* http://www.myskypelab.com/2014/05/microsoft-lync-wireshark-plugin.html */ @@ -73,6 +77,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_len) { + NDPI_LOG_DBG(ndpi_struct, "search RTP\n"); if (payload_len < 2) return; //struct ndpi_packet_struct *packet = &flow->packet; @@ -89,24 +94,25 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, ) && (*ssid != 0) ) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found RTP.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN); return; } else if((payload_len >= 12) && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && (payloadType = isValidMSRTPType(payload[1] & 0xFF))) { if(payloadType == 1 /* RTP */) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype for Business (former MS Lync)\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Skype for Business (former MS Lync)\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); + return; } else /* RTCP */ { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found MS RTCP\n"); + NDPI_LOG_INFO(ndpi_struct, "Found MS RTCP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN); + return; } } /* No luck this time */ - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -155,7 +161,7 @@ void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow u_int8_t direction, u_int16_t seq, u_int8_t include_current_packet) { flow->rtp_seqnum[direction] = seq; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u\n", direction, seq); + NDPI_LOG_DBG(ndpi_struct, "rtp_seqnum[%u] = %u\n", direction, seq); } /* returns difference between old and new highest sequence number */ @@ -173,11 +179,11 @@ u_int16_t update_seq(struct ndpi_detection_module_struct *ndpi_struct, struct nd if (delta < RTP_MAX_OUT_OF_ORDER) { /* in order, with permissible gap */ flow->rtp_seqnum[direction] = seq; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u (increased by %u)\n", + NDPI_LOG_DBG(ndpi_struct, "rtp_seqnum[%u] = %u (increased by %u)\n", direction, seq, delta); return delta; } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission (dir %u, seqnum %u)\n", + NDPI_LOG_DBG(ndpi_struct, "retransmission (dir %u, seqnum %u)\n", direction, seq); return 0; } @@ -192,55 +198,54 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t stage; u_int16_t seqnum = ntohs(get_u_int16_t(payload, 2)); - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "search rtp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search rtp\n"); if (payload_len == 4 && get_u_int32_t(packet->payload, 0) == 0 && flow->packet_counter < 8) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, maybe ClearSea out calls.\n"); + NDPI_LOG_DBG(ndpi_struct, "need next packet, maybe ClearSea out calls\n"); return; } if (payload_len == 5 && memcmp(payload, "hello", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "need next packet, initial hello packet of SIP out calls.\n"); return; } if (payload_len == 1 && payload[0] == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "need next packet, payload_packet_len == 1 && payload[0] == 0.\n"); return; } if (payload_len == 3 && memcmp(payload, "png", 3) == 0) { /* weird packet found in Ninja GlobalIP trace */ - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 3 and png payload.\n"); + NDPI_LOG_DBG(ndpi_struct, "skipping packet with len = 3 and png payload\n"); return; } if (payload_len < 12) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "minimal packet size for rtp packets: 12.\n"); + NDPI_LOG_DBG(ndpi_struct, "minimal packet size for rtp packets: 12\n"); goto exclude_rtp; } if (payload_len == 12 && get_u_int32_t(payload, 0) == 0 && get_u_int32_t(payload, 4) == 0 && get_u_int32_t(payload, 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 12 and only 0-bytes.\n"); + NDPI_LOG_DBG(ndpi_struct, "skipping packet with len = 12 and only 0-bytes\n"); return; } if ((payload[0] & 0xc0) == 0xc0 || (payload[0] & 0xc0) == 0x40 || (payload[0] & 0xc0) == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "version = 3 || 1 || 0, maybe first rtp packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "version = 3 || 1 || 0, maybe first rtp packet\n"); return; } if ((payload[0] & 0xc0) != 0x80) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "rtp version must be 2, first two bits of a packets must be 10.\n"); + NDPI_LOG_DBG(ndpi_struct, "rtp version must be 2, first two bits of a packets must be 10\n"); goto exclude_rtp; } /* rtp_payload_type are the last seven bits of the second byte */ if (flow->rtp_payload_type[packet->packet_direction] != (payload[1] & 0x7F)) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "payload_type has changed, reset stages.\n"); + NDPI_LOG_DBG(ndpi_struct, "payload_type has changed, reset stages\n"); packet->packet_direction == 0 ? (flow->rtp_stage1 = 0) : (flow->rtp_stage2 = 0); } /* first bit of first byte is not part of payload_type */ @@ -249,51 +254,48 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, stage = (packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); if (stage > 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "stage = %u.\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); + NDPI_LOG_DBG(ndpi_struct, "stage = %u\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); if (flow->rtp_ssid[packet->packet_direction] != get_u_int32_t(payload, 8)) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "ssid has changed, goto exclude rtp.\n"); + NDPI_LOG_DBG(ndpi_struct, "ssid has changed, goto exclude rtp\n"); goto exclude_rtp; } if (seqnum == flow->rtp_seqnum[packet->packet_direction]) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe \"retransmission\", need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "maybe \"retransmission\", need next packet\n"); return; } else if ((u_int16_t) (seqnum - flow->rtp_seqnum[packet->packet_direction]) < RTP_MAX_OUT_OF_ORDER) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "new packet has larger sequence number (within valid range)\n"); update_seq(ndpi_struct, flow, packet->packet_direction, seqnum); } else if ((u_int16_t) (flow->rtp_seqnum[packet->packet_direction] - seqnum) < RTP_MAX_OUT_OF_ORDER) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "new packet has smaller sequence number (within valid range)\n"); init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1); } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "sequence number diff is too big, goto exclude rtp.\n"); goto exclude_rtp; } } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "rtp_ssid[%u] = %u.\n", packet->packet_direction, + NDPI_LOG_DBG(ndpi_struct, "rtp_ssid[%u] = %u\n", packet->packet_direction, flow->rtp_ssid[packet->packet_direction]); flow->rtp_ssid[packet->packet_direction] = get_u_int32_t(payload, 8); if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter < 3, need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "packet_counter < 3, need next packet\n"); } init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1); } if (seqnum <= 3) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "sequence_number = %u, too small, need next packet, return.\n", seqnum); + NDPI_LOG_DBG(ndpi_struct, "sequence_number = %u, too small, need next packet, return\n", seqnum); return; } if (stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "add connection I.\n"); + NDPI_LOG_DBG(ndpi_struct, "add connection I\n"); ndpi_int_rtp_add_connection(ndpi_struct, flow); } else { packet->packet_direction == 0 ? flow->rtp_stage1++ : flow->rtp_stage2++; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "stage[%u]++; need next packet.\n", + NDPI_LOG_DBG(ndpi_struct, "stage[%u]++; need next packet\n", packet->packet_direction); } return; @@ -302,12 +304,11 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, #ifdef NDPI_PROTOCOL_STUN if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN || /* packet->real_protocol_read_only == NDPI_PROTOCOL_STUN */) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN: is detected, need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "STUN: is detected, need next packet\n"); return; } #endif /* NDPI_PROTOCOL_STUN */ - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -325,7 +326,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[0] == 0x90 && packet->payload[1] >= 0x01 && packet->payload[1] <= 0x07) { if (flow->packet_counter == 2) flow->l4.tcp.rtp_special_packets_seen = 1; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n"); return; } @@ -366,14 +367,12 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd } if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_STUN)) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN not yet excluded, need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "STUN not yet excluded, need next packet\n"); } #else - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); #endif } } diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 0f4a71e52..e20c53065 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -22,19 +22,20 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_RTSP -#ifndef NDPI_PROTOCOL_RTP -#error RTSP requires RTP detection to work correctly -#endif -#ifndef NDPI_PROTOCOL_RTSP -#error RTSP requires RTSP detection to work correctly -#endif -#ifndef NDPI_PROTOCOL_RDP -#error RTSP requires RDP detection to work correctly -#endif + #ifndef NDPI_PROTOCOL_RTP + #error RTSP requires RTP detection to work correctly + #endif + #ifndef NDPI_PROTOCOL_RDP + #error RTSP requires RDP detection to work correctly + #endif + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTSP + +#include "ndpi_api.h" + static void ndpi_int_rtsp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -52,7 +53,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "RTSP detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); if (flow->rtsprdt_stage == 0 #ifdef NDPI_PROTOCOL_RTCP @@ -60,13 +61,13 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct #endif ) { flow->rtsprdt_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "maybe handshake 1; need next packet, return.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 1; need next packet, return\n"); return; } if (flow->packet_counter < 3 && flow->rtsprdt_stage == 1 + packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "maybe handshake 2; need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 2; need next packet\n"); return; } @@ -80,20 +81,20 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct // RTSP Server Message if((memcmp(packet->payload, "RTSP/1.0 ", 9) == 0) || (strstr(buf, "rtsp://") != NULL)) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "found RTSP/1.0 .\n"); + NDPI_LOG_DBG2(ndpi_struct, "found RTSP/1.0 \n"); if (dst != NULL) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "found dst.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found dst\n"); ndpi_packet_src_ip_get(packet, &dst->rtsp_ip_address); dst->rtsp_timer = packet->tick_timestamp; dst->rtsp_ts_set = 1; } if (src != NULL) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "found src.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found src\n"); ndpi_packet_dst_ip_get(packet, &src->rtsp_ip_address); src->rtsp_timer = packet->tick_timestamp; src->rtsp_ts_set = 1; } - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "RTSP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found RTSP\n"); flow->rtsp_control_flow = 1; ndpi_int_rtsp_add_connection(ndpi_struct, flow); return; @@ -105,14 +106,13 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct || (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP) == 0) #endif )) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe RTSP RTP, RTSP RTCP, RDT; need next packet.\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "didn't find handshake, exclude.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTSP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index b206ff5aa..c61f0a9ad 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -22,11 +22,15 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_api.h" #ifdef NDPI_PROTOCOL_RX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RX + +#include "ndpi_api.h" + /* See http://web.mit.edu/kolya/afs/rx/rx-spec for protocol description. */ /* The should be no need for explicit packing, but just in case... */ @@ -79,13 +83,12 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "RX: pck: %d, dir[0]: %d, dir[1]: %d\n", + NDPI_LOG_DBG2(ndpi_struct, "RX: pck: %d, dir[0]: %d, dir[1]: %d\n", flow->packet_counter, flow->packet_direction_counter[0], flow->packet_direction_counter[1]); /* Check that packet is long enough */ if (payload_len < sizeof(struct ndpi_rx_header)) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -108,8 +111,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, /* TYPE field */ if((header->type < DATA) || (header->type > VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -157,13 +159,11 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, case VERSION: goto security; default: - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // switch } else { // FLAG - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -171,8 +171,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, /* SECURITY field */ if(header->security > 3) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -184,21 +183,20 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, if (flow->l4.udp.rx_conn_epoch == header->conn_epoch && flow->l4.udp.rx_conn_id == header->conn_id) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "found RX\n"); + NDPI_LOG_INFO(ndpi_struct, "found RX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN); } /* https://www.central.org/frameless/numbers/rxservice.html. */ else { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } else { flow->l4.udp.rx_conn_epoch = header->conn_epoch; flow->l4.udp.rx_conn_id = header->conn_id; { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "found RX\n"); + NDPI_LOG_INFO(ndpi_struct, "found RX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN); } } @@ -209,7 +207,7 @@ void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "entering RX search\n"); + NDPI_LOG_DBG(ndpi_struct, "search RX\n"); if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_RX) { ndpi_check_rx(ndpi_struct, flow); } diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 45ccb650a..75b631abc 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -18,35 +18,35 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SFLOW -static void ndpi_check_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SFLOW + +#include "ndpi_api.h" + +void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; + NDPI_LOG_DBG(ndpi_struct, "search sflow\n"); + if((packet->udp != NULL) && (payload_len >= 24) /* Version */ && (packet->payload[0] == 0) && (packet->payload[1] == 0) && (packet->payload[2] == 0) && ((packet->payload[3] == 2) || (packet->payload[3] == 5))) { - NDPI_LOG(NDPI_PROTOCOL_SFLOW, ndpi_struct, NDPI_LOG_DEBUG, "Found sflow.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sflow\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SFLOW, NDPI_PROTOCOL_UNKNOWN); return; } -} -void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - NDPI_LOG(NDPI_PROTOCOL_SFLOW, ndpi_struct, NDPI_LOG_DEBUG, "sflow detection...\n"); - ndpi_check_sflow(ndpi_struct, flow); +// FIXME NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } - void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("sFlow", ndpi_struct, detection_bitmask, *id, diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index 9ef6c37e8..2115c574f 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SHOUTCAST +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SHOUTCAST + +#include "ndpi_api.h" + static void ndpi_int_shoutcast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -39,13 +42,13 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "search shoutcast.\n"); + NDPI_LOG_DBG(ndpi_struct, "search shoutcast\n"); if (flow->packet_counter == 1) { /* this case in paul_upload_oddcast_002.pcap */ if (packet->payload_packet_len >= 6 && packet->payload_packet_len < 80 && memcmp(packet->payload, "123456", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 1, \"123456\".\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 1, \"123456\"\n"); return; } if (flow->packet_counter < 3 @@ -53,11 +56,11 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP #endif ) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "http detected, need next packet for shoutcast detection.\n"); if (packet->payload_packet_len > 4 && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) != htonl(0x0d0a0d0a)) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "segmented packet found.\n"); + NDPI_LOG_DBG2(ndpi_struct, "segmented packet found\n"); flow->l4.tcp.shoutcast_stage = 1 + packet->packet_direction; } return; @@ -70,7 +73,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct } /* evtl. für asym detection noch User-Agent:Winamp dazunehmen. */ if (packet->payload_packet_len > 11 && memcmp(packet->payload, "ICY 200 OK\x0d\x0a", 12) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "found shoutcast by ICY 200 OK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found shoutcast by ICY 200 OK\n"); ndpi_int_shoutcast_add_connection(ndpi_struct, flow); return; } @@ -81,19 +84,19 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct if (flow->packet_counter == 2) { if (packet->payload_packet_len == 2 && memcmp(packet->payload, "\x0d\x0a", 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 1 continuation.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 1 continuation\n"); return; } else if (packet->payload_packet_len > 3 && memcmp(&packet->payload[0], "OK2", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 2, OK2 found.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 2, OK2 found\n"); return; } else goto exclude_shoutcast; } else if (flow->packet_counter == 3 || flow->packet_counter == 4) { if (packet->payload_packet_len > 3 && memcmp(&packet->payload[0], "OK2", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 2, OK2 found.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 2, OK2 found\n"); return; } else if (packet->payload_packet_len > 4 && memcmp(&packet->payload[0], "icy-", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Shoutcast\n"); ndpi_int_shoutcast_add_connection(ndpi_struct, flow); return; } else @@ -101,8 +104,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct } exclude_shoutcast: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SHOUTCAST); - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast excluded.\n"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 94386d61e..44d2a12fe 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_SIP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SIP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SIP static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -41,18 +45,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if (payload_len > 4) { /* search for STUN Turn ChannelData Prefix */ u_int16_t message_len = ntohs(get_u_int16_t(packet->payload, 2)); if (payload_len - 4 == message_len) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found STUN TURN ChannelData prefix.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found STUN TURN ChannelData prefix\n"); payload_len -= 4; packet_payload += 4; } @@ -68,7 +68,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if ((memcmp(packet_payload, "NOTIFY ", 7) == 0 || memcmp(packet_payload, "notify ", 7) == 0) && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip NOTIFY.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip NOTIFY\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -76,14 +76,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if ((memcmp(packet_payload, "REGISTER ", 9) == 0 || memcmp(packet_payload, "register ", 9) == 0) && (memcmp(&packet_payload[9], "SIP:", 4) == 0 || memcmp(&packet_payload[9], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip REGISTER.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip REGISTER\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "INVITE ", 7) == 0 || memcmp(packet_payload, "invite ", 7) == 0) && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip INVITE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip INVITE\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -95,34 +95,34 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct /* if (memcmp(packet_payload, "SIP/2.0 200 OK", 14) == 0 || memcmp(packet_payload, "sip/2.0 200 OK", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 0K.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip SIP/2.0 0K\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } */ if (memcmp(packet_payload, "SIP/2.0 ", 8) == 0 || memcmp(packet_payload, "sip/2.0 ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 *.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip SIP/2.0 *\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "BYE ", 4) == 0 || memcmp(packet_payload, "bye ", 4) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip BYE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip BYE\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "ACK ", 4) == 0 || memcmp(packet_payload, "ack ", 4) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip ACK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip ACK\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip CANCEL\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -132,7 +132,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct || memcmp(packet_payload, "options ", 8) == 0) && (memcmp(&packet_payload[8], "SIP:", 4) == 0 || memcmp(&packet_payload[8], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip OPTIONS.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip OPTIONS\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -141,19 +141,19 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct /* add bitmask for tcp only, some stupid udp programs * send a very few (< 10 ) packets before invite (mostly a 0x0a0x0d, but just search the first 3 payload_packets here */ if (packet->udp != NULL && flow->packet_counter < 20) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } #ifdef NDPI_PROTOCOL_STUN /* for STUN flows we need some more packets */ if (packet->udp != NULL && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN && flow->packet_counter < 40) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "need next STUN packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next STUN packet\n"); return; } #endif if (payload_len == 4 && get_u_int32_t(packet_payload, 0) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "maybe sip. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe sip. need next packet\n"); return; } #ifdef NDPI_PROTOCOL_YAHOO @@ -161,27 +161,21 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct && packet_payload[3] == payload_len - 20 && get_u_int32_t(packet_payload, 4) == 0 && get_u_int32_t(packet_payload, 8) == 0) { flow->sip_yahoo_voice = 1; - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "maybe sip yahoo. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe sip yahoo. need next packet\n"); } if (flow->sip_yahoo_voice && flow->packet_counter < 10) { return; } #endif - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "exclude sip.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SIP); - return; - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_flow_struct *flow = ndpi_struct->flow; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "sip detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search sip\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SIP) { diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index a31d8cc86..0acebf271 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -17,12 +17,15 @@ * If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_SKINNY + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKINNY #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SKINNY static void ndpi_int_skinny_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -38,26 +41,25 @@ void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct const char keypadmsg_8_bytes[8] = { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; const char selectmsg_8_bytes[8] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "search for SKINNY.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for SKINNY\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "calculating SKINNY over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating SKINNY over tcp\n"); if (dport == 2000 && ((packet->payload_packet_len == 24 && memcmp(&packet->payload[0], keypadmsg_8_bytes, 8) == 0) || ((packet->payload_packet_len == 64) && memcmp(&packet->payload[0], pattern_8_bytes, 8) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skinny\n"); ndpi_int_skinny_add_connection(ndpi_struct, flow); } else if (sport == 2000 && ((packet->payload_packet_len == 28 && memcmp(&packet->payload[0], selectmsg_8_bytes, 8) == 0 ) || (packet->payload_packet_len == 44 && memcmp(&packet->payload[0], pattern_9_bytes, 9) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skinny\n"); ndpi_int_skinny_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "exclude SKINNY.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 19de3c437..ea571961f 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -17,10 +17,15 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SKYPE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKYPE + +#include "ndpi_api.h" + + static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -44,13 +49,13 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ && (packet->payload[2] == 0x02))) { - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } } return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; // TCP check @@ -69,15 +74,16 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // printf("[SKYPE] payload_len=%u\n", payload_len); /* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */ - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } else { // printf("NO [SKYPE] payload_len=%u\n", payload_len); } /* printf("[SKYPE] [id: %u][len: %d]\n", flow->l4.tcp.skype_packet_id, payload_len); */ - } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } return; } @@ -87,7 +93,7 @@ void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "skype detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search skype\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SKYPE) diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 051aee635..6ac7e282a 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -20,33 +20,37 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SMB +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB + +#include "ndpi_api.h" + void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search SMB\n"); + /* Check connection over TCP */ if(packet->tcp) { - NDPI_LOG(NDPI_PROTOCOL_SMB, ndpi_struct, NDPI_LOG_DEBUG, "search SMB.\n"); if(packet->tcp->dest == htons(445) && packet->payload_packet_len > (32 + 4 + 4) && (packet->payload_packet_len - 4) == ntohl(get_u_int32_t(packet->payload, 0)) && get_u_int32_t(packet->payload, 4) == htonl(0xff534d42)) { - NDPI_LOG(NDPI_PROTOCOL_SMB, ndpi_struct, NDPI_LOG_DEBUG, "found SMB.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SMB\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMB, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_SMB, ndpi_struct, NDPI_LOG_DEBUG, "exclude SMB.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMB); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 3185cbf44..1bd2a870b 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -20,10 +20,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SMPP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMPP + +#include "ndpi_api.h" + static void ndpi_int_smpp_add_connection(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) @@ -39,28 +43,24 @@ static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_l void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP protocol detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search SMPP\n"); if (flow->packet.detected_protocol_stack[0] != NDPI_PROTOCOL_SMPP){ struct ndpi_packet_struct* packet = &flow->packet; // min SMPP packet length = 16 bytes if (packet->payload_packet_len < 16) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // get PDU length u_int32_t pdu_l = ntohl(get_u_int32_t(packet->payload, 0)); - NDPI_LOG(NDPI_PROTOCOL_SMPP, - ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "calculated PDU Length: %d, received PDU Length: %d\n", pdu_l, packet->payload_packet_len); // if PDU size was invalid, try the following TCP segments, 3 attempts max if(flow->packet_counter > 3) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // verify PDU length @@ -81,9 +81,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, ++pdu_c; } - NDPI_LOG(NDPI_PROTOCOL_SMPP, - ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "multiple PDUs included, calculated total PDU Length: %d, PDU count: %d, TCP payload length: %d\n", total_pdu_l, pdu_c, packet->payload_packet_len); @@ -98,8 +96,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, u_int32_t pdu_type = ntohl(get_u_int32_t(packet->payload, 4)); // first byte of PDU type is either 0x00 of 0x80 if(!(packet->payload[4] == 0x00 || packet->payload[4] == 0x80)) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // remove 0x80, get request type pdu @@ -110,9 +107,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, pdu_req == 0x00000021 || pdu_req == 0x00000102 || pdu_req == 0x00000103)){ - NDPI_LOG(NDPI_PROTOCOL_SMPP, - ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "PDU type: %x, Request PDU type = %x\n", pdu_type, pdu_req); @@ -300,15 +295,13 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, // if extra checks passed, set as identified if(extra_passed) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP identified...\n"); + NDPI_LOG_INFO(ndpi_struct, "found SMPP\n"); ndpi_int_smpp_add_connection(ndpi_struct, flow); return; } } - // exclude - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c index 71de7589b..6a2f2624f 100644 --- a/src/lib/protocols/snmp.c +++ b/src/lib/protocols/snmp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SNMP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP + +#include "ndpi_api.h" + static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -35,10 +39,9 @@ static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search SNMP\n"); + if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) { int offset; u_int16_t u16; @@ -52,7 +55,7 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n break; default: if (packet->payload[1] > 0x82) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, second byte is > 0x82\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, second byte is > 0x82\n"); goto excl; } offset = 2; @@ -61,22 +64,22 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n u16 = ntohs(get_u_int16_t(packet->payload, offset)); if((u16 != 0x0201) && (u16 != 0x0204)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); goto excl; } if (packet->payload[offset + 2] >= 0x04) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, version > 3\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, version > 3\n"); goto excl; } if (flow->l4.udp.snmp_stage == 0) { if (packet->udp->dest == htons(161) || packet->udp->dest == htons(162)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP detected due to port.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SNMP by port\n"); ndpi_int_snmp_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP stage 0.\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 0\n"); if (packet->payload[offset + 2] == 3) { flow->l4.udp.snmp_msg_id = ntohs(get_u_int32_t(packet->payload, offset + 8)); } else if (packet->payload[offset + 2] == 0) { @@ -89,41 +92,39 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n } else if (flow->l4.udp.snmp_stage == 1 + packet->packet_direction) { if (packet->payload[offset + 2] == 0) { if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15) - 1) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v1 excluded, message ID doesn't match\n"); goto excl; } } } else if (flow->l4.udp.snmp_stage == 2 - packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP stage 1-2.\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 1-2\n"); if (packet->payload[offset + 2] == 3) { if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int32_t(packet->payload, offset + 8))) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v3 excluded, message ID doesn't match\n"); goto excl; } } else if (packet->payload[offset + 2] == 0) { if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v1 excluded, message ID doesn't match\n"); goto excl; } } else { if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int16_t(packet->payload, offset + 15))) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v2 excluded, message ID doesn't match\n"); goto excl; } } - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SNMP\n"); ndpi_int_snmp_add_connection(ndpi_struct, flow); return; } - } else { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded.\n"); } excl: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SNMP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 67cfab8b4..32c83934a 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -23,11 +23,14 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_SOCKS + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCKS #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SOCKS static void ndpi_int_socks_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS, NDPI_PROTOCOL_UNKNOWN); @@ -40,25 +43,24 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS4.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if(flow->socks4_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS4 stage 0: \n"); if(payload_len >= 9 && packet->payload[0] == 0x04 && (packet->payload[1] == 0x01 || packet->payload[1] == 0x02) && packet->payload[payload_len - 1] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS4 request detected, we will look further for the response\n"); /* TODO: check port and ip address is valid */ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks4_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS4 stage %u: \n", flow->socks4_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if((flow->socks4_stage - packet->packet_direction) == 1) { @@ -66,10 +68,10 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, } /* This is a packet in another direction. Check if we find the proper response. */ if(payload_len == 8 && packet->payload[0] == 0x00 && packet->payload[1] >= 0x5a && packet->payload[1] <= 0x5d) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SOCKS4\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to SOCKS4, resetting the stage to 0\n"); flow->socks4_stage = 0; } } @@ -82,24 +84,23 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS5.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if(flow->socks5_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage 0: \n"); if((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS5 request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS5 request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks5_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage %u: \n", flow->socks5_stage); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage %u: \n", flow->socks5_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if((flow->socks5_stage - packet->packet_direction) == 1) { @@ -108,10 +109,10 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, /* This is a packet in another direction. Check if we find the proper response. */ if((payload_len == 0) || ((payload_len == 2) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x00))) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS5.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SOCKS5\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS5, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to SOCKS5, resetting the stage to 0\n"); flow->socks5_stage = 0; } @@ -122,7 +123,7 @@ void ndpi_search_socks(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search SOCKS\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS) { diff --git a/src/lib/protocols/socrates.c b/src/lib/protocols/socrates.c index 58a9b01ba..2dfad068d 100644 --- a/src/lib/protocols/socrates.c +++ b/src/lib/protocols/socrates.c @@ -23,9 +23,13 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_SOCRATES +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCRATES + +#include "ndpi_api.h" static void ndpi_socrates_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -38,20 +42,16 @@ void ndpi_search_socrates(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - + NDPI_LOG_DBG(ndpi_struct, "search socrates\n"); - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "search socrates.\n"); if (packet->udp != NULL) { if (packet->payload_packet_len > 9 && packet->payload[0] == 0xfe && packet->payload[packet->payload_packet_len - 1] == 0x05) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found fe.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found fe\n"); - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "len match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "len match\n"); if (memcmp(&packet->payload[2], "socrates", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found socrates udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found socrates udp\n"); ndpi_socrates_add_connection(ndpi_struct, flow); } @@ -59,19 +59,18 @@ void ndpi_search_socrates(struct ndpi_detection_module_struct } else if (packet->tcp != NULL) { if (packet->payload_packet_len > 13 && packet->payload[0] == 0xfe && packet->payload[packet->payload_packet_len - 1] == 0x05) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found fe.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found fe\n"); if (packet->payload_packet_len == ntohl(get_u_int32_t(packet->payload, 2))) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "len match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "len match\n"); if (memcmp(&packet->payload[6], "socrates", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found socrates tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found socrates tcp\n"); ndpi_socrates_add_connection(ndpi_struct, flow); } } } } - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "exclude socrates.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCRATES); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 93dfa50ae..604022714 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -21,9 +21,14 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_SOMEIP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOMEIP + +#include "ndpi_api.h" + enum SOMEIP_MESSAGE_TYPES { SOMEIP_REQUEST = 0x00, SOMEIP_REQUEST_NO_RETURN = 0x01, @@ -81,7 +86,7 @@ static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SOME/IP\n"); } /** @@ -101,7 +106,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + NDPI_LOG_DBG(ndpi_struct, "search SOME/IP\n"); + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } @@ -110,23 +116,28 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", + NDPI_LOG_DBG2(ndpi_struct, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); - + if (packet->payload_packet_len < 16) { + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. mandatory header not found\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### // we extract the remaining length u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); if (packet->payload_packet_len != (someip_len + 8)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); if (protocol_version != LEGAL_PROTOCOL_VERSION){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } @@ -134,20 +145,20 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t interface_version = (packet->payload[13]); u_int8_t message_type = (u_int8_t) (packet->payload[14]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> SOME/IP message type: [%d]\n",message_type); if ((message_type != SOMEIP_REQUEST) && (message_type != SOMEIP_REQUEST_NO_RETURN) && (message_type != SOMEIP_NOTIFICATION) && (message_type != SOMEIP_REQUEST_ACK) && (message_type != SOMEIP_REQUEST_NO_RETURN_ACK) && (message_type != SOMEIP_NOTIFICATION_ACK) && (message_type != SOMEIP_RESPONSE) && (message_type != SOMEIP_ERROR) && (message_type != SOMEIP_RESPONSE_ACK) && (message_type != SOMEIP_ERROR_ACK)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. invalid message type!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } u_int8_t return_code = (u_int8_t) (packet->payload[15]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> SOME/IP return code: [%d]\n", return_code); if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } @@ -155,12 +166,12 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); + NDPI_LOG_DBG2(ndpi_struct, "found SOME/IP Magic Cookie 0x%x\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP, invalid header for Magic Cookie\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } @@ -169,19 +180,19 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if (message_id == MSG_MAGIC_COOKIE_ACK){ if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); + NDPI_LOG_DBG2(ndpi_struct, "found SOME/IP Magic Cookie ACK 0x%x\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } } if (message_id == MSG_SD){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); + NDPI_LOG_DBG2(ndpi_struct, "SOME/IP-SD currently not supported\n", message_type); } //Filtering by port. @@ -189,22 +200,18 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //This is is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } if (packet->l4_protocol == IPPROTO_TCP){ if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /** * Entry point for the ndpi library @@ -212,7 +219,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOMEIP, ndpi_search_someip, diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 63590fec7..db507ecc7 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SOPCAST +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOPCAST + +#include "ndpi_api.h" + static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -102,15 +105,13 @@ static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct if (flow->packet_counter == 1 && packet->payload_packet_len == 54 && get_u_int16_t(packet->payload, 0) == ntohs(0x0036)) { if (ndpi_int_is_sopcast_tcp(packet->payload, packet->payload_packet_len)) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast TCP \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast TCP \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "exclude sopcast TCP. \n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOPCAST); - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -119,19 +120,14 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "search sopcast. \n"); - + NDPI_LOG_DBG(ndpi_struct, "search sopcast. \n"); if (packet->payload_packet_len == 52 && packet->payload[0] == 0xff && packet->payload[1] == 0xff && packet->payload[2] == 0x01 && packet->payload[8] == 0x02 && packet->payload[9] == 0xff && packet->payload[10] == 0x00 && packet->payload[11] == 0x2c && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if I. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if I. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -140,7 +136,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x01 && packet->payload[9] == 0xff && packet->payload[10] == 0x00 && packet->payload[11] == 0x14 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if II. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if II. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -150,7 +146,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x03 && packet->payload[9] == 0xff && packet->payload[10] == 0x00 && packet->payload[11] == 0x34 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if III. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if III. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -160,7 +156,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x06 && packet->payload[9] == 0x01 && packet->payload[10] == 0x00 && packet->payload[11] == 0x22 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if IV. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if IV. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -170,7 +166,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x01 && packet->payload[9] == 0x01 && packet->payload[10] == 0x00 && packet->payload[11] == 0x14 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if V. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if V. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -181,7 +177,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x06 && packet->payload[9] == 0x01 && packet->payload[10] == 0x01 && packet->payload[11] == 0x16 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if VI. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if VI. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -191,14 +187,14 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[10] == 0x00 && packet->payload[11] == 0x44 && packet->payload[16] == 0x01 && packet->payload[15] == 0x01 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if VII. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if VII. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } /* Attention please: no asymmetric detection necessary. This detection works asymmetrically as well. */ - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "exclude sopcast. \n"); + NDPI_LOG_DBG(ndpi_struct, "exclude sopcast. \n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOPCAST); } diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index c7acc3bdc..8f4bbb32c 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -20,10 +20,21 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SOULSEEK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOULSEEK + +#include "ndpi_api.h" + +#define SOULSEEK_DETECT \ + if(src != NULL) \ + src->soulseek_last_safe_access_time = packet->tick_timestamp; \ + if(dst != NULL) \ + dst->soulseek_last_safe_access_time = packet->tick_timestamp; \ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN) void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,14 +47,14 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp) { if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SOULSEEK) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "packet marked as Soulseek\n"); + NDPI_LOG_DBG2(ndpi_struct, "packet marked as Soulseek\n"); if(src != NULL) - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, " SRC bitmask: %u, packet tick %llu , last safe access timestamp: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) src->soulseek_last_safe_access_time); if(dst != NULL) - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, " DST bitmask: %u, packet tick %llu , last safe ts: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) dst->soulseek_last_safe_access_time); @@ -65,13 +76,13 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if(src != NULL && ((u_int32_t)(packet->tick_timestamp - src->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Soulseek: SRC update last safe access time and SKIP_FOR_TIME \n"); src->soulseek_last_safe_access_time = packet->tick_timestamp; } if(dst != NULL && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Soulseek: DST update last safe access time and SKIP_FOR_TIME \n"); dst->soulseek_last_safe_access_time = packet->tick_timestamp; } @@ -81,7 +92,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(dst != NULL && dst->soulseek_listen_port != 0 && dst->soulseek_listen_port == ntohs(packet->tcp->dest) && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", dst->soulseek_listen_port, packet->tick_timestamp, dst->soulseek_last_safe_access_time, ndpi_struct->soulseek_connection_ip_tick_timeout); @@ -89,6 +100,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(src != NULL) src->soulseek_last_safe_access_time = packet->tick_timestamp; + NDPI_LOG_INFO(ndpi_struct, "found Soulseek\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); return; } @@ -121,14 +133,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, index += get_l32(packet->payload, index + 4) + 8; // enf of "hash value" if(index == get_l32(packet->payload, 0)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "Soulseek Login Detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Login Detected\n"); + SOULSEEK_DETECT; return; } } @@ -142,7 +148,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(msgcode == 0x7d) { flow->l4.tcp.soulseek_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "Soulseek Messages Search\n"); + NDPI_LOG_DBG2(ndpi_struct, "Soulseek Messages Search\n"); return; } else if(msgcode == 0x02 && packet->payload_packet_len == 12) { const u_int32_t soulseek_listen_port = get_l32(packet->payload, 8); @@ -152,7 +158,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp != NULL && src->soulseek_listen_port == 0) { src->soulseek_listen_port = soulseek_listen_port; - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "\n Listen Port Saved : %u", src->soulseek_listen_port); + NDPI_LOG_DBG2(ndpi_struct, "\n Listen Port Saved : %u", src->soulseek_listen_port); if(dst != NULL) dst->soulseek_last_safe_access_time = packet->tick_timestamp; @@ -171,25 +177,17 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, && namelen <= packet->payload_packet_len && (4 + 1 + 4 + namelen + 4 + 1 + 4) == packet->payload_packet_len && (type == 'F' || type == 'P' || type == 'D')) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek\n"); + SOULSEEK_DETECT; return; } - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "1\n"); } - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "3\n"); + NDPI_LOG_DBG2(ndpi_struct, "3\n"); //Peer Message : Pierce Firewall if(packet->payload_packet_len == 9 && get_l32(packet->payload, 0) == 5 && packet->payload[4] <= 0x10 && get_u_int32_t(packet->payload, 5) != 0x00000000) { flow->l4.tcp.soulseek_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_TRACE, "Soulseek Size 9 Pierce Firewall\n"); + NDPI_LOG_DBG2(ndpi_struct, "Soulseek Size 9 Pierce Firewall\n"); return; } } @@ -202,14 +200,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, const u_int32_t typelen = get_l32(packet->payload, 4 + 1 + 4 + usrlen); const u_int8_t type = packet->payload[4 + 1 + 4 + usrlen + 4]; if(typelen == 1 && (type == 'F' || type == 'P' || type == 'D')) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected Pattern command(D|P|F).\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Pattern command(D|P|F)\n"); + SOULSEEK_DETECT; return; } } @@ -219,14 +211,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload_packet_len > 8) { if((packet->payload[0] || packet->payload[1]) && get_l32(packet->payload, 4) == 9) { /* 9 is search result */ - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected Second Pkt\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Second Pkt\n"); + SOULSEEK_DETECT; return; } if(get_l32(packet->payload, 0) == packet->payload_packet_len - 4) { @@ -235,14 +221,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, { const u_int32_t usrlen = get_l32(packet->payload, 8); if(usrlen <= packet->payload_packet_len && 4 + 4 + 4 + usrlen == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "Soulseek Request Get Peer Address Detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Request Get Peer Address Detected\n"); + SOULSEEK_DETECT; return; } } @@ -250,27 +230,15 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if(packet->payload_packet_len == 8 && get_l32(packet->payload, 4) == 0x00000004) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek\n"); + SOULSEEK_DETECT; return; } if(packet->payload_packet_len == 4 && get_u_int16_t(packet->payload, 2) == 0x00 && get_u_int16_t(packet->payload, 0) != 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek\n"); + SOULSEEK_DETECT; return; } else if(packet->payload_packet_len == 4) { flow->l4.tcp.soulseek_stage = 3; @@ -279,33 +247,21 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } else if(flow->l4.tcp.soulseek_stage == 1 + packet->packet_direction) { if(packet->payload_packet_len > 8) { if(packet->payload[4] == 0x03 && get_l32(packet->payload, 5) == 0x00000031) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected Second Pkt with SIGNATURE :: 0x0331000000 \n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Second Pkt with SIGNATURE :: 0x0331000000 \n"); + SOULSEEK_DETECT; return; } } } if(flow->l4.tcp.soulseek_stage == 3 && packet->payload_packet_len == 8 && !get_u_int32_t(packet->payload, 4)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected bcz of 8B pkt\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek bcz of 8B pkt\n"); + SOULSEEK_DETECT; return; } if(flow->l4.tcp.soulseek_stage && flow->packet_counter < 11) { } else { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index e7dac5d66..cd3ed1355 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -21,10 +21,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_api.h" #ifdef NDPI_PROTOCOL_SPOTIFY + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SPOTIFY + +#include "ndpi_api.h" + static void ndpi_int_spotify_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -46,7 +51,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, && (packet->udp->dest == spotify_port)) { if(payload_len > 2) { if(memcmp(packet->payload, "SpotUdp", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "Found spotify udp dissector.\n"); + NDPI_LOG_INFO(ndpi_struct, "found spotify udp dissector\n"); ndpi_int_spotify_add_connection(ndpi_struct, flow, 0); return; } @@ -58,7 +63,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, packet->payload[2] == 0x00 && packet->payload[3] == 0x00&& packet->payload[6] == 0x52 && packet->payload[7] == 0x0e && packet->payload[8] == 0x50 ) { - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "Found spotify tcp dissector.\n"); + NDPI_LOG_INFO(ndpi_struct, "found spotify tcp dissector\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); } @@ -97,7 +102,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */) || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */) ) { - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "Found spotify via ip range.\n"); + NDPI_LOG_INFO(ndpi_struct, "found spotify via ip range\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); return; } @@ -105,15 +110,14 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "exclude spotify.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SPOTIFY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_spotify(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "spotify detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search spotify\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SPOTIFY) { diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index 1f6b80023..ce681d9b6 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SSDP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSDP + +#include "ndpi_api.h" + static void ndpi_int_ssdp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -38,10 +42,7 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "search ssdp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search ssdp\n"); if (packet->udp != NULL) { if (packet->payload_packet_len > 100) { @@ -49,22 +50,21 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n || memcmp(packet->payload, "NOTIFY * HTTP/1.1", 17) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "found ssdp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ssdp\n"); ndpi_int_ssdp_add_connection(ndpi_struct, flow); return; } #define SSDP_HTTP "HTTP/1.1 200 OK\r\n" if(memcmp(packet->payload, SSDP_HTTP, strlen(SSDP_HTTP)) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "found ssdp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ssdp\n"); ndpi_int_ssdp_add_connection(ndpi_struct, flow); return; } } } - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "ssdp excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSDP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index cb874010f..bfd1c387e 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SSH +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH + +#include "ndpi_api.h" + static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow){ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSH, NDPI_PROTOCOL_UNKNOWN); @@ -46,8 +50,6 @@ static void ndpi_ssh_zap_cr(char *str, int len) { void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; if (flow->l4.tcp.ssh_stage == 0) { if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 @@ -56,7 +58,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc strncpy(flow->protos.ssh.client_signature, (const char *)packet->payload, len); flow->protos.ssh.client_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.client_signature, len); - NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "ssh stage 0 passed\n"); + NDPI_LOG_DBG2(ndpi_struct, "ssh stage 0 passed\n"); flow->l4.tcp.ssh_stage = 1 + packet->packet_direction; return; } @@ -67,7 +69,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc strncpy(flow->protos.ssh.server_signature, (const char *)packet->payload, len); flow->protos.ssh.server_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.server_signature, len); - NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "found ssh\n"); + NDPI_LOG_INFO(ndpi_struct, "found ssh\n"); ndpi_int_ssh_add_connection(ndpi_struct, flow); return; @@ -75,7 +77,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } - NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "excluding ssh at stage %d\n", flow->l4.tcp.ssh_stage); + NDPI_LOG_DBG(ndpi_struct, "excluding ssh at stage %d\n", flow->l4.tcp.ssh_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSH); } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5afca5389..e57e891e5 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -21,11 +21,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_api.h" #ifdef NDPI_PROTOCOL_SSL +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSL + +#include "ndpi_api.h" + /* #define CERTIFICATE_DEBUG 1 */ #define NDPI_MAX_SSL_REQUEST_SIZE 10000 @@ -153,7 +157,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, { static u_int8_t id = 0; - printf("-> [%u] %02X\n", ++id, packet->payload[0] & 0xFF); + NDPI_LOG_DBG2(ndpi_struct,"-> [%u] %02X\n", ++id, packet->payload[0] & 0xFF); } #endif @@ -363,7 +367,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s if(rc > 0) { packet->ssl_certificate_detected++; #ifdef CERTIFICATE_DEBUG - printf("***** [SSL] %s\n", certificate); + NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), NDPI_PROTOCOL_SSL); @@ -404,8 +408,6 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct { #if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=flow->src; - // struct ndpi_id_struct *dst=flow->dst; u_int32_t a; u_int32_t end; #if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) @@ -424,9 +426,9 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct #ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER if(packet->payload[a] == 't') { if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "ssl jabber packet match\n"); if(NDPI_COMPARE_PROTOCOL_TO_BITMASK (ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) { + NDPI_LOG_INFO(ndpi_struct, "found ssl jabber unencrypted\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); return; } @@ -447,7 +449,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct && memcmp(&packet->payload[a], "http://ocsp.web.aol.com/ocsp", 28) == 0) || ((a + 32) < packet->payload_packet_len && memcmp(&packet->payload[a], "http://pki-info.aol.com/AOLMSPKI", 32) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR SERVER SSL DETECTED\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR SERVER SSL DETECTED\n"); if(flow->dst != NULL && packet->payload_packet_len > 75) { memcpy(flow->dst->oscar_ssl_session_id, &packet->payload[44], 32); @@ -464,7 +466,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct if((a + 21) < packet->payload_packet_len && (memcmp(&packet->payload[a], "my.screenname.aol.com", 21) == 0 || memcmp(&packet->payload[a], "sns-static.aolcdn.com", 21) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR SERVER SSL DETECTED\n"); + NDPI_LOG_DBG(ndpi_struct, "found OSCAR SERVER SSL DETECTED\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OSCAR); return; } @@ -475,14 +477,16 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct no_check_for_ssl_payload: #endif if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "found ssl connection.\n"); + NDPI_LOG_DBG(ndpi_struct, "found ssl connection\n"); sslDetectProtocolFromCertificate(ndpi_struct, flow); if(!packet->ssl_certificate_detected && (!(flow->l4.tcp.ssl_seen_client_cert && flow->l4.tcp.ssl_seen_server_cert))) { /* SSL without certificate (Skype, Ultrasurf?) */ + NDPI_LOG_INFO(ndpi_struct, "found ssl NO_CERT\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL_NO_CERT); } else + NDPI_LOG_INFO(ndpi_struct, "found ssl\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } @@ -492,10 +496,6 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // - // struct ndpi_id_struct *src=flow->src; - // struct ndpi_id_struct *dst=flow->dst; - if((packet->payload_packet_len >= 5) && (packet->payload[0] == 0x16) @@ -506,13 +506,13 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct || (packet->payload[2] == 0x03) )) { u_int32_t temp; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "search sslv3\n"); + NDPI_LOG_DBG2(ndpi_struct, "search sslv3\n"); // SSLv3 Record if(packet->payload_packet_len >= 1300) { return 1; } temp = ntohs(get_u_int16_t(packet->payload, 3)) + 5; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(packet->payload_packet_len == temp || (temp < packet->payload_packet_len && packet->payload_packet_len > 500)) { return 1; @@ -522,16 +522,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct /* the server hello may be split into small packets */ u_int32_t cert_start; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe SSLv3 server hello split into smaller packets\n"); /* lets hope at least the server hello and the start of the certificate block are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 4; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "suspected start of certificate: %u\n", + NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "found 0x0b at suspected start of certificate block\n"); return 2; } @@ -542,16 +542,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct * so temp contains only the length for the first ServerHello block */ u_int32_t cert_start; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); /* lets hope at least the server hello record and the start of the certificate record are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 5 + 4; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "suspected start of certificate: %u\n", + NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "found 0x0b at suspected start of certificate block\n"); return 2; } @@ -565,7 +565,7 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct return 1; } temp += temp2; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(packet->payload_packet_len == temp) { return 1; } @@ -576,7 +576,7 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct return 1; } temp += temp2; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(packet->payload_packet_len == temp) { return 1; } @@ -587,7 +587,7 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct return 1; } temp += temp2; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(temp == packet->payload_packet_len) { return 1; } @@ -602,10 +602,6 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=flow->src; - // struct ndpi_id_struct *dst=flow->dst; - u_int8_t ret; if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { @@ -613,7 +609,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc /* this should only happen, when we detected SSL with a packet that had parts of the certificate in subsequent packets * so go on checking for certificate patterns for a couple more packets */ - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ssl flow but check another packet for patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { @@ -627,7 +623,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "search ssl\n"); + NDPI_LOG_DBG(ndpi_struct, "search ssl\n"); { /* Check if this is whatsapp first (this proto runs over port 443) */ @@ -652,12 +648,12 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if(packet->payload_packet_len > 40 && flow->l4.tcp.ssl_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "first ssl packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "first ssl packet\n"); // SSLv2 Record if(packet->payload[2] == 0x01 && packet->payload[3] == 0x03 && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01 || packet->payload[4] == 0x02) && (packet->payload_packet_len - packet->payload[1] == 2)) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv2 len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv2 len match\n"); flow->l4.tcp.ssl_stage = 1 + packet->packet_direction; return; } @@ -666,7 +662,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (packet->payload[2] == 0x00 || packet->payload[2] == 0x01 || packet->payload[2] == 0x02) && (packet->payload_packet_len - ntohs(get_u_int16_t(packet->payload, 3)) == 5)) { // SSLv3 Record - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv3 len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv3 len match\n"); flow->l4.tcp.ssl_stage = 1 + packet->packet_direction; return; } @@ -679,23 +675,23 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if(packet->payload_packet_len > 40 && flow->l4.tcp.ssl_stage == 2 - packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "second ssl packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "second ssl packet\n"); // SSLv2 Record if(packet->payload[2] == 0x01 && packet->payload[3] == 0x03 && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01 || packet->payload[4] == 0x02) && (packet->payload_packet_len - 2) >= packet->payload[1]) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv2 server len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv2 server len match\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); return; } ret = ndpi_search_sslv3_direction1(ndpi_struct, flow); if(ret == 1) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv3 server len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv3 server len match\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); return; } else if(ret == 2) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { @@ -705,13 +701,12 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if(packet->payload_packet_len > 40 && flow->packet_direction_counter[packet->packet_direction] < 5) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "need next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "exclude ssl\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 760578563..73cdd0b12 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -19,11 +19,15 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_STARCRAFT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STARCRAFT + +#include "ndpi_api.h" + + /* Sender or receiver are one of the known login portals? */ u_int8_t sc2_match_logon_ip(struct ndpi_packet_struct* packet) { @@ -112,7 +116,7 @@ u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_stru void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Starcraft protocol detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search Starcraft\n"); if (flow->packet.detected_protocol_stack[0] != NDPI_PROTOCOL_STARCRAFT) { struct ndpi_packet_struct* packet = &flow->packet; int8_t result = 0; @@ -120,24 +124,22 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, str if (packet->udp != NULL) { result = ndpi_check_starcraft_udp(ndpi_struct, flow); if (result == 1) { - //printf("Found Starcraft 2 [Game, UDP]\n"); - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Found Starcraft 2 [Game, UDP]\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Starcraft 2 [Game, UDP]\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); + return; } } else if (packet->tcp != NULL) { result = ndpi_check_starcraft_tcp(ndpi_struct, flow); if (result == 1) { - //printf("Found Starcraft 2 [Client, TCP]\n"); - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Found Starcraft 2 [Client, TCP]\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Starcraft 2 [Client, TCP]\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); + return; } } - if (result == 1) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); - } - else if (result == -1) { - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Starcraft excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STARCRAFT); + if (result == -1) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 09e6c18d4..8bd75b1a3 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_STEALTHNET +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEALTHNET + +#include "ndpi_api.h" + static void ndpi_int_stealthnet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,20 +42,16 @@ void ndpi_search_stealthnet(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src = flow->src; - // struct ndpi_id_struct *dst = flow->dst; - + NDPI_LOG_DBG(ndpi_struct, "search stealthnet\n"); if (packet->payload_packet_len > 40 && memcmp(packet->payload, "LARS REGENSBURGER'S FILE SHARING PROTOCOL", 41) == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEALTHNET, ndpi_struct, NDPI_LOG_DEBUG, "found stealthnet\n"); + NDPI_LOG_INFO(ndpi_struct, "found stealthnet\n"); ndpi_int_stealthnet_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_STEALTHNET, ndpi_struct, NDPI_LOG_DEBUG, "exclude stealthnet.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STEALTHNET); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index d12a0cb4b..64eaa04fe 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -23,10 +23,14 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_STEAM + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEAM #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_STEAM static void ndpi_int_steam_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_UNKNOWN); } @@ -38,7 +42,7 @@ static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_stru if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len >= 23 && memcmp(packet->user_agent_line.ptr, "Valve/Steam HTTP Client", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } } @@ -48,10 +52,10 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc u_int32_t payload_len = packet->payload_packet_len; if (flow->steam_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if ((payload_len == 1 && packet->payload[0] == 0x01) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x01\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -59,14 +63,14 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc } if ((payload_len == 1 && packet->payload[0] == 0x00) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 return; } } else if ((flow->steam_stage == 1) || (flow->steam_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage - packet->packet_direction) == 1) { @@ -75,14 +79,14 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 1 && packet->payload[0] == 0x00) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage = 0; } } else if ((flow->steam_stage == 3) || (flow->steam_stage == 4)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage - packet->packet_direction) == 3) { @@ -91,10 +95,10 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 1 && packet->payload[0] == 0x01) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x01\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage = 0; } } @@ -105,17 +109,17 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru u_int32_t payload_len = packet->payload_packet_len; if (ndpi_match_strprefix(packet->payload, payload_len, "VS01")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->steam_stage1 == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if (ndpi_match_strprefix(packet->payload, payload_len, "\x31\xff\x30\x2e")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage1 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -123,7 +127,7 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru } if (ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage1 = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 @@ -131,7 +135,7 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru } } else if ((flow->steam_stage1 == 1) || (flow->steam_stage1 == 2)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage1); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage1 - packet->packet_direction) == 1) { @@ -140,15 +144,15 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage1 = 0; } } else if ((flow->steam_stage1 == 3) || (flow->steam_stage1 == 4)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage1); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage1 - packet->packet_direction) == 3) { @@ -157,10 +161,10 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\x31\xff\x30\x2e")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage1 = 0; } @@ -173,17 +177,17 @@ static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_stru /* Check if we so far detected the protocol in the request or not. */ if (flow->steam_stage2 == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if ((payload_len == 25) && ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage2 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage2); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage2); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage2 - packet->packet_direction) == 1) { @@ -192,10 +196,10 @@ static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage2 = 0; } @@ -208,17 +212,17 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru /* Check if we so far detected the protocol in the request or not. */ if (flow->steam_stage3 == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if ((payload_len == 4) && (packet->payload[0] == 0x39) && (packet->payload[1] == 0x18) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage3 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage3); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage3); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage3 - packet->packet_direction) == 1) { @@ -227,10 +231,10 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || ((payload_len == 8) && (packet->payload[0] == 0x3a) && (packet->payload[1] == 0x18) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage3 = 0; } @@ -242,8 +246,7 @@ void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Exclude STEAM.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STEAM); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -256,7 +259,7 @@ void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search STEAM\n"); ndpi_check_steam_http(ndpi_struct, flow); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d44d9c26e..53f39c4d6 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -21,10 +21,14 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_STUN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STUN + +#include "ndpi_api.h" #define MAX_NUM_STUN_PKTS 10 @@ -64,7 +68,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((strncmp((const char*)payload, (const char*)"RSP/", 4) == 0) && (strncmp((const char*)&payload[7], (const char*)" STUN_", 6) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } @@ -159,10 +163,10 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int8_t mod; u_int8_t old = 1; u_int8_t padding = 0; - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "len and type match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "len and type match\n"); if(payload_length == 20) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } @@ -183,7 +187,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * || payload[a + 1] == 0x2a || payload[a + 1] == 0x29 || payload[a + 1] == 0x50 || payload[a + 1] == 0x54 || payload[a + 1] == 0x55)))) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "attribute match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "attribute match\n"); a += ((payload[a + 2] << 8) + payload[a + 3] + 4); mod = a % 4; @@ -191,7 +195,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * padding = 4 - mod; } if(a == payload_length || (padding && (a + padding) == payload_length)) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } @@ -215,7 +219,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((payload[a + padding] == 0x40) && (payload[a + padding + 1] == 0x00)) goto udp_stun_found; - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "New STUN - attribute match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "New STUN - attribute match\n"); old = 0; a += ((payload[a + 2 + padding] << 8) + payload[a + 3 + padding] + 4); @@ -225,7 +229,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * a += 4 - mod; } if(a == payload_length) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } } else { @@ -254,7 +258,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int8_t is_whatsapp = 0, is_skype = 0; - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "search stun.\n"); + NDPI_LOG_DBG(ndpi_struct, "search stun\n"); if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ @@ -267,10 +271,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { if(is_skype) { - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + NDPI_LOG_INFO(ndpi_struct, "found Skype\n"); ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } @@ -282,10 +286,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, packet->payload_packet_len, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { if(is_skype) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Skype\n"); ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } @@ -293,8 +297,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } if(flow->num_stun_udp_pkts >= MAX_NUM_STUN_PKTS) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude stun.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STUN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index 589f40f21..d83cd99f7 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SYSLOG +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SYSLOG + +#include "ndpi_api.h" + static void ndpi_int_syslog_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,45 +40,41 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int8_t i; - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "search syslog\n"); + NDPI_LOG_DBG(ndpi_struct, "search syslog\n"); if (packet->payload_packet_len > 20 && packet->payload_packet_len <= 1024 && packet->payload[0] == '<') { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "checked len>20 and <1024 and first symbol=<.\n"); + NDPI_LOG_DBG2(ndpi_struct, "checked len>20 and <1024 and first symbol=<\n"); for (i = 1; i <= 3; i++) { if (packet->payload[i] < '0' || packet->payload[i] > '9') { break; } } - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "read symbols while the symbol is a number.\n"); if (packet->payload[i++] != '>') { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "there is no > following the number.\n"); + NDPI_LOG_DBG(ndpi_struct, "excluded, there is no > following the number\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG); return; } else { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a > following the number.\n"); + NDPI_LOG_DBG2(ndpi_struct, "a > following the number\n"); } if (packet->payload[i] == 0x20) { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a blank following the >: increment i.\n"); + NDPI_LOG_DBG2(ndpi_struct, "a blank following the >: increment i\n"); i++; } else { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no blank following the >: do nothing.\n"); + NDPI_LOG_DBG2(ndpi_struct, "no blank following the >: do nothing\n"); } /* check for "last message repeated" */ if (i + sizeof("last message") - 1 <= packet->payload_packet_len && memcmp(packet->payload + i, "last message", sizeof("last message") - 1) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'last message' string.\n"); + NDPI_LOG_INFO(ndpi_struct, "found syslog by 'last message' string\n"); ndpi_int_syslog_add_connection(ndpi_struct, flow); @@ -84,7 +84,7 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct /* snort events */ - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'snort: ' string.\n"); + NDPI_LOG_INFO(ndpi_struct, "found syslog by 'snort: ' string\n"); ndpi_int_syslog_add_connection(ndpi_struct, flow); @@ -103,27 +103,20 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct && memcmp(&packet->payload[i], "Oct", 3) != 0 && memcmp(&packet->payload[i], "Nov", 3) != 0 && memcmp(&packet->payload[i], "Dec", 3) != 0) { - - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, - "no month-shortname following: syslog excluded.\n"); - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } else { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, - "a month-shortname following: syslog detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found syslog\n"); ndpi_int_syslog_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no syslog detected.\n"); - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index fd8a296fb..df13c9756 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -17,49 +17,53 @@ * If not, see . */ -#include "ndpi_api.h" - +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TEAMSPEAK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMSPEAK + +#include "ndpi_api.h" + static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMSPEAK, NDPI_PROTOCOL_UNKNOWN); } - u_int16_t tdport = 0, tsport = 0; - u_int16_t udport = 0, usport = 0; void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; -if (packet->udp != NULL) { - usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); - /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ - if (((usport == 9987 || udport == 9987) || (usport == 8767 || udport == 8767)) && packet->payload_packet_len >= 20) { - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK udp.\n"); - ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + NDPI_LOG_DBG(ndpi_struct, "search teamspeak\n"); + + if (packet->udp != NULL) { + u_int16_t udport, usport; + usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); + /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ + if (((usport == 9987 || udport == 9987) || (usport == 8767 || udport == 8767)) && packet->payload_packet_len >= 20) { + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK udp\n"); + ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + } } -} -else if (packet->tcp != NULL) { - tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); + else if (packet->tcp != NULL) { + u_int16_t tdport, tsport; + tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */ if(packet->payload_packet_len >= 20) { if (((memcmp(packet->payload, "\xf4\xbe\x03\x00", 4) == 0)) || ((memcmp(packet->payload, "\xf4\xbe\x02\x00", 4) == 0)) || ((memcmp(packet->payload, "\xf4\xbe\x01\x00", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK tcp\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ } else if ((tsport == 14534 || tdport == 14534) || (tsport == 51234 || tdport == 51234)) { - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); } } - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "TEAMSPEAK excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMSPEAK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index b97f6b157..f06e40a73 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -22,23 +22,28 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TEAMVIEWER +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMVIEWER + +#include "ndpi_api.h" + + static void ndpi_int_teamview_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_TRACE, "TEAMWIEWER Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found teamwiewer\n"); } void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_TRACE, "TEAMWIEWER detection...\n"); + + NDPI_LOG_DBG(ndpi_struct, "search teamwiewer\n"); /* TeamViewer 178.77.120.0/25 @@ -95,7 +100,7 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMVIEWER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index 6d71dc844..d80f5f6b5 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -23,15 +23,19 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TELEGRAM +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELEGRAM + +#include "ndpi_api.h" + static void ndpi_int_telegram_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_TELEGRAM, ndpi_struct, NDPI_LOG_TRACE, "TELEGRAM Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found telegram\n"); } @@ -40,7 +44,7 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, stru struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport /* , sport */; - NDPI_LOG(NDPI_PROTOCOL_TELEGRAM, ndpi_struct, NDPI_LOG_TRACE, "TELEGRAM detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search telegram\n"); if (packet->payload_packet_len == 0) return; @@ -63,7 +67,7 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, stru } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELEGRAM); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 0be921d44..17618f795 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -23,9 +23,13 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_TELNET +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELNET + +#include "ndpi_api.h" static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct @@ -76,30 +80,25 @@ u_int8_t search_iac(struct ndpi_detection_module_struct *ndpi_struct, struct ndp void ndpi_search_telnet_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - // struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "search telnet.\n"); + NDPI_LOG_DBG(ndpi_struct, "search telnet\n"); if (search_iac(ndpi_struct, flow) == 1) { if (flow->l4.tcp.telnet_stage == 2) { - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "telnet identified.\n"); + NDPI_LOG_INFO(ndpi_struct, "found telnet\n"); ndpi_int_telnet_add_connection(ndpi_struct, flow); return; } flow->l4.tcp.telnet_stage++; - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "telnet stage %u.\n", flow->l4.tcp.telnet_stage); + NDPI_LOG_DBG2(ndpi_struct, "telnet stage %u\n", flow->l4.tcp.telnet_stage); return; } if ((flow->packet_counter < 12 && flow->l4.tcp.telnet_stage > 0) || flow->packet_counter < 6) { return; } else { - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "telnet excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELNET); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } return; } diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 079d1fbcd..2439f997b 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -18,24 +18,30 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TEREDO +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEREDO + +#include "ndpi_api.h" + /* https://en.wikipedia.org/wiki/Teredo_tunneling */ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp && packet->iph && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */) && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) - && (packet->payload_packet_len >= 40 /* IPv6 header */)) + && (packet->payload_packet_len >= 40 /* IPv6 header */)) { + NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN); - else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEREDO); + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } } diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index feb37e620..082e04326 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_TFTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TFTP + +#include "ndpi_api.h" + static void ndpi_int_tftp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,30 +41,29 @@ void ndpi_search_tftp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "search TFTP.\n"); + NDPI_LOG_DBG(ndpi_struct, "search TFTP\n"); if (packet->payload_packet_len > 3 && flow->l4.udp.tftp_stage == 0 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00030001) { - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe tftp. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe tftp. need next packet\n"); flow->l4.udp.tftp_stage = 1; return; } if (packet->payload_packet_len > 3 && (flow->l4.udp.tftp_stage == 1) && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040001) { - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "found tftp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found tftp\n"); ndpi_int_tftp_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 1 && ((packet->payload[0] == 0 && packet->payload[packet->payload_packet_len - 1] == 0) || (packet->payload_packet_len == 4 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040000))) { - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "skip initial packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "skip initial packet\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude TFTP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TFTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index f0198cdda..2818d873d 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -22,10 +22,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_THUNDER +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_THUNDER + +#include "ndpi_api.h" + + static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { @@ -55,26 +60,21 @@ void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { if (flow->thunder_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "THUNDER udp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found THUNDER udp\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); return; } flow->thunder_stage++; - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe thunder udp packet detected, stage increased to %u\n", flow->thunder_stage); return; } - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "excluding thunder udp at stage %u\n", flow->thunder_stage); - + NDPI_LOG_DBG(ndpi_struct, "excluding thunder udp at stage %u\n", flow->thunder_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER); } @@ -89,19 +89,16 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { if (flow->thunder_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "THUNDER tcp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found THUNDER tcp\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); return; } flow->thunder_stage++; - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe thunder tcp packet detected, stage increased to %u\n", flow->thunder_stage); return; } @@ -110,7 +107,7 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct && memcmp(packet->payload, "POST / HTTP/1.1\r\n", 17) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe thunder http POST packet detected, parsed packet lines: %u, empty line set %u (at: %u)\n", packet->parsed_lines, packet->empty_line_position_set, packet->empty_line_position); @@ -124,15 +121,13 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct && packet->payload[packet->empty_line_position + 3] == 0x00 && packet->payload[packet->empty_line_position + 4] == 0x00 && packet->payload[packet->empty_line_position + 5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "maybe thunder http POST packet application does match\n"); + NDPI_LOG_INFO(ndpi_struct, + "found thunder http POST packet application does match\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "excluding thunder tcp at stage %u\n", flow->thunder_stage); - + NDPI_LOG_DBG(ndpi_struct, "excluding thunder tcp at stage %u\n", flow->thunder_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER); } @@ -153,12 +148,12 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_THUNDER) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->thunder_ts) < ndpi_struct->thunder_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "thunder : save src connection packet detected\n"); src->thunder_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->thunder_ts) < ndpi_struct->thunder_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "thunder : save dst connection packet detected\n"); dst->thunder_ts = packet->tick_timestamp; } @@ -167,7 +162,7 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0 && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_THUNDER)) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "HTTP packet detected.\n"); + NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines > 7 @@ -186,8 +181,8 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct && packet->user_agent_line.len > 49 && memcmp(packet->user_agent_line.ptr, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)", 50) == 0) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "Thunder HTTP download detected, adding flow.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found thunder HTTP download detected\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); } } diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index cdd330bca..adb547a48 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -18,11 +18,14 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_TINC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_TINC static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -52,7 +55,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st /* cache_free(ndpi_struct->tinc_cache); */ - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc udp connection\n"); + NDPI_LOG_INFO(ndpi_struct, "found tinc udp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); } } @@ -111,7 +114,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); + NDPI_LOG_INFO(ndpi_struct, "found tinc tcp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); } return; @@ -123,14 +126,13 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st } } - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "exclude tinc.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TINC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { struct ndpi_packet_struct* packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "tinc detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "tinc detection\n"); if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { if(packet->tcp_retransmission == 0) { diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index f6987ef19..93c4fecca 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -5,10 +5,15 @@ * Copyright (C) 2013 Remy Mudingay * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TOR +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TOR + +#include "ndpi_api.h" + + static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_UNKNOWN); @@ -88,23 +93,22 @@ void ndpi_search_tor(struct ndpi_detection_module_struct *ndpi_struct, struct nd struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "search for TOR.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for TOR\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "calculating TOR over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating TOR over tcp\n"); if ((((dport == 9001) || (sport == 9001)) || ((dport == 9030) || (sport == 9030))) && ((packet->payload[0] == 0x17) || (packet->payload[0] == 0x16)) && (packet->payload[1] == 0x03) && (packet->payload[2] == 0x01) && (packet->payload[3] == 0x00)) { - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "found tor.\n"); + NDPI_LOG_INFO(ndpi_struct, "found tor\n"); ndpi_int_tor_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "exclude TOR.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TOR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c index 7297e489f..ceee278b9 100644 --- a/src/lib/protocols/tvants.c +++ b/src/lib/protocols/tvants.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TVANTS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVANTS + +#include "ndpi_api.h" + static void ndpi_int_tvants_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -40,13 +43,8 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "search tvants. \n"); + NDPI_LOG_DBG(ndpi_struct, "search tvants. \n"); if (packet->udp != NULL && packet->payload_packet_len > 57 && packet->payload[0] == 0x04 && packet->payload[1] == 0x00 @@ -57,7 +55,7 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct && (memcmp(&packet->payload[48], "TVANTS", 6) == 0 || memcmp(&packet->payload[49], "TVANTS", 6) == 0 || memcmp(&packet->payload[51], "TVANTS", 6) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "found tvants over udp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvants over udp. \n"); ndpi_int_tvants_add_connection(ndpi_struct, flow); } else if (packet->tcp != NULL && packet->payload_packet_len > 15 @@ -67,12 +65,11 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct && packet->payload[6] == 0x00 && packet->payload[7] == 0x00 && memcmp(&packet->payload[8], "TVANTS", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "found tvants over tcp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvants over tcp. \n"); ndpi_int_tvants_add_connection(ndpi_struct, flow); } - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "exclude tvants. \n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TVANTS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 2d35ae6cc..2160a5afa 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -22,10 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_TVUPLAYER +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVUPLAYER + +#include "ndpi_api.h" static void ndpi_int_tvuplayer_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -39,19 +42,14 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "search tvuplayer. \n"); - - + NDPI_LOG_DBG(ndpi_struct, "search tvuplayer. \n"); if (packet->tcp != NULL) { if ((packet->payload_packet_len == 36 || packet->payload_packet_len == 24) && packet->payload[0] == 0x00 && ntohl(get_u_int32_t(packet->payload, 2)) == 0x31323334 && ntohl(get_u_int32_t(packet->payload, 6)) == 0x35363837 && packet->payload[10] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer over tcp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer over tcp. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -62,7 +60,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len >= 8 && (memcmp(packet->user_agent_line.ptr, "MacTVUP", 7) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "Found user agent as MacTVUP.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found user agent as MacTVUP\n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -79,7 +77,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[12] == 0x02 && packet->payload[13] == 0xff && packet->payload[19] == 0x2c && ((packet->payload[26] == 0x05 && packet->payload[27] == 0x14) || (packet->payload[26] == 0x14 && packet->payload[27] == 0x05))) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type I. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type I. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -91,7 +89,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[33] == 0xff && packet->payload[34] == 0x01 && packet->payload[39] == 0x32 && ((packet->payload[46] == 0x05 && packet->payload[47] == 0x14) || (packet->payload[46] == 0x14 && packet->payload[47] == 0x05))) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type II. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type II. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -103,7 +101,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str || packet->payload[11] == 0x06 || packet->payload[11] == 0x22) && packet->payload[12] == 0x01 && (packet->payload[13] == 0xff || packet->payload[13] == 0x01) && packet->payload[19] == 0x14) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type III. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type III. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -113,7 +111,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[12] == 0x01 && packet->payload[13] == 0xff && packet->payload[19] == 0x14 && packet->payload[32] == 0x03 && packet->payload[33] == 0xff && packet->payload[34] == 0x01 && packet->payload[39] == 0x34) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type IV. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type IV. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -122,7 +120,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[10] == 0x00 && packet->payload[11] == 0x00 && packet->payload[12] == 0x01 && packet->payload[13] == 0xff && packet->payload[19] == 0x14 && packet->payload[33] == 0xff && packet->payload[39] == 0x14) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type V. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type V. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -131,7 +129,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[12] == 0x03 && packet->payload[13] == 0xff && packet->payload[19] == 0x32 && ((packet->payload[26] == 0x05 && packet->payload[27] == 0x14) || (packet->payload[26] == 0x14 && packet->payload[27] == 0x05))) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type VI. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type VI. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -140,14 +138,13 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[0] == 0x00 && packet->payload[2] == 0x00 && packet->payload[10] == 0x00 && packet->payload[11] == 0x00 && packet->payload[12] == 0x06 && packet->payload[13] == 0x00 && packet->payload[19] == 0x30) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type VII. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type VII. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "exclude tvuplayer. \n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TVUPLAYER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 7196ee884..012c8712e 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -19,10 +19,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_UBNTAC2 +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UBNTAC2 + +#include "ndpi_api.h" + + static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN); @@ -33,7 +38,8 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_TRACE, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); + NDPI_LOG_DBG(ndpi_struct, "search ubntac2\n"); + NDPI_LOG_DBG2(ndpi_struct, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); if(packet->udp) { if(packet->payload_packet_len >= 135 && @@ -64,7 +70,7 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc flow->protos.ubntac2.version[len] = '\0'; } - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); + NDPI_LOG_INFO(ndpi_struct, "UBNT AirControl 2 request\n"); ndpi_int_ubntac2_add_connection(ndpi_struct, flow); } @@ -72,7 +78,7 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UBNTAC2); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 4648a69ab..0a995d6f8 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -23,10 +23,13 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_USENET +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_USENET + +#include "ndpi_api.h" static void ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -41,17 +44,9 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: search usenet.\n"); - - - - - - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: STAGE IS %u.\n", flow->l4.tcp.usenet_stage); + NDPI_LOG_DBG(ndpi_struct, "search usenet\n"); + NDPI_LOG_DBG2(ndpi_struct, "STAGE IS %u\n", flow->l4.tcp.usenet_stage); // check for the first server replay /* @@ -62,10 +57,10 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct && ((memcmp(packet->payload, "200 ", 4) == 0) || (memcmp(packet->payload, "201 ", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: found 200 or 201.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found 200 or 201\n"); flow->l4.tcp.usenet_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: maybe hit.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe hit\n"); return; } @@ -78,28 +73,23 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct // check for client username if (flow->l4.tcp.usenet_stage == 2 - packet->packet_direction) { if (packet->payload_packet_len > 20 && (memcmp(packet->payload, "AUTHINFO USER ", 14) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: username found\n"); + NDPI_LOG_DBG2(ndpi_struct, "username found\n"); flow->l4.tcp.usenet_stage = 3 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: found usenet.\n"); + NDPI_LOG_INFO(ndpi_struct, "found usenet\n"); ndpi_int_usenet_add_connection(ndpi_struct, flow); return; } else if (packet->payload_packet_len == 13 && (memcmp(packet->payload, "MODE READER\r\n", 13) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, - "USENET: no login necessary but we are a client.\n"); + NDPI_LOG_DBG2(ndpi_struct, + "no login necessary but we are a client.\n"); - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: found usenet.\n"); + NDPI_LOG_INFO(ndpi_struct, "found usenet\n"); ndpi_int_usenet_add_connection(ndpi_struct, flow); return; } } - - - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: exclude usenet.\n"); - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_USENET); - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index e20477573..844eaf84f 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -17,7 +17,11 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_VHUA + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VHUA #include "ndpi_api.h" @@ -28,11 +32,10 @@ */ -#ifdef NDPI_PROTOCOL_VHUA static void ndpi_int_vhua_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VHUA, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_VHUA, ndpi_struct, NDPI_LOG_TRACE, "VHUA Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found VHUA\n"); } @@ -47,8 +50,7 @@ static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, st if((flow->packet_counter > 3) || (packet->udp == NULL) || (packet->payload_packet_len < sizeof(p0))) { - NDPI_LOG(NDPI_PROTOCOL_VHUA, ndpi_struct, NDPI_LOG_TRACE, "Exclude VHUA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VHUA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } else if(memcmp(packet->payload, p0, sizeof(p0)) == 0) { ndpi_int_vhua_add_connection(ndpi_struct, flow); } @@ -57,7 +59,7 @@ static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, st void ndpi_search_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_VHUA, ndpi_struct, NDPI_LOG_TRACE, "VHUA detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search VHUA\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_VHUA) { diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 111a53007..517b74b91 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -18,31 +18,34 @@ * If not, see . */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_VIBER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VIBER #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_VIBER void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "search for VIBER.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for VIBER\n"); if(packet->udp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); if((packet->payload_packet_len == 12 && packet->payload[2] == 0x03 && packet->payload[3] == 0x00) || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00) || ((packet->payload_packet_len < 135) && (packet->payload[0] == 0x11))) { - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "found VIBER.\n"); + NDPI_LOG_DBG(ndpi_struct, "found VIBER\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "exclude VIBER.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VIBER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index e5421b946..34fe84ab9 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -17,28 +17,32 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_VMWARE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VMWARE + +#include "ndpi_api.h" void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search vmware\n"); /* Check whether this is an VMWARE flow */ if(packet->udp != NULL){ if((packet->payload_packet_len == 66) && (ntohs(packet->udp->dest) == 902) && ((packet->payload[0] & 0xFF) == 0xA4)){ - NDPI_LOG(NDPI_PROTOCOL_VMWARE, ndpi_struct, NDPI_LOG_DEBUG, "Found vmware.\n"); + NDPI_LOG_INFO(ndpi_struct, "found vmware\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VMWARE, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_VMWARE, ndpi_struct, NDPI_LOG_DEBUG, "exclude vmware.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VMWARE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index ff0f6c6fa..6bbb26c6d 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -20,15 +20,19 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_VNC +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VNC + +#include "ndpi_api.h" void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search vnc\n"); /* search over TCP */ if(packet->tcp) { @@ -39,7 +43,7 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) || (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a))) { - NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "reached vnc stage one\n"); + NDPI_LOG_DBG2(ndpi_struct, "reached vnc stage one\n"); flow->l4.tcp.vnc_stage = 1 + packet->packet_direction; return; } @@ -51,14 +55,13 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a))) { - NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "found vnc\n"); + NDPI_LOG_INFO(ndpi_struct, "found vnc\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN); return; } } } - /* exclude VNC */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VNC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index ab07571eb..bbc1d8388 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -22,12 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_WARCRAFT3 -/* include files */ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WARCRAFT3 -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_WARCRAFT3 +#include "ndpi_api.h" static void ndpi_int_warcraft3_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -40,52 +41,48 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t l; /* Leave it as u_int32_t because otherwise 'u_int16_t temp' might overflood it and thus generate an infinite loop */ - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "search WARCRAFT3\n"); + NDPI_LOG_DBG(ndpi_struct, "search WARCRAFT3\n"); if (flow->packet_counter == 1 && packet->payload_packet_len == 1 && packet->payload[0] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "maybe warcraft3: packet_len == 1\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe warcraft3: packet_len == 1\n"); return; } else if (packet->payload_packet_len >= 4 && (packet->payload[0] == 0xf7 || packet->payload[0] == 0xff)) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "packet_payload begins with 0xf7 or 0xff\n"); + NDPI_LOG_DBG2(ndpi_struct, "packet_payload begins with 0xf7 or 0xff\n"); l = packet->payload[2] + (packet->payload[3] << 8); // similar to ntohs - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "l = %u \n", l); + NDPI_LOG_DBG2(ndpi_struct, "l = %u \n", l); while (l <= (packet->payload_packet_len - 4)) { if (packet->payload[l] == 0xf7) { u_int16_t temp = (packet->payload[l + 2 + 1] << 8) + packet->payload[l + 2]; - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "another f7 visited.\n"); + NDPI_LOG_DBG2(ndpi_struct, "another f7 visited\n"); if((temp <= 2) || (temp > 1500)) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "break\n"); + NDPI_LOG_DBG2(ndpi_struct, "break\n"); break; } else { l += temp; - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "l = %u \n", l); + NDPI_LOG_DBG2(ndpi_struct, "l = %u \n", l); } } else { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "break\n"); + NDPI_LOG_DBG2(ndpi_struct, "break\n"); break; } } if (l == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "maybe WARCRAFT3\n"); - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "flow->packet_counter = %u \n", + NDPI_LOG_DBG2(ndpi_struct, "maybe WARCRAFT3 flow->packet_counter = %u \n", flow->packet_counter); if (flow->packet_counter > 2) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "detected WARCRAFT3\n"); + NDPI_LOG_INFO(ndpi_struct, "found WARCRAFT3\n"); ndpi_int_warcraft3_add_connection(ndpi_struct, flow); return; } @@ -93,8 +90,7 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct } } - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "no warcraft3 detected.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WARCRAFT3); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index 968449cbd..32a9d186f 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -17,14 +17,21 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_WHOIS_DAS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHOIS_DAS + +#include "ndpi_api.h" + + void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search WHOIS/DAS\n"); if(packet->tcp != NULL) { u_int16_t sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); @@ -45,15 +52,14 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, str flow->host_server_name[i] = '\0'; flow->server_id = ((sport == 43) || (sport == 4343)) ? flow->src : flow->dst; - NDPI_LOG(NDPI_PROTOCOL_WHOIS_DAS, ndpi_struct, NDPI_LOG_DEBUG, "[WHOIS/DAS] %s\n", flow->host_server_name); + NDPI_LOG_INFO(ndpi_struct, "[WHOIS/DAS] %s\n", flow->host_server_name); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHOIS_DAS, NDPI_PROTOCOL_UNKNOWN); return; } } } - /* exclude WHOIS */ - NDPI_LOG(NDPI_PROTOCOL_WHOIS_DAS, ndpi_struct, NDPI_LOG_TRACE, "WHOIS Excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WHOIS_DAS); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 0a8d2707d..534addc7d 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -22,11 +22,12 @@ * */ +#include "ndpi_protocol_ids.h" - -/* include files */ -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_WORLD_OF_KUNG_FU +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLD_OF_KUNG_FU +#include "ndpi_api.h" + static void ndpi_int_world_of_kung_fu_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,22 +38,18 @@ void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_stru { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_WORLD_OF_KUNG_FU, ndpi_struct, NDPI_LOG_DEBUG, "search world_of_kung_fu.\n"); + NDPI_LOG_DBG(ndpi_struct, "search world_of_kung_fu\n"); if ((packet->payload_packet_len == 16) && ntohl(get_u_int32_t(packet->payload, 0)) == 0x0c000000 && ntohl(get_u_int32_t(packet->payload, 4)) == 0xd2000c00 && (packet->payload[9] == 0x16) && ntohs(get_u_int16_t(packet->payload, 10)) == 0x0000 && ntohs(get_u_int16_t(packet->payload, 14)) == 0x0000) { - NDPI_LOG(NDPI_PROTOCOL_WORLD_OF_KUNG_FU, ndpi_struct, NDPI_LOG_DEBUG, "detected world_of_kung_fu.\n"); + NDPI_LOG_INFO(ndpi_struct, "detected world_of_kung_fu\n"); ndpi_int_world_of_kung_fu_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_WORLD_OF_KUNG_FU, ndpi_struct, NDPI_LOG_DEBUG, "exclude world_of_kung_fu.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WORLD_OF_KUNG_FU); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index de3f720ba..307f41070 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -21,12 +21,13 @@ * along with nDPI. If not, see . * */ - - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLDOFWARCRAFT + +#include "ndpi_api.h" static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -58,7 +59,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Search World of Warcraft.\n"); + NDPI_LOG_DBG(ndpi_struct, "search World of Warcraft\n"); if (packet->tcp != NULL) { /* @@ -72,8 +73,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct memcmp(packet->user_agent_line.ptr, "Blizzard Web Client", NDPI_STATICSTRING_LEN("Blizzard Web Client")) == 0) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, - "World of Warcraft: Web Client found\n"); + NDPI_LOG_DBG(ndpi_struct, "World of Warcraft: Web Client found\n"); return; } } @@ -89,7 +89,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct && memcmp(&packet->host_line.ptr[packet->host_line.len - NDPI_STATICSTRING_LEN("worldofwarcraft.com")], "worldofwarcraft.com", NDPI_STATICSTRING_LEN("worldofwarcraft.com")) == 0) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: Web Client found\n"); return; } @@ -97,14 +97,14 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct if (packet->payload_packet_len == 50 && memcmp(&packet->payload[2], "WORLD OF WARCRAFT CONNECTION", NDPI_STATICSTRING_LEN("WORLD OF WARCRAFT CONNECTION")) == 0) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "World of Warcraft: Login found\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: Login found\n"); return; } if (packet->tcp->dest == htons(3724) && packet->payload_packet_len < 70 && packet->payload_packet_len > 40 && (memcmp(&packet->payload[4], "WoW", 3) == 0 || memcmp(&packet->payload[5], "WoW", 3) == 0)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "World of Warcraft: Login found\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: Login found\n"); return; } @@ -112,8 +112,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct if (packet->tcp->source == htons(3724) && packet->payload_packet_len == 8 && get_u_int32_t(packet->payload, 0) == htonl(0x0006ec01)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } @@ -127,16 +126,14 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct ntohs(get_u_int16_t(packet->payload, 0)) == (packet->payload_packet_len - 2)) { if (get_u_int32_t(packet->payload, 2) == htonl(0xec010100)) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "probably World of Warcraft, waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "probably World of Warcraft, waiting for final packet\n"); flow->l4.tcp.wow_stage = 2; return; } else if (packet->payload_packet_len == 41 && (get_u_int16_t(packet->payload, 2) == htons(0x0085) || get_u_int16_t(packet->payload, 2) == htons(0x0034) || get_u_int16_t(packet->payload, 2) == htons(0x1960))) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "maybe World of Warcraft, need next\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe World of Warcraft, need next\n"); flow->l4.tcp.wow_stage = 1; return; } @@ -155,21 +152,18 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct || memcmp(&packet->payload[packet->payload_packet_len - 30], "\x94\xec\xff\xfd\x67\x62\xd4\x67\xfb\xf9\xdd\xbd\xfd\x01\xc0\x8f\xf9\x81", 18) == 0)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } if (packet->payload_packet_len > 32 && ntohs(get_u_int16_t(packet->payload, 0)) == (packet->payload_packet_len - 2)) { if (get_u_int16_t(packet->payload, 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "probably World of Warcraft, waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "probably World of Warcraft, waiting for final packet\n"); flow->l4.tcp.wow_stage = 2; return; } else if (get_u_int32_t(packet->payload, 2) == htonl(0x12050000)) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "probably World of Warcraft, waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "probably World of Warcraft, waiting for final packet\n"); flow->l4.tcp.wow_stage = 2; return; } @@ -179,16 +173,14 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct if (flow->l4.tcp.wow_stage == 2) { if (packet->payload_packet_len == 4) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } else if (packet->payload_packet_len > 4 && packet->payload_packet_len <= 16 && packet->payload[4] == 0x0c) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } else if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "waiting for final packet\n"); return; } } @@ -199,14 +191,13 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct get_u_int32_t(packet->payload, 0) == htonl(0x40000aed) && get_u_int32_t(packet->payload, 4) == htonl(0xea070aed)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WORLDOFWARCRAFT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index 92f68fc34..3182c191c 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -21,9 +21,11 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_XBOX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XBOX +#include "ndpi_api.h" static void ndpi_int_xbox_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,9 +38,6 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src = flow->src; - // struct ndpi_id_struct *dst = flow->dst; - /* * XBOX UDP DETCTION ONLY * the xbox TCP detection is done by http code @@ -49,7 +48,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n u_int16_t dport = ntohs(packet->udp->dest); u_int16_t sport = ntohs(packet->udp->source); - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "search xbox\n"); + NDPI_LOG_DBG(ndpi_struct, "search xbox\n"); if (packet->payload_packet_len > 12 && get_u_int32_t(packet->payload, 0) == 0 && packet->payload[5] == 0x58 && @@ -62,7 +61,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n (packet->payload[4] == 0x06 && packet->payload[6] == 0x4e)) { ndpi_int_xbox_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "xbox udp connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found xbox udp connection detected\n"); return; } } @@ -76,10 +75,10 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n || (packet->payload_packet_len == 28 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x015f2c00))) { if (flow->l4.udp.xbox_stage == 1) { ndpi_int_xbox_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "xbox udp connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found xbox udp connection detected\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "maybe xbox.\n"); + NDPI_LOG_DBG(ndpi_struct, "maybe xbox\n"); flow->l4.udp.xbox_stage++; return; } @@ -88,8 +87,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n #ifdef NDPI_PROTOCOL_HTTP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { #endif - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "xbox udp excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } /* to not exclude tcp traffic here, done by http code... */ diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index 614e503b1..71bcd9c69 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_XDMCP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XDMCP + +#include "ndpi_api.h" + static void ndpi_int_xdmcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -38,17 +42,14 @@ void ndpi_search_xdmcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "search xdmcp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search xdmcp\n"); if (packet->tcp != NULL && (ntohs(packet->tcp->dest) >= 6000 && ntohs(packet->tcp->dest) <= 6005) && packet->payload_packet_len == 48 && packet->payload[0] == 0x6c && packet->payload[1] == 0x00 && ntohs(get_u_int16_t(packet->payload, 6)) == 0x1200 && ntohs(get_u_int16_t(packet->payload, 8)) == 0x1000) { - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "found xdmcp over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found xdmcp over tcp\n"); ndpi_int_xdmcp_add_connection(ndpi_struct, flow); return; } @@ -56,14 +57,12 @@ void ndpi_search_xdmcp(struct ndpi_detection_module_struct && packet->payload_packet_len >= 6 && packet->payload_packet_len == 6 + ntohs(get_u_int16_t(packet->payload, 4)) && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0001 && ntohs(get_u_int16_t(packet->payload, 2)) == 0x0002) { - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "found xdmcp over udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found xdmcp over udp\n"); ndpi_int_xdmcp_add_connection(ndpi_struct, flow); return; } - - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude xdmcp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XDMCP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 569fca940..3c073482f 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -20,9 +20,12 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_YAHOO +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_YAHOO +#include "ndpi_api.h" + struct ndpi_yahoo_header { @@ -87,8 +90,6 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_id_struct *dst = flow->dst; const struct ndpi_yahoo_header *yahoo = (struct ndpi_yahoo_header *) packet->payload; - - if(packet->tcp) { if(packet->payload_packet_len > 0) { /* packet must be at least 20 bytes long */ @@ -96,11 +97,11 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && memcmp(yahoo->YMSG_str, "YMSG", 4) == 0 && ((packet->payload_packet_len - 20) == ntohs(yahoo->len) || check_ymsg(packet->payload, packet->payload_packet_len))) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO FOUND\n"); + NDPI_LOG_DBG(ndpi_struct, "YAHOO FOUND\n"); flow->yahoo_detection_finished = 2; if(ntohs(yahoo->service) == 24 || ntohs(yahoo->service) == 152 || ntohs(yahoo->service) == 74) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO conference or chat invite found"); + NDPI_LOG_DBG(ndpi_struct, "YAHOO conference or chat invite found"); if(src != NULL) src->yahoo_conf_logged_in = 1; @@ -108,13 +109,13 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru dst->yahoo_conf_logged_in = 1; } if(ntohs(yahoo->service) == 27 || ntohs(yahoo->service) == 155 || ntohs(yahoo->service) == 160) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO conference or chat logoff found"); + NDPI_LOG_DBG(ndpi_struct, "YAHOO conference or chat logoff found"); if(src != NULL) { src->yahoo_conf_logged_in = 0; src->yahoo_voice_conf_logged_in = 0; } } - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; @@ -140,7 +141,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0)) { /* this is mostly a file transfer */ - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -151,7 +152,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if ((packet->user_agent_line.len >= 21) && (memcmp(packet->user_agent_line.ptr, "YahooMobileMessenger/", 21) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO(Mobile)"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO(Mobile)"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -169,27 +170,23 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && memcmp(packet->line[4].ptr, "User-Agent: Mozilla/5.0", 23) == 0 && packet->line[5].len >= 23 && memcmp(packet->line[5].ptr, "Cache-Control: no-cache", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, - "YAHOO HTTP POST P2P FILETRANSFER FOUND\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO HTTP POST P2P FILETRANSFER\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->host_line.ptr != NULL && packet->host_line.len >= 26 && memcmp(packet->host_line.ptr, "filetransfer.msg.yahoo.com", 26) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO HTTP POST FILETRANSFER FOUND\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO HTTP POST FILETRANSFER\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } /* now check every line */ for (a = 0; a < packet->parsed_lines; a++) { if (packet->line[a].len >= 4 && memcmp(packet->line[a].ptr, "YMSG", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, - NDPI_LOG_TRACE, + NDPI_LOG_DBG(ndpi_struct, "YAHOO HTTP POST FOUND, line is: %.*s\n", packet->line[a].len, packet->line[a].ptr); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -197,8 +194,8 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (packet->parsed_lines > 8 && packet->line[8].len > 250 && packet->line[8].ptr != NULL) { if (memcmp(packet->line[8].ptr, "line[8].len, packet->line[8].ptr)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, - "found HTTP Proxy Yahoo Chat detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0) || (dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO HTTP GET /Messenger. match\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO HTTP GET /Messenger. match\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -222,13 +218,13 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && memcmp(packet->user_agent_line.ptr, "YahooMobileMessenger/", NDPI_STATICSTRING_LEN("YahooMobileMessenger/")) == 0) || (packet->user_agent_line.len >= 15 && (memcmp(packet->user_agent_line.ptr, "Y!%20Messenger/", 15) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO(Mobile)"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO(Mobile)"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } if(packet->host_line.ptr != NULL && packet->host_line.len >= NDPI_STATICSTRING_LEN("msg.yahoo.com") && memcmp(&packet->host_line.ptr[packet->host_line.len - NDPI_STATICSTRING_LEN("msg.yahoo.com")], "msg.yahoo.com", NDPI_STATICSTRING_LEN("msg.yahoo.com")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -242,10 +238,10 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (packet->parsed_lines > 2 && packet->line[1].len == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "first line is empty.\n"); + NDPI_LOG_DBG(ndpi_struct, "first line is empty\n"); if (packet->line[2].len > 13 && memcmp(packet->line[2].ptr, "payload_packet_len > 38 && memcmp(packet->payload, "CONNECT scs.msg.yahoo.com:5050 HTTP/1.", 38) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO-HTTP FOUND\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO-HTTP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -264,7 +259,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru || (dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0)) { if (packet->payload_packet_len == 6 && memcmp(packet->payload, "YAHOO!", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -274,8 +269,6 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (packet->payload_packet_len == 8 && (memcmp(packet->payload, "", 8) == 0 || memcmp(packet->payload, "", 8) == 0 || memcmp(packet->payload, "", 8) == 0 || memcmp(packet->payload, "", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO SNDIMG or REQIMG or RVWCFG or RUPCFG FOUND\n"); - if(src != NULL) { if (memcmp(packet->payload, "", 8) == 0) { src->yahoo_video_lan_dir = 0; @@ -293,7 +286,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru dst->yahoo_video_lan_timer = packet->tick_timestamp; } - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO subtype VIDEO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO subtype VIDEO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -302,9 +295,8 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (src->yahoo_video_lan_dir == 1) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO IMG MARKED"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "IMG MARKED"); return; } } @@ -312,9 +304,8 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && ((u_int32_t) (packet->tick_timestamp - dst->yahoo_video_lan_timer) < ndpi_struct->yahoo_lan_video_timeout)) { if (dst->yahoo_video_lan_dir == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO IMG MARKED"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "IMG MARKED"); return; } } @@ -326,8 +317,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru { if (flow->l4.tcp.yahoo_http_proxy_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, - "YAHOO maybe HTTP proxy packet 1 => need next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "YAHOO maybe HTTP proxy packet 1 => need next packet\n"); flow->l4.tcp.yahoo_http_proxy_stage = 1 + packet->packet_direction; return; } @@ -335,12 +325,12 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if ((packet->payload_packet_len > 250) && (memcmp(packet->payload, "payload_packet_len, packet->payload)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found HTTP Proxy Yahoo Chat need next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "YAHOO maybe HTTP proxy still initial direction => need next packet\n"); return; } if (flow->l4.tcp.yahoo_http_proxy_stage == 2 - packet->packet_direction) { @@ -354,7 +344,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru memcmp(packet->line[4].ptr, "line[8].ptr, "excluded_protocol_bitmask, NDPI_PROTOCOL_YAHOO); - } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "search yahoo\n"); + NDPI_LOG_DBG(ndpi_struct, "search yahoo\n"); if(packet->payload_packet_len > 0 && flow->yahoo_detection_finished == 0) { @@ -385,13 +374,16 @@ void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct #ifdef NDPI_PROTOCOL_SSL || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { #endif + /* search over TCP */ ndpi_search_yahoo_tcp(ndpi_struct, flow); } } /* search over UDP */ else if(packet->udp != NULL) { - if(flow->src == NULL || NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->src->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) == 0) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_YAHOO); + if ( flow->src == NULL || + NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->src->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) == 0) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } return; } } diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 3b6adcec8..9c212ddde 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -20,9 +20,13 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ZATTOO + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZATTOO + +#include "ndpi_api.h" #ifndef WIN32 static inline @@ -33,13 +37,21 @@ u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndp { if(flow->packet.user_agent_line.ptr != NULL && flow->packet.user_agent_line.len == 111) { if(memcmp(flow->packet.user_agent_line.ptr + flow->packet.user_agent_line.len - 25, "Zattoo/4", sizeof("Zattoo/4") - 1) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "found zattoo useragent\n"); + NDPI_LOG_DBG(ndpi_struct, "found zattoo useragent\n"); return 1; } } return 0; } +#define ZATTOO_DETECTED \ + if (src != NULL) \ + src->zattoo_ts = packet->tick_timestamp; \ + if (dst != NULL) \ + dst->zattoo_ts = packet->tick_timestamp; \ + \ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN) + void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -48,6 +60,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct u_int16_t i; + NDPI_LOG_DBG(ndpi_struct, "search ZATTOO\n"); + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_ZATTOO) { if(src != NULL && ((u_int32_t) (packet->tick_timestamp - src->zattoo_ts) < ndpi_struct->zattoo_connection_timeout)) src->zattoo_ts = packet->tick_timestamp; @@ -59,26 +73,14 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(packet->tcp != NULL) { if(packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /frontdoor/fd?brand=Zattoo&v=", 33) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern GET /frontdoor/fd?brand=Zattoo&v=\n"); - - if (src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if (dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern GET /frontdoor/fd?brand=Zattoo&v=\n"); + ZATTOO_DETECTED; return; } if(packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /ZattooAdRedirect/redirect.jsp?user=", 40) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern GET /ZattooAdRedirect/redirect.jsp?user=\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern GET /ZattooAdRedirect/redirect.jsp?user=\n"); + ZATTOO_DETECTED; return; } if(packet->payload_packet_len > 50 && (memcmp(packet->payload, "POST /channelserver/player/channel/update HTTP/1.1", 50) == 0 @@ -89,14 +91,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct for(i = 0; i < packet->parsed_lines; i++) { if(packet->line[i].len >= 18 && (memcmp(packet->line[i].ptr, "User-Agent: Zattoo", 18) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern POST /channelserver/player/channel/update HTTP/1.1\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern POST /channelserver/player/channel/update HTTP/1.1\n"); + ZATTOO_DETECTED; return; } } @@ -107,12 +103,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(ndpi_int_zattoo_user_agent_set(ndpi_struct, flow)) { - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern GET / or POST /\n"); + ZATTOO_DETECTED; return; } } else if(packet->payload_packet_len > 50 && memcmp(packet->payload, "POST http://", 12) == 0) { @@ -141,14 +133,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[packet->empty_line_position + 6] == 0x0a && packet->payload[packet->empty_line_position + 7] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern POST http://\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern POST http://\n"); + ZATTOO_DETECTED; return; } } @@ -160,20 +146,14 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[2] == 0x00 && packet->payload[3] == 0x04 && packet->payload[4] == 0x0a && packet->payload[5] == 0x00) { flow->zattoo_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, seen pattern 0x030400040a00\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x030400040a00\n"); return; } /* the following is searching for flash, not for zattoo. */ } else if(flow->zattoo_stage == 2 - packet->packet_direction && packet->payload_packet_len > 50 && packet->payload[0] == 0x03 && packet->payload[1] == 0x04) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with 0x0304.\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with 0x0304\n"); + ZATTOO_DETECTED; return; } else if(flow->zattoo_stage == 1 + packet->packet_direction) { @@ -181,7 +161,7 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct flow->zattoo_stage = 3 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, seen pattern 0x0000\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x0000\n"); return; } if(packet->payload_packet_len > 50 @@ -190,46 +170,29 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[2] == 0x00 && packet->payload[3] == 0x04 && packet->payload[4] == 0x0a && packet->payload[5] == 0x00) { } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, seen pattern 0x030400040a00\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x030400040a00\n"); return; } else if(flow->zattoo_stage == 4 - packet->packet_direction && packet->payload_packet_len > 50 && packet->payload[0] == 0x03 && packet->payload[1] == 0x04) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with 0x0304.\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with 0x0304\n"); + ZATTOO_DETECTED; return; } else if(flow->zattoo_stage == 5 + packet->packet_direction && (packet->payload_packet_len == 125)) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "detected zattoo.\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo\n"); + ZATTOO_DETECTED; return; } else if(flow->zattoo_stage == 6 - packet->packet_direction && packet->payload_packet_len == 1412) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "found zattoo.\n"); - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo\n"); + ZATTOO_DETECTED; return; } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ZATTOO: discarded the flow (TCP): packet_size: %u; Flowstage: %u\n", packet->payload_packet_len, flow->zattoo_stage); @@ -246,27 +209,21 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(++flow->zattoo_stage == 2) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over udp.\n"); - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over udp\n"); + ZATTOO_DETECTED; return; } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet udp\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ZATTOO: discarded the flow (UDP): packet_size: %u; Flowstage: %u\n", packet->payload_packet_len, flow->zattoo_stage); } - /* exclude ZATTOO */ - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "exclude zattoo.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZATTOO); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index f069bba09..c7c8e9519 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -17,13 +17,16 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ZMQ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZMQ + +#include "ndpi_api.h" static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZMQ, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ZMQ\n"); } @@ -39,8 +42,7 @@ static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, str /* Break after 17 packets. */ if(flow->packet_counter > 17) { - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "Exclude ZMQ.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZMQ); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -85,7 +87,7 @@ static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, str void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search ZMQ\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_ZMQ) { -- cgit v1.2.3 From 7e38a4f79036982ee23c9d93866b07833c56d336 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Thu, 26 Oct 2017 23:23:29 +0200 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d9802fc2d..5aff79ae9 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ The entire procedure of adding new protocols in detail: 1. Add new protocol together with its unique ID to: src/include/ndpi_protocol_ids.h 2. Create a new protocol in: src/lib/protocols/ -3. Variables to be kept for the duration of the entire flow (as state variables) needs to be placed in: /include/ndpi_structs.h in ndpi_flow_tcp_struct (for TCP only), ndpi_flow_udp_struct (for UDP only), or ndpi_flow_struct (for both). +3. Variables to be kept for the duration of the entire flow (as state variables) need to be placed in: src/include/ndpi_typedefs.h in ndpi_flow_tcp_struct (for TCP only), ndpi_flow_udp_struct (for UDP only), or ndpi_flow_struct (for both). 4. Add a new entry for the search function for the new protocol in: src/include/ndpi_protocols.h 5. Choose (do not change anything) a selection bitmask from: src/include/ndpi_define.h 6. Add a new entry in ndpi_set_protocol_detection_bitmask2 in: src/lib/ndpi_main.c -- cgit v1.2.3 From 169aa11adc67e18a21fd81ecbb0c1c0989b346c9 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Thu, 26 Oct 2017 21:07:00 -0400 Subject: Added DHCP class identifier support. --- src/include/ndpi_typedefs.h | 1 + src/lib/protocols/dhcp.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..c79f57f4d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1031,6 +1031,7 @@ struct ndpi_flow_struct { struct { char fingerprint[48]; + char class_ident[48]; } dhcp; } protos; diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index cdf33947e..c46cc1c91 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -104,6 +104,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru "%02X", dhcp->options[i+2+idx] & 0xFF); offset += 2; } + } else if(id == 60 /* Class Identifier */) { + char *name = (char*)&dhcp->options[i+2]; + int j = 0; + + j = ndpi_min(len, sizeof(flow->protos.dhcp.class_ident)-1); + strncpy((char*)flow->protos.dhcp.class_ident, name, j); + flow->protos.dhcp.class_ident[j] = '\0'; } else if(id == 12 /* Host Name */) { char *name = (char*)&dhcp->options[i+2]; int j = 0; -- cgit v1.2.3 From cf07c925387ce803c314513ed8e4b1810bb27a0d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 29 Oct 2017 18:31:31 +0100 Subject: Dropbox and apple improvements Fixed warning --- example/ndpiReader.c | 2 ++ src/lib/ndpi_content_match.c.inc | 2 ++ 2 files changed, 4 insertions(+) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8d8ee47b0..8bc4ad1a6 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1117,6 +1117,8 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u HASH_DEL(*receivers, r); free(r); } + + return(NULL); } /* *********************************************** */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ba14f50f1..4a9ec63cf 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8031,6 +8031,7 @@ ndpi_protocol_match host_match[] = { { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8048,6 +8049,7 @@ ndpi_protocol_match host_match[] = { { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ -- cgit v1.2.3 From 159e6228fe9da7a9d410cb0a185d54cdee483797 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Mon, 30 Oct 2017 11:30:09 +0100 Subject: --ndpi-proto-filter now accepts also protocol name --- example/ndpiReader.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8d8ee47b0..f10c82a90 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -96,6 +96,7 @@ static struct timeval pcap_start, pcap_end; static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +static struct ndpi_detection_module_struct *ndpi_info_mod = NULL; struct flow_info { struct ndpi_flow_info *flow; @@ -272,8 +273,7 @@ static void help(u_int long_help) { if(long_help) { printf("\n\nSupported protocols:\n"); num_threads = 1; - setupDetection(0, NULL); - ndpi_dump_protocols(ndpi_thread_info[0].workflow->ndpi_struct); + ndpi_dump_protocols(ndpi_info_mod); } exit(!long_help); } @@ -365,34 +365,30 @@ int cmpFlows(const void *_a, const void *_b) { void extcap_config() { int i, argidx = 0; - struct ndpi_detection_module_struct *ndpi_mod; struct ndpi_proto_sorter *protos; /* -i */ - printf("arg {number=%d}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" + printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}" "{tooltip=The interface name}\n", argidx++); printf("arg {number=%d}{call=-i}{display=Pcap File to Analyze}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); - setupDetection(0, NULL); - ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; - - protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols); + protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter) * ndpi_info_mod->ndpi_num_supported_protocols); if(!protos) exit(0); - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { + for(i=0; i<(int) ndpi_info_mod->ndpi_num_supported_protocols; i++) { protos[i].id = i; - snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_mod->proto_defaults[i].protoName); + snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_info_mod->proto_defaults[i].protoName); } - qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); + qsort(protos, ndpi_info_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); printf("arg {number=%d}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) + for(i=0; i<(int)ndpi_info_mod->ndpi_num_supported_protocols; i++) printf("value {arg=%d}{value=%d}{display=%s (%d)}\n", argidx, protos[i].id, protos[i].name, protos[i].id); @@ -578,7 +574,8 @@ static void parseOptions(int argc, char **argv) { break; case '9': - extcap_packet_filter = atoi(optarg); + extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); + if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); break; default: @@ -3123,6 +3120,9 @@ int main(int argc, char **argv) { automataUnitTest(); + ndpi_info_mod = ndpi_init_detection_module(); + if (ndpi_info_mod == NULL) return -1; + memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); parseOptions(argc, argv); @@ -3153,6 +3153,7 @@ int main(int argc, char **argv) { if(results_path) free(results_path); if(results_file) fclose(results_file); if(extcap_dumper) pcap_dump_close(extcap_dumper); + if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod); return 0; } -- cgit v1.2.3 From a0980228efa9cb4c2546dbbaaa9475db04f59cce Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 31 Oct 2017 22:04:14 +0300 Subject: Bug fix. Protocol SIP: command 'CANCEL sip:' is not recognized. Add sip.pcap for tests ( Source: https://wiki.wireshark.org/SIP ). --- src/lib/protocols/sip.c | 2 +- tests/pcap/sip.pcap | Bin 0 -> 50975 bytes tests/result/sip.pcap.out | 8 ++++++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 tests/pcap/sip.pcap create mode 100644 tests/result/sip.pcap.out diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 94386d61e..67459f562 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -121,7 +121,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct } if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0) - && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { + && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; diff --git a/tests/pcap/sip.pcap b/tests/pcap/sip.pcap new file mode 100644 index 000000000..8cd7f4761 Binary files /dev/null and b/tests/pcap/sip.pcap differ diff --git a/tests/result/sip.pcap.out b/tests/result/sip.pcap.out new file mode 100644 index 000000000..8f1dfb3d2 --- /dev/null +++ b/tests/result/sip.pcap.out @@ -0,0 +1,8 @@ +RTP 9 1926 1 +SIP 102 47087 2 +RTCP 1 146 1 + + 1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][53 pkts/21940 bytes <-> 31 pkts/15635 bytes] + 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][15 pkts/7568 bytes <-> 3 pkts/1944 bytes] + 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][9 pkts/1926 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][1 pkts/146 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From a488c9b7dc6d1e08ef09f681349923853ff142ae Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 3 Nov 2017 09:32:43 +0100 Subject: Fixes #485 --- src/lib/ndpi_content_match.c.inc | 2 +- src/lib/protocols/ssl.c | 2 +- src/lib/protocols/tor.c | 28 ++++++++++++++++++---------- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4a9ec63cf..1ee97381e 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8434,7 +8434,7 @@ static const char *ndpi_en_bigrams[] = { "lz", "nz", "oz", "pz", "rz", "tz", "uz", "zz", NULL }; static const char *ndpi_en_impossible_bigrams[] = { - "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", "ee", + "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", /* "ee", removed it can be found in 'meeting' */ "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", "jc", "jd", "jf", "jg", "jh", "jk", "jl", "jm", "jn", "jp", "jq", "jr", /* "js", */ "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx", "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii", diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5afca5389..231bde1eb 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -641,7 +641,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } else if((packet->payload_packet_len == 4) && (packet->payload[0] == 'W') - && (packet->payload[1] == 'A')){ + && (packet->payload[1] == 'A')) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); return; } else { diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index f6987ef19..95233e471 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -16,14 +16,23 @@ static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, char *certificate) { - + struct ndpi_flow_struct *flow, char *certificate) { int prev_num = 0, numbers_found = 0, num_found = 0, i, len; char dummy[48], *dot, *name; - if((certificate == NULL) - || (strlen(certificate) < 6) - || (strncmp(certificate, "www.", 4))) + if(certificate == NULL) + return(0); + else + len = strlen(certificate); + + /* Check if it ends in .com or .net */ + if(strcmp(&certificate[len-4], ".com") && strcmp(&certificate[len-4], ".net")) + return(0); + + if((len < 6) + || (!strncmp(certificate, "*.", 2)) /* Wildcard certificate */ + || (strncmp(certificate, "www.", 4)) /* Not starting with www.... */ + ) return(0); // printf("***** [SSL] %s(): %s\n", __FUNCTION__, certificate); @@ -55,13 +64,12 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, } else prev_num = 0; - if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { - ndpi_int_tor_add_connection(ndpi_struct, flow); - return(1); - } - + if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) { num_found++; + } else if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { + ndpi_int_tor_add_connection(ndpi_struct, flow); + return(1); } } -- cgit v1.2.3 From c9f32ee76dbc5e323d321b088562df980d2f525f Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 3 Nov 2017 17:15:04 +0100 Subject: Fixed begin/end type when capturing live traffic --- example/ndpiReader.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 710839261..40153e168 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2301,11 +2301,8 @@ static void pcap_process_packet(u_char *args, return; } - /* Check if capture is live or not */ - if(!live_capture) { - if(!pcap_start.tv_sec) pcap_start.tv_sec = header->ts.tv_sec, pcap_start.tv_usec = header->ts.tv_usec; - pcap_end.tv_sec = header->ts.tv_sec, pcap_end.tv_usec = header->ts.tv_usec; - } + if(!pcap_start.tv_sec) pcap_start.tv_sec = header->ts.tv_sec, pcap_start.tv_usec = header->ts.tv_usec; + pcap_end.tv_sec = header->ts.tv_sec, pcap_end.tv_usec = header->ts.tv_usec; /* Idle flows cleanup */ if(live_capture) { -- cgit v1.2.3 From 3caac691d5640c505f03ae98fc187e019cb91d3d Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 11 Nov 2017 15:56:16 +0100 Subject: removed bigrams for src/lib/ndpi_content_match.c.inc --- src/lib/ndpi_content_match.c.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 1ee97381e..cc37d2ce0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8439,8 +8439,8 @@ static const char *ndpi_en_impossible_bigrams[] = { "jl", "jm", "jn", "jp", "jq", "jr", /* "js", */ "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx", "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii", "qg", "qh", "qj", "qk", "ql", "qm", "qn", "qo", "qp", "qr", "qs", "qt", "qv", "qw", "qx", "qy", "uu", - "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vk", "vm", "vn", "vp", "bw", + "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vm", "vn", "vp", "bw", /* "vk", "zr" Removed for kavkazr */ "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", "xb", "xg", "xj", "xk", "xv", "xz", "xw", "yd", /*"yp", Removed for paypal */ - "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zr", "zs", "zx", "wh", "wk", + "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zs", "zx", "wh", "wk", "wb", "zk", "kp", "zk", "xy", NULL }; -- cgit v1.2.3 From a4532a49997ae185de393699e4b61c7d673fb78a Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 11 Nov 2017 16:23:14 +0100 Subject: update Telegram match --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index cc37d2ce0..e15fa88df 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8309,6 +8309,8 @@ ndpi_protocol_match host_match[] = { { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; -- cgit v1.2.3 From 2831d64f6abdf0275e15a8ba785d2289b4092de1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Nov 2017 18:11:37 +0100 Subject: Added YouTube Upload protocol (used the identified unused by NDPI_PROTOCOL_SKYFILE_PREPAID) --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 2 ++ src/lib/ndpi_main.c | 8 +------- tests/pcap/youtubeupload.pcap | Bin 0 -> 131592 bytes 4 files changed, 4 insertions(+), 8 deletions(-) create mode 100644 tests/pcap/youtubeupload.pcap diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index bd0c8e999..42995e5e8 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -172,7 +172,7 @@ #define NDPI_PROTOCOL_NETFLIX 133 #define NDPI_PROTOCOL_LASTFM 134 #define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 /* free for future use */ +#define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ #define NDPI_PROTOCOL_SKYFILE_RUDICS 137 /* free for future use */ #define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ #define NDPI_PROTOCOL_CITRIX_ONLINE 139 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e15fa88df..79ee47a48 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8138,6 +8138,8 @@ ndpi_protocol_match host_match[] = { { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "upload.youtube.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.video.google.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d7583f520..e59dd62c6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1372,11 +1372,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, - no_master, - no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, no_master, no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL, @@ -4524,8 +4519,7 @@ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4708) || (dport == 4708)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_PREPAID; - else if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; + if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; else if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; } diff --git a/tests/pcap/youtubeupload.pcap b/tests/pcap/youtubeupload.pcap new file mode 100644 index 000000000..fa313fe76 Binary files /dev/null and b/tests/pcap/youtubeupload.pcap differ -- cgit v1.2.3 From d6176ff668504365674f8df04a36a2f35df2074b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Nov 2017 18:35:26 +0100 Subject: Improved ndpiReader output Updated tests --- example/ndpiReader.c | 182 ++++++------ tests/result/1kxun.pcap.out | 19 +- tests/result/pps.pcap.out | 23 +- tests/result/skype.pcap.out | 6 +- tests/result/skype_no_unknown.pcap.out | 508 ++++++++++++++++----------------- tests/result/youtubeupload.pcap.out | 5 + 6 files changed, 375 insertions(+), 368 deletions(-) create mode 100644 tests/result/youtubeupload.pcap.out diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 40153e168..0c9218934 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -107,14 +107,14 @@ static struct flow_info *all_flows; struct info_pair { - u_int32_t addr; + u_int32_t addr; u_int8_t version; /* IP version */ char proto[16]; /*app level protocol*/ int count; }; typedef struct node_a{ - u_int32_t addr; + u_int32_t addr; u_int8_t version; /* IP version */ char proto[16]; /*app level protocol*/ int count; @@ -151,18 +151,18 @@ struct single_flow_info { u_int32_t saddr; /* key */ u_int8_t version; /* IP version */ struct port_flow_info *ports; - u_int32_t tot_flows; + u_int32_t tot_flows; UT_hash_handle hh; }; struct single_flow_info *scannerHosts = NULL; -// struct to hold top receiver hosts +// struct to hold top receiver hosts struct receiver { u_int32_t addr; /* key */ u_int8_t version; /* IP version */ u_int32_t num_pkts; - UT_hash_handle hh; + UT_hash_handle hh; }; struct receiver *receivers = NULL, *topReceivers = NULL; @@ -584,7 +584,7 @@ static void parseOptions(int argc, char **argv) { } } - if(!bpf_filter_flag) { + if(!bpf_filter_flag) { if(do_capture) { quiet_mode = 1; extcap_capture(); @@ -883,11 +883,11 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, +void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, u_int8_t version, u_int32_t dport) { struct single_flow_info *f; struct port_flow_info *p; - + HASH_FIND_INT(*scanners, (int *)&saddr, f); if(f == NULL) { @@ -899,11 +899,11 @@ void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, f->ports = NULL; p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); - + if(!p) { free(f); return; - } else + } else p->port = dport, p->num_flows = 1; HASH_ADD_INT(f->ports, port, p); @@ -921,13 +921,13 @@ void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, HASH_ADD_INT(f->ports, port, pp); } else - pp->num_flows++; + pp->num_flows++; } } /* *********************************************** */ -int updateIpTree(u_int32_t key, u_int8_t version, +int updateIpTree(u_int32_t key, u_int8_t version, addr_node **vrootp, const char *proto) { addr_node *q; addr_node **rootp = vrootp; @@ -976,7 +976,7 @@ void freeIpTree(addr_node *root) { /* *********************************************** */ -void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, +void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, int count, struct info_pair top[], int size) { struct info_pair pair; int min = count; @@ -1023,8 +1023,8 @@ void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, /* *********************************************** */ static void updatePortStats(struct port_stats **stats, u_int32_t port, - u_int32_t addr, u_int8_t version, - u_int32_t num_pkts, u_int32_t num_bytes, + u_int32_t addr, u_int8_t version, + u_int32_t num_pkts, u_int32_t num_bytes, const char *proto) { struct port_stats *s = NULL; @@ -1045,7 +1045,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, free(s); return; } - + s->addr_tree->addr = addr; s->addr_tree->version = version; strncpy(s->addr_tree->proto, proto, sizeof(s->addr_tree->proto)); @@ -1071,7 +1071,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ -/* @brief heuristic choice for receiver stats */ +/* @brief heuristic choice for receiver stats */ static int acceptable(u_int32_t num_pkts){ return num_pkts > 5; } @@ -1104,8 +1104,8 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u int count; if(size < max) //return the original table - return *receivers; - + return *receivers; + count = size - max; HASH_ITER(hh, *receivers, r, tmp) { @@ -1168,12 +1168,12 @@ static void deleteReceivers(struct receiver *receivers) { * if(table2.size > max1) * cut table2 back to max1 * } - * } + * } * else * update table1 */ -static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, - u_int8_t version, u_int32_t num_pkts, +static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, + u_int8_t version, u_int32_t num_pkts, struct receiver **topReceivers) { struct receiver *r; u_int32_t size; @@ -1181,7 +1181,7 @@ static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, HASH_FIND_INT(*receivers, (int *)&dst_addr, r); if(r == NULL) { - if(((size = HASH_COUNT(*receivers)) < MAX_TABLE_SIZE_1) + if(((size = HASH_COUNT(*receivers)) < MAX_TABLE_SIZE_1) || ((a = acceptable(num_pkts)) != 0)){ r = (struct receiver *)malloc(sizeof(struct receiver)); if(!r) return; @@ -1191,7 +1191,7 @@ static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, r->num_pkts = num_pkts; HASH_ADD_INT(*receivers, addr, r); - + if((size = HASH_COUNT(*receivers)) > MAX_TABLE_SIZE_2){ HASH_SORT(*receivers, receivers_sort_asc); @@ -1214,8 +1214,8 @@ static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, /* *********************************************** */ #ifdef HAVE_JSON_C -static void saveReceiverStats(json_object **jObj_group, - struct receiver **receivers, +static void saveReceiverStats(json_object **jObj_group, + struct receiver **receivers, u_int64_t total_pkt_count) { json_object *jArray_stats = json_object_new_array(); @@ -1225,12 +1225,12 @@ static void saveReceiverStats(json_object **jObj_group, HASH_ITER(hh, *receivers, r, tmp) { json_object *jObj_stat = json_object_new_object(); char addr_name[48]; - + if(r->version == IPVERSION) inet_ntop(AF_INET, &(r->addr), addr_name, sizeof(addr_name)); else inet_ntop(AF_INET6, &(r->addr), addr_name, sizeof(addr_name)); - + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(addr_name)); json_object_object_add(jObj_stat,"packets.number", json_object_new_int(r->num_pkts)); @@ -1241,7 +1241,7 @@ static void saveReceiverStats(json_object **jObj_group, i++; if(i >= 10) break; } - + json_object_object_add(*jObj_group, "top.receiver.stats", jArray_stats); } #endif @@ -1303,13 +1303,13 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi updateScanners(&scannerHosts, flow->src_ip, flow->ip_version, dport); } - updateReceivers(&receivers, flow->dst_ip, flow->ip_version, + updateReceivers(&receivers, flow->dst_ip, flow->ip_version, flow->src2dst_packets, &topReceivers); - updatePortStats(&srcStats, sport, flow->src_ip, flow->ip_version, + updatePortStats(&srcStats, sport, flow->src_ip, flow->ip_version, flow->src2dst_packets, flow->src2dst_bytes, proto); - updatePortStats(&dstStats, dport, flow->dst_ip, flow->ip_version, + updatePortStats(&dstStats, dport, flow->dst_ip, flow->ip_version, flow->dst2src_packets, flow->dst2src_bytes, proto); } } @@ -1638,7 +1638,7 @@ static int getTopStats(struct port_stats *stats) { strncpy(sp->proto, inf.proto, sizeof(sp->proto)); } else sp->hasTopHost = 0; - + total_ip_addrs += sp->num_addr; } @@ -1652,7 +1652,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * struct port_flow_info *p, *tmp2; char addr_name[48]; int i = 0, j = 0; - + json_object *jArray_stats = json_object_new_array(); HASH_SORT(*scanners, scanners_sort); // FIX @@ -1665,7 +1665,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * inet_ntop(AF_INET, &(s->saddr), addr_name, sizeof(addr_name)); else inet_ntop(AF_INET6, &(s->saddr), addr_name, sizeof(addr_name)); - + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(addr_name)); json_object_object_add(jObj_stat,"total.flows.number",json_object_new_int(s->tot_flows)); @@ -1685,7 +1685,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * json_object_object_add(jObj_stat,"top.dst.ports",jArray_ports); json_object_array_add(jArray_stats, jObj_stat); - + j = 0; i++; if(i >= 10) break; @@ -1705,7 +1705,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * static void saveTopStats(json_object **jObj_group, struct port_stats **stats, u_int8_t direction, - u_int64_t total_flow_count, + u_int64_t total_flow_count, u_int64_t total_ip_addr) { struct port_stats *s, *tmp; char addr_name[48]; @@ -1863,7 +1863,7 @@ static void printResults(u_int64_t tot_usec) { if(cumulative_stats.total_wire_bytes == 0) goto free_stats; - + if(!quiet_mode) { printf("\nnDPI Memory statistics:\n"); printf("\tnDPI Memory (once): %-13s\n", formatBytes(sizeof(struct ndpi_detection_module_struct), buf, sizeof(buf))); @@ -2028,7 +2028,7 @@ static void printResults(u_int64_t tot_usec) { printf("Fatal error: not enough memory\n"); exit(-1); } - + if(!json_flag) fprintf(out, "\n"); num_flows = 0; @@ -2038,10 +2038,10 @@ static void printResults(u_int64_t tot_usec) { } qsort(all_flows, num_flows, sizeof(struct flow_info), cmpFlows); - + for(i=0; istats.protocol_counter[0 /* 0 = Unknown */] > 0) { if(!json_flag) { @@ -2065,10 +2065,10 @@ static void printResults(u_int64_t tot_usec) { } qsort(all_flows, num_flows, sizeof(struct flow_info), cmpFlows); - + for(i=0; i FLOWS_PACKETS_THRESHOLD) - && (flows_percent >= FLOWS_PERCENT_THRESHOLD) + if((flows_packets > FLOWS_PACKETS_THRESHOLD) + && (flows_percent >= FLOWS_PERCENT_THRESHOLD) && packets_number >= threshold) { if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); @@ -2905,8 +2905,8 @@ void getReceiverHosts(struct json_object *jObj_stat, const char *dstHostArray[16 /* *********************************************** */ #ifdef HAVE_JSON_C -void getScannerHosts(struct json_object *jObj_stat, int duration, - const char *srcHostArray[48], int size, +void getScannerHosts(struct json_object *jObj_stat, int duration, + const char *srcHostArray[48], int size, float threshold) { int j; @@ -2941,7 +2941,7 @@ void getScannerHosts(struct json_object *jObj_stat, int duration, /* *********************************************** */ #ifdef HAVE_JSON_C -void getDestinationHosts(struct json_object *jObj_stat, int duration, +void getDestinationHosts(struct json_object *jObj_stat, int duration, const char *dstHostArray[16], int size) { int j; @@ -2981,10 +2981,10 @@ static void produceBpfFilter(char *filePath) { json_object *jObj_duration; json_object *jObj_statistics; /* json array */ json_bool res; - int filterSrcPorts[PORT_ARRAY_SIZE]; - const char *filterSrcHosts[48]; - const char *filterDstHosts[48]; - const char *filterPktDstHosts[48]; + int filterSrcPorts[PORT_ARRAY_SIZE]; + const char *filterSrcHosts[48]; + const char *filterDstHosts[48]; + const char *filterPktDstHosts[48]; struct stat statbuf; FILE *fp = NULL; char *fileName; @@ -2998,7 +2998,7 @@ static void produceBpfFilter(char *filePath) { int typeCheck; int array_len; int i; - + if((fsock = open(filePath, O_RDONLY)) == -1) { fprintf(stderr,"error opening file %s\n", filePath); exit(-1); @@ -3031,7 +3031,7 @@ static void produceBpfFilter(char *filePath) { fprintf(stderr,"ERROR: can't get \"statistics\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - + if((typeCheck = json_object_is_type(jObj_statistics, json_type_array)) == 0) { fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); @@ -3055,7 +3055,7 @@ static void produceBpfFilter(char *filePath) { if((average = getAverage(val, "top.scanner.stats")) != 0){ deviation = getStdDeviation(val, average, "top.scanner.stats"); - getScannerHosts(val, duration, filterSrcHosts, HOST_ARRAY_SIZE, average+deviation); + getScannerHosts(val, duration, filterSrcHosts, HOST_ARRAY_SIZE, average+deviation); } @@ -3072,7 +3072,7 @@ static void produceBpfFilter(char *filePath) { } if((average = getAverage(val, "top.src.pkts.stats")) != 0) - getSourcePorts(val, filterSrcPorts, PORT_ARRAY_SIZE, average); + getSourcePorts(val, filterSrcPorts, PORT_ARRAY_SIZE, average); if((res = json_object_object_get_ex(stats, "top.dst.pkts.stats", &val)) == 0) { @@ -3081,7 +3081,7 @@ static void produceBpfFilter(char *filePath) { } getDestinationHosts(val, duration, filterDstHosts, HOST_ARRAY_SIZE); } - + fileName = basename(filePath); snprintf(_filterFilePath, sizeof(_filterFilePath), "%s.bpf", filePath); @@ -3089,20 +3089,20 @@ static void produceBpfFilter(char *filePath) { if((fp = fopen(_filterFilePath,"w")) == NULL) { printf("Error creating .json file %s\n", _filterFilePath); exit(-1); - } + } jObj_bpfFilter = json_object_new_object(); - bpf_filter_pkt_peak_filter(&jObj_bpfFilter, filterSrcPorts, PORT_ARRAY_SIZE, + bpf_filter_pkt_peak_filter(&jObj_bpfFilter, filterSrcPorts, PORT_ARRAY_SIZE, filterSrcHosts, HOST_ARRAY_SIZE, filterPktDstHosts, HOST_ARRAY_SIZE/2); bpf_filter_host_peak_filter(&jObj_bpfFilter, filterDstHosts, HOST_ARRAY_SIZE); fprintf(fp,"%s\n",json_object_to_json_string(jObj_bpfFilter)); fclose(fp); - + printf("created: %s\n", _filterFilePath); - + json_object_put(jObj); /* free memory */ } #endif diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index df0794e1e..6eee247e3 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,11 +1,12 @@ Unknown 24 6428 14 DNS 2 378 1 -HTTP 5 324 2 +HTTP 91 34135 7 MDNS 1 82 1 NTP 1 90 1 NetBIOS 31 3589 8 SSDP 143 36951 13 DHCP 24 8208 5 +MPEG 433 185988 2 QQ 28 5216 2 SSL 105 21914 7 DHCPV6 10 980 3 @@ -13,9 +14,9 @@ Facebook 19 6840 2 Skype 2 132 1 Google 3 176 1 LLMNR 89 6799 47 -1kxun 952 531718 21 +1kxun 433 311919 14 - 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] + 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.42/HTTP.MPEG][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] 3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] 4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] @@ -23,9 +24,9 @@ LLMNR 89 6799 47 6 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] 7 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] 8 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] - 9 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] - 10 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] - 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] + 9 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152] + 10 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] + 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] @@ -41,16 +42,16 @@ LLMNR 89 6799 47 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] - 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] + 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.42/HTTP.MPEG][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] 29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] 30 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 31 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] + 31 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] 32 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] 33 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] 34 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] 35 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 36 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] + 36 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170] 37 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] 38 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] 39 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 8c9ebdb00..f9f0212ea 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,19 +1,20 @@ Unknown 990 378832 34 -HTTP 3 174 2 +HTTP 20 7716 10 SSDP 62 17013 9 +HTTP_Download 23 25892 1 Google 2 1093 1 UPnP 1 130 1 -iQIYI 1499 1849369 60 +iQIYI 1459 1815935 51 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com] 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66] - 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] + 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][18 pkts/9327 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] - 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.206/HTTP.iQIYI][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][4 pkts/2953 bytes <-> 1 pkts/356 bytes] 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] @@ -37,7 +38,7 @@ iQIYI 1499 1849369 60 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7.206/HTTP.iQIYI][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1074 bytes -> 0 pkts/0 bytes] @@ -54,11 +55,11 @@ iQIYI 1499 1849369 60 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] - 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] - 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] @@ -69,11 +70,11 @@ iQIYI 1499 1849369 60 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7.206/HTTP.iQIYI][2 pkts/398 bytes -> 0 pkts/0 bytes] + 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes -> 0 pkts/0 bytes] 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes -> 0 pkts/0 bytes] - 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7.206/HTTP.iQIYI][1 pkts/347 bytes -> 0 pkts/0 bytes] + 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes -> 0 pkts/0 bytes] 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] - 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7.206/HTTP.iQIYI][1 pkts/199 bytes -> 0 pkts/0 bytes] + 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes -> 0 pkts/0 bytes] 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes -> 0 pkts/0 bytes] 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes -> 0 pkts/0 bytes] 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 34b1c5a3e..80e251ce7 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -5,9 +5,9 @@ NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 +SSL 96 8876 7 Dropbox 38 17948 5 -Skype 2147 325017 250 +Skype 2139 324409 249 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -122,7 +122,7 @@ MS_OneDrive 387 198090 1 107 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 108 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 109 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] + 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] 112 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] 113 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 96455dfc2..bb57b636d 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 163 59526 10 +Unknown 186 61791 12 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1314 192401 225 +Skype 1291 190136 223 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -21,253 +21,251 @@ MS_OneDrive 348 181687 1 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes] 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 11 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/1407 bytes <-> 9 pkts/652 bytes] - 12 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] - 13 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] - 14 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] - 15 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] - 16 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] - 17 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] - 18 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] - 19 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 20 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] - 21 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] - 22 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] - 23 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] - 24 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] - 25 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] - 26 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] - 27 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] - 28 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 29 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 30 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] - 31 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 32 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] - 33 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] - 34 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 35 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 36 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] - 37 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] - 38 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 39 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] - 40 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] - 41 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 42 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] - 43 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 44 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 45 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] - 46 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] - 47 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] - 48 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 49 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] - 50 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 51 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] - 52 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 53 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] - 54 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 55 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 56 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] - 57 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 58 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 59 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] - 60 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 61 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 63 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 64 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] - 65 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] - 66 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] - 67 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 68 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 69 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 70 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 71 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 72 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 73 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 74 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 75 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 76 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 77 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 78 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 79 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 80 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 81 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 82 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 83 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] - 84 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] - 85 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 86 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 87 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] - 88 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] - 89 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] - 90 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] - 91 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] - 92 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 93 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 94 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 95 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 96 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] - 97 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 99 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 100 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 101 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] - 102 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 103 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 125/Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 104 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 105 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 106 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 107 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 108 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 110 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 249 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 257 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes] + 12 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes] + 13 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 14 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 15 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes] + 16 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes] + 17 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes] + 18 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] + 19 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 20 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1070 bytes <-> 4 pkts/420 bytes] + 21 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][14 pkts/1117 bytes <-> 4 pkts/337 bytes] + 22 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 23 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes] + 24 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][14 pkts/1059 bytes <-> 4 pkts/367 bytes] + 25 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][13 pkts/1011 bytes <-> 4 pkts/415 bytes] + 26 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1093 bytes <-> 4 pkts/333 bytes] + 27 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 28 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 29 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 30 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 31 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][13 pkts/991 bytes <-> 4 pkts/378 bytes] + 32 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][13 pkts/1006 bytes <-> 4 pkts/361 bytes] + 33 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 34 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 35 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/986 bytes <-> 4 pkts/344 bytes] + 36 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][13 pkts/981 bytes <-> 4 pkts/348 bytes] + 37 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 38 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/349 bytes] + 39 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][12 pkts/951 bytes <-> 4 pkts/341 bytes] + 40 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 41 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][11 pkts/856 bytes <-> 5 pkts/409 bytes] + 42 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 43 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 44 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes] + 45 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] + 46 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][11 pkts/815 bytes <-> 5 pkts/423 bytes] + 47 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 48 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 49 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 50 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][12 pkts/916 bytes <-> 3 pkts/281 bytes] + 51 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 52 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 53 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 54 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] + 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] + 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] + 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 60 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] + 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 67 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 68 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 69 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 70 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 71 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 72 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 74 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 75 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 78 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 79 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 80 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 81 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 82 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net] + 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 85 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 86 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes] + 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] + 88 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 89 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] + 90 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes] + 91 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 92 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 93 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 94 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 95 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] + 96 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 97 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] + 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 105 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 106 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 108 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 247 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 249 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -276,8 +274,10 @@ Undetected flows: 3 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] 4 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][12 pkts/5655 bytes <-> 8 pkts/553 bytes] 5 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][19 pkts/2794 bytes <-> 14 pkts/2303 bytes] - 6 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] - 7 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 10 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] + 6 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] + 7 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes] + 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] + 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/youtubeupload.pcap.out b/tests/result/youtubeupload.pcap.out new file mode 100644 index 000000000..e3c4e76e5 --- /dev/null +++ b/tests/result/youtubeupload.pcap.out @@ -0,0 +1,5 @@ +YouTubeUpload 137 127038 3 + + 1 UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Host: upload.youtube.com] + 2 UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Host: upload.youtube.com] + 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/SSL.YouTubeUpload][6 pkts/649 bytes <-> 7 pkts/4799 bytes][client: upload.youtube.com][server: upload.video.google.com] -- cgit v1.2.3 From 6e62367b56d7b79f840b02604c9d5e8f6340a0c5 Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 20 Nov 2017 17:05:15 +0100 Subject: add ICQ (instant messaging client) detection - deleted unused skyfile protocol --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 9 ++++++--- src/lib/ndpi_main.c | 8 +------- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 42995e5e8..29a5299fa 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -173,7 +173,7 @@ #define NDPI_PROTOCOL_LASTFM 134 #define NDPI_PROTOCOL_WAZE 135 #define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 /* free for future use */ +#define NDPI_PROTOCOL_ICQ 137 #define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ #define NDPI_PROTOCOL_CITRIX_ONLINE 139 #define NDPI_PROTOCOL_APPLE 140 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 79ee47a48..ceb713002 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8310,9 +8310,12 @@ ndpi_protocol_match host_match[] = { { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e59dd62c6..3f91e7a6d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1372,11 +1372,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, - no_master, - no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, no_master, no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL, @@ -4519,8 +4514,7 @@ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; - else if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; + if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; } return(proto); -- cgit v1.2.3 From 33e0be73f7d7b398b246933f67c643a467b7f8f2 Mon Sep 17 00:00:00 2001 From: Jacob Masen-Smith Date: Wed, 22 Nov 2017 01:11:31 -0800 Subject: Fixed ndpi_win32.h so that it compiles on MinGW+GCC --- src/include/ndpi_win32.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index 8a952b293..d4109dcb2 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -24,7 +24,18 @@ #ifndef __NDPI_WIN32_H__ #define __NDPI_WIN32_H__ +// fix a MinGW build issue "error: multiple storage classes in declaration specifiers" due to MinGW +// defining extern for __forceinline types +#if (defined(__MINGW32__) || defined(__MINGW64__)) && defined(__GNUC__) +// MinGW winnt.h uses FORCEINLINE which is originally defined as __forceinline, but requires extern +#undef FORCEINLINE +#define FORCEINLINE extern __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#undef __forceinline +#define __forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#endif + #include +#include #include #include #include @@ -40,7 +51,7 @@ #define IPVERSION 4 /* on *nix it is defined in netinet/ip.h */ -extern char* strsep(char **sp, const char *sep); +extern char* strsep(char **sp, char *sep); typedef unsigned char u_char; typedef unsigned short u_short; -- cgit v1.2.3 From 1b5c90cfbee33f3b64ebd45e464a9ca314e0bd99 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Nov 2017 14:16:27 +0100 Subject: STUN improvements --- src/lib/ndpi_main.c | 2 +- src/lib/protocols/stun.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3f91e7a6d..ad8eeeb48 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1140,7 +1140,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STUN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, no_master, custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d44d9c26e..b527678b7 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -243,10 +243,18 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return NDPI_IS_NOT_STUN; udp_stun_found: - if(can_this_be_whatsapp_voice) + if(can_this_be_whatsapp_voice) { flow->num_stun_udp_pkts++; - return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); + return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); + } else { + /* + We cannot immediately say that this is STUN as there are other protocols + like GoogleHangout that might be candidates, thus we set the + guessed protocol to STUN + */ + flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; + } } void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 8b1f8636d17973a2af57391990ff8d7563d74862 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Nov 2017 15:25:02 +0100 Subject: Further check if a STUN flow will eventually become RTP --- src/lib/protocols/stun.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index b527678b7..15834df0b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -297,6 +297,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } + return; } @@ -304,6 +305,11 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude stun.\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STUN); } + + if(flow->packet_counter > 0) { + /* This might be a RTP stream: let's make sure we check it */ + NDPI_CLR(&flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + } } -- cgit v1.2.3 From 8eaf0cefa1330c9b01b21b7f63f41f9ba1980eeb Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 23 Nov 2017 15:39:20 +0100 Subject: Warning fix --- src/lib/protocols/rtp.c | 2 ++ src/lib/protocols/stun.c | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..1271510ff 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -113,6 +113,8 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; + /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */ + if((packet->udp != NULL) && (ntohs(packet->udp->source) > 1023) && (ntohs(packet->udp->dest) > 1023)) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 15834df0b..6a1d903ee 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -254,7 +254,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * guessed protocol to STUN */ flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - } + return(NDPI_IS_NOT_STUN); + } } void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -313,8 +314,8 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } -void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ +void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, -- cgit v1.2.3 From 950f5db3dd2fda8159f2ba280d66d44103810aef Mon Sep 17 00:00:00 2001 From: Jacob Masen-Smith Date: Thu, 23 Nov 2017 20:40:43 -0800 Subject: Changed MinGW __forceinline strategy to something with less side effects --- src/include/ndpi_win32.h | 7 ++----- src/lib/protocols/attic/ftp.c | 7 +++++++ src/lib/protocols/irc.c | 3 +++ src/lib/protocols/qq.c | 6 ++++++ src/lib/protocols/rtp.c | 4 ++++ src/lib/protocols/sip.c | 2 ++ src/lib/protocols/sopcast.c | 2 ++ src/lib/protocols/telnet.c | 2 ++ src/lib/protocols/thunder.c | 6 ++++++ src/lib/protocols/world_of_warcraft.c | 2 ++ src/lib/protocols/yahoo.c | 4 +++- src/lib/protocols/zattoo.c | 4 +++- 12 files changed, 42 insertions(+), 7 deletions(-) diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index d4109dcb2..db309faff 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -27,11 +27,8 @@ // fix a MinGW build issue "error: multiple storage classes in declaration specifiers" due to MinGW // defining extern for __forceinline types #if (defined(__MINGW32__) || defined(__MINGW64__)) && defined(__GNUC__) -// MinGW winnt.h uses FORCEINLINE which is originally defined as __forceinline, but requires extern -#undef FORCEINLINE -#define FORCEINLINE extern __inline__ __attribute__((__always_inline__,__gnu_inline__)) -#undef __forceinline -#define __forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#define MINGW_GCC +#define __mingw_forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) #endif #include diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c index 29cf55d15..2e06aec9a 100644 --- a/src/lib/protocols/attic/ftp.c +++ b/src/lib/protocols/attic/ftp.c @@ -43,6 +43,8 @@ static void ndpi_int_ftp_add_connection(struct ndpi_detection_module_struct *ndp */ #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -78,8 +80,11 @@ u_int8_t ndpi_int_check_possible_ftp_command(const struct ndpi_packet_struct *pa /** * ftp replies are are 3-digit number followed by space or hyphen */ + #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -108,6 +113,8 @@ u_int8_t ndpi_int_check_possible_ftp_reply(const struct ndpi_packet_struct *pack */ #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index b2b73ac5f..a609062b3 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -39,8 +39,11 @@ static void ndpi_int_irc_add_connection(struct ndpi_detection_module_struct *ndp } + #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 0507efa36..5df6503e0 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -81,6 +81,8 @@ static const u_int16_t ndpi_valid_qq_versions[] = { #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -172,6 +174,8 @@ u_int8_t ndpi_is_valid_qq_packet(const struct ndpi_packet_struct *packet) #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -428,6 +432,8 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..b9035e44a 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -148,6 +148,8 @@ static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -162,6 +164,8 @@ void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 67459f562..45c39c64e 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -34,6 +34,8 @@ static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndp #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 63590fec7..037e4df2c 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -43,6 +43,8 @@ static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 0be921d44..162fee30d 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -37,6 +37,8 @@ static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index f0198cdda..0a99282fc 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -47,6 +47,8 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -81,6 +83,8 @@ void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -139,6 +143,8 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index de3f720ba..9c1e41cc1 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -38,6 +38,8 @@ static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 569fca940..a87195431 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -52,8 +52,10 @@ static u_int8_t ndpi_check_for_YmsgCommand(u_int16_t len, const u_int8_t * ptr) } -#ifndef WIN32 +#if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 3b6adcec8..dc58f1b00 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -24,8 +24,10 @@ #ifdef NDPI_PROTOCOL_ZATTOO -#ifndef WIN32 +#if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif -- cgit v1.2.3 From 7090ef838ced77d05a1071fb93e3bc0d0fd9aa95 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 28 Nov 2017 00:44:08 +0100 Subject: Minor optimizations --- src/lib/ndpi_main.c | 135 +++++++++++++++++++++------------------------------- 1 file changed, 53 insertions(+), 82 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ad8eeeb48..f8956cb25 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4655,92 +4655,63 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ +static const char* categories[] = { + "Unspecified", + "Media", + "VPN", + "DataTransfer", + "Email", + "Download-FileTransfer-FileSharing", + "Web", + "SocialNetwork", + "Game", + "Chat", + "VoIP", + "Database", + "RemoteAccess", + "Cloud", + "Network", + "Collaborative", + "RPC", + "NetworkTool", + "System", + "SoftwareUpdate", + "", + "", + "", + "", + "" +}; + const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_category_t category) { - if(!ndpi_mod) return(NULL); - - switch(category) { - case NDPI_PROTOCOL_CATEGORY_MEDIA: - return("Media"); - break; - case NDPI_PROTOCOL_CATEGORY_VPN: - return("VPN"); - break; - case NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER: - return("DataTransfer"); - break; - case NDPI_PROTOCOL_CATEGORY_MAIL: - return("Email"); - break; - case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT: - return("Download-FileTransfer-FileSharing"); - break; - case NDPI_PROTOCOL_CATEGORY_WEB: - return("Web"); - break; - case NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK: - return("SocialNetwork"); - break; - case NDPI_PROTOCOL_CATEGORY_GAME: - return("Game"); - break; - case NDPI_PROTOCOL_CATEGORY_CHAT: - return("Chat"); - break; - case NDPI_PROTOCOL_CATEGORY_VOIP: - return("VoIP"); - break; - case NDPI_PROTOCOL_CATEGORY_DATABASE: - return("Database"); - break; - case NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS: - return("RemoteAccess"); - break; - case NDPI_PROTOCOL_CATEGORY_CLOUD: - return("Cloud"); - break; - case NDPI_PROTOCOL_CATEGORY_NETWORK: - return("Network"); - break; - case NDPI_PROTOCOL_CATEGORY_COLLABORATIVE: - return("Collaborative"); - break; - case NDPI_PROTOCOL_CATEGORY_RPC: - return("RPC"); - break; - case NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL: - return("NetworkTool"); - break; - case NDPI_PROTOCOL_CATEGORY_SYSTEM_OS: - return("System"); - break; - case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED: - return("Unspecified"); - break; - case NDPI_PROTOCOL_CATEGORY_SW_UPDATE: - return("SoftwareUpdate"); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: - return(ndpi_mod->custom_category_labels[0]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: - return(ndpi_mod->custom_category_labels[1]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: - return(ndpi_mod->custom_category_labels[2]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: - return(ndpi_mod->custom_category_labels[3]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: - return(ndpi_mod->custom_category_labels[4]); - break; - case NDPI_PROTOCOL_NUM_CATEGORIES: - return("Code should not use this internal constant"); - break; - } + if(category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1) + return(categories[category]); + else { + switch(category) { + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + return(ndpi_mod->custom_category_labels[0]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + return(ndpi_mod->custom_category_labels[1]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + return(ndpi_mod->custom_category_labels[2]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + return(ndpi_mod->custom_category_labels[3]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + return(ndpi_mod->custom_category_labels[4]); + break; + case NDPI_PROTOCOL_NUM_CATEGORIES: + return("Code should not use this internal constant"); + break; + } + } + return("Unspecified"); } -- cgit v1.2.3 From df7015f3a5290b16420e37b7f7f602bd11b602c9 Mon Sep 17 00:00:00 2001 From: cymaniac Date: Tue, 28 Nov 2017 21:29:38 +0100 Subject: Added dissector for protocol check_mk --- src/include/ndpi_protocol_ids.h | 4 ++ src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 8 ++++ src/lib/protocols/checkmk.c | 85 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100755 src/lib/protocols/checkmk.c diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 29a5299fa..9538aa86e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -275,6 +275,10 @@ #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 +/* check_mk */ +#define NDPI_PROTOCOL_CHECKMK 237 + + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index ef248027a..dec3a9eeb 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -140,6 +140,7 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_stealthnet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f8956cb25..500ef892b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1242,6 +1242,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, + no_master, + no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, no_master, no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, @@ -2608,6 +2613,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AFP */ init_afp_dissector(ndpi_struct, &a, detection_bitmask); + /* check_mk */ + init_checkmk_dissector(ndpi_struct, &a, detection_bitmask); + /* AIMINI */ init_aimini_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c new file mode 100755 index 000000000..d407efea5 --- /dev/null +++ b/src/lib/protocols/checkmk.c @@ -0,0 +1,85 @@ +/* + * checkmk.c + * + * Copyright (C) 2009-2011 by ipoque GmbH + * Copyright (C) 2011-16 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + * + */ + +#include "ndpi_protocols.h" + +#ifdef NDPI_PROTOCOL_CHECKMK + +static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN); +} + + +void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + if (packet->payload_packet_len >= 15) { + + if(packet->payload_packet_len > 128) { + /* + When we transfer a large data chunk, unless we have observed + the initial connection, we need to discard these packets + as they are not an indication that this flow is not AFP + */ + return; + } + + /* + * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol + * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks + */ + + + + if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 + && memcmp(packet->payload, "<<>>", 14) == 0) { + + NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK: Flow detected.\n"); + ndpi_int_checkmk_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK excluded.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CHECKMK); +} + + +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("CHECKMK", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_CHECKMK, + ndpi_search_checkmk, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + + +#endif + -- cgit v1.2.3 From 8af18763cc1ca09d39a57f80760d3d02a8114278 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 28 Nov 2017 22:05:34 +0100 Subject: Compilation fixes --- example/ndpiReader.c | 17 +++++++++++------ src/include/ndpi_protocol_ids.h | 7 ++----- src/include/ndpi_protocols.h | 1 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 41 +++++------------------------------------ src/lib/protocols/checkmk.c | 22 ++++++++++------------ 6 files changed, 30 insertions(+), 59 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0c9218934..68a3bac3c 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2238,7 +2238,8 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi pcap_t * pcap_handle = NULL; /* trying to open a live interface */ - if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, 500, pcap_error_buffer)) == NULL) { + if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, + 500, pcap_error_buffer)) == NULL) { capture_for = capture_until = 0; live_capture = 0; @@ -2248,28 +2249,32 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi if((pcap_handle = pcap_open_offline((char*)pcap_file, pcap_error_buffer)) == NULL) { char filename[256] = { 0 }; - if(strstr(pcap_file, ".pcap")) + if(strstr((char*)pcap_file, (char*)".pcap")) printf("ERROR: could not open pcap file %s: %s\n", pcap_file, pcap_error_buffer); else if((getNextPcapFileFromPlaylist(thread_id, filename, sizeof(filename)) != 0) || ((pcap_handle = pcap_open_offline(filename, pcap_error_buffer)) == NULL)) { printf("ERROR: could not open playlist %s: %s\n", filename, pcap_error_buffer); exit(-1); } else { - if((!json_flag) && (!quiet_mode)) printf("Reading packets from playlist %s...\n", pcap_file); + if((!json_flag) && (!quiet_mode)) + printf("Reading packets from playlist %s...\n", pcap_file); } } else { - if((!json_flag) && (!quiet_mode)) printf("Reading packets from pcap file %s...\n", pcap_file); + if((!json_flag) && (!quiet_mode)) + printf("Reading packets from pcap file %s...\n", pcap_file); } } else { live_capture = 1; - if((!json_flag) && (!quiet_mode)) printf("Capturing live traffic from device %s...\n", pcap_file); + if((!json_flag) && (!quiet_mode)) + printf("Capturing live traffic from device %s...\n", pcap_file); } configurePcapHandle(pcap_handle); if(capture_for > 0) { - if((!json_flag) && (!quiet_mode)) printf("Capturing traffic up to %u seconds\n", (unsigned int)capture_for); + if((!json_flag) && (!quiet_mode)) + printf("Capturing traffic up to %u seconds\n", (unsigned int)capture_for); #ifndef WIN32 alarm(capture_for); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 9538aa86e..c9496797c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,3 +1,4 @@ + /* * ndpi_protocol_ids.h * @@ -174,7 +175,7 @@ #define NDPI_PROTOCOL_WAZE 135 #define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ #define NDPI_PROTOCOL_ICQ 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ +#define NDPI_PROTOCOL_CHECKMK 138 #define NDPI_PROTOCOL_CITRIX_ONLINE 139 #define NDPI_PROTOCOL_APPLE 140 #define NDPI_PROTOCOL_WEBEX 141 @@ -275,10 +276,6 @@ #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 -/* check_mk */ -#define NDPI_PROTOCOL_CHECKMK 237 - - /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index dec3a9eeb..da7acaef7 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -349,5 +349,6 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index c2b4e4b13..7db19f818 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -26,6 +26,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/bgp.c \ protocols/bittorrent.c \ protocols/bjnp.c \ + protocols/checkmk.c \ protocols/ciscovpn.c \ protocols/citrix.c \ protocols/coap.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 500ef892b..c12b4bea2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1244,7 +1244,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, no_master, - no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, @@ -1377,11 +1377,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, - no_master, - no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, no_master, no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, @@ -3170,7 +3165,8 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, packet->packet_direction = 1; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0) + if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, + &iphv6->ip6_dst) != 0) packet->packet_direction = 1; #endif } @@ -4513,23 +4509,6 @@ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_ch /* ****************************************************** */ -ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct /* NOTUSED */, - /* u_int8_t proto, */ - u_int32_t shost, u_int16_t sport, - u_int32_t dhost, u_int16_t dport) { - ndpi_protocol proto = NDPI_PROTOCOL_NULL; - - /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ - if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) - || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; - } - - return(proto); -} - -/* ****************************************************** */ - u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p) { return(((proto.app_protocol == p) || (proto.master_protocol == p)) ? 1 : 0); } @@ -4575,10 +4554,6 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct return(ret); } - ret = ndpi_find_port_based_protocol(ndpi_struct/* , proto */, shost, sport, dhost, dport); - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) - return(ret); - check_guessed_skype: addr.s_addr = htonl(shost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) { @@ -4701,26 +4676,20 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod switch(category) { case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: return(ndpi_mod->custom_category_labels[0]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: return(ndpi_mod->custom_category_labels[1]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: return(ndpi_mod->custom_category_labels[2]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: return(ndpi_mod->custom_category_labels[3]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: return(ndpi_mod->custom_category_labels[4]); - break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); - break; + default: + return("Unspecified"); } } - - return("Unspecified"); } /* ****************************************************** */ diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index d407efea5..50a92c8d5 100755 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -1,8 +1,7 @@ /* * checkmk.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -20,20 +19,22 @@ * You should have received a copy of the GNU Lesser General Public License * along with nDPI. If not, see . * - * + * */ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_CHECKMK -static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN); } -void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -43,7 +44,7 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc /* When we transfer a large data chunk, unless we have observed the initial connection, we need to discard these packets - as they are not an indication that this flow is not AFP + as they are not an indication that this flow is not AFP */ return; } @@ -52,10 +53,7 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks */ - - - - if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 + if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 && memcmp(packet->payload, "<<>>", 14) == 0) { NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK: Flow detected.\n"); @@ -69,7 +67,8 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc } -void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("CHECKMK", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CHECKMK, @@ -82,4 +81,3 @@ void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ #endif - -- cgit v1.2.3 From 5b03443693e71f339e4aae8b175309f8625b751d Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Nov 2017 10:15:19 +0100 Subject: Added test pcap for check_mk protocol --- tests/pcap/check_mk_new.pcap | Bin 0 -> 21834 bytes tests/result/check_mk_new.pcap.out | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 tests/pcap/check_mk_new.pcap create mode 100644 tests/result/check_mk_new.pcap.out diff --git a/tests/pcap/check_mk_new.pcap b/tests/pcap/check_mk_new.pcap new file mode 100644 index 000000000..827d6057d Binary files /dev/null and b/tests/pcap/check_mk_new.pcap differ diff --git a/tests/result/check_mk_new.pcap.out b/tests/result/check_mk_new.pcap.out new file mode 100644 index 000000000..274d89728 --- /dev/null +++ b/tests/result/check_mk_new.pcap.out @@ -0,0 +1,3 @@ +CHECKMK 98 20242 1 + + 1 TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][49 pkts/3242 bytes <-> 49 pkts/17000 bytes] -- cgit v1.2.3 From 3577072b12438bf2706789fbaf1bd1868d60fe94 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Thu, 30 Nov 2017 14:54:23 -0500 Subject: Return before calling ndpi_match_host_subprotocol when dns_dissect_response enabled. Otherwise responses will never be seen if a host sub-protocol matched. --- src/lib/protocols/dns.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 5358cc8b7..2d11554f1 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -197,6 +197,9 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd off++; } + if(is_query && ndpi_struct->dns_dissect_response) + return; /* The response will set the verdict */ + flow->host_server_name[j] = '\0'; flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, @@ -217,9 +220,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd #endif if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - if(is_query && ndpi_struct->dns_dissect_response) - return; /* The response will set the verdict */ - /** Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol -- cgit v1.2.3 From a6c56b56824247a77bd73de17b1fd8adb6ac671e Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Sun, 3 Dec 2017 16:23:35 +0100 Subject: 2.2 changelog --- CHANGELOG.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9bc18769a..932f5c49a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,35 @@ # CHANGELOG + +#### nDPI 2.2 (December 2017) + +## Main New Features + +* Custom protocol categories to allow personalization of protocols-categories mappings +* DHCP fingerprinting +* HTTP User Agent discovery + + +## New Supported Protocols and Services + +* ICQ (instant messaging client) +* YouTube Upload +* LISP +* SoundCloud +* Sony PlayStation +* Nintendo (switch) gaming protocol + + +## Improvements + +* Windows 10 detection from UA and indentation +* Determine STUN flows that turn into RTP +* Fixes for iQIYI and 1kxun +* Android fingerprint +* Added DHCP class identifier support + +------------------------------------------------------------------------ + #### nDPI 2.0 (May 2017) ## Main New Features -- cgit v1.2.3 From b5a8c6bae88e57d68e5baaf4e5ef2e4c905c1cf4 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Sun, 3 Dec 2017 19:09:11 +0100 Subject: Bump to version 2.3 --- autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh index 0f366966a..18fcf4731 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,7 +1,7 @@ #!/bin/sh NDPI_MAJOR="2" -NDPI_MINOR="1" +NDPI_MINOR="3" NDPI_PATCH="0" NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" -- cgit v1.2.3 From 7fd840691683d882da80265d5dc324cc7b2666c4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 5 Dec 2017 11:30:29 +0100 Subject: Fixed invalid symbolic categories --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c12b4bea2..464cee224 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4642,11 +4642,11 @@ static const char* categories[] = { "Unspecified", "Media", "VPN", - "DataTransfer", "Email", - "Download-FileTransfer-FileSharing", + "DataTransfer", "Web", "SocialNetwork", + "Download-FileTransfer-FileSharing", "Game", "Chat", "VoIP", -- cgit v1.2.3 From f1f8afdddf638fb567291b19ac889e23d02a8294 Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Tue, 5 Dec 2017 23:10:32 +0100 Subject: Add ndpi_set_proto_category, which is actually uses by ntopng. --- libndpi.sym | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libndpi.sym b/libndpi.sym index c821189e8..e7df6673b 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -58,4 +58,5 @@ ndpi_netbios_name_interpret ndpi_category_set_name ndpi_category_get_name ndpi_is_custom_category -ndpi_is_subprotocol_informative \ No newline at end of file +ndpi_is_subprotocol_informative +ndpi_set_proto_category -- cgit v1.2.3 From 90ec8040e6e189b57cbf4e53a9de1651f1bf316f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 6 Dec 2017 21:39:56 +0100 Subject: Improved Apple update pattern --- src/lib/ndpi_content_match.c.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ceb713002..2682b2e71 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8044,6 +8044,7 @@ ndpi_protocol_match host_match[] = { { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, -- cgit v1.2.3 From d88a73397d07e7ee1c9f14287019bc2d82ff8b18 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 7 Dec 2017 18:29:46 +0100 Subject: Fix for #491 (SpeedTest/Ookla) --- src/lib/protocols/http.c | 56 ++++++++++++++++++++++++++++++--------------- tests/result/ookla.pcap.out | 2 +- 2 files changed, 39 insertions(+), 19 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index c57c73aac..4b4a26ef3 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -543,15 +543,15 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) /*************************************************************************************************/ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { - + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/ packet->packet_lines_parsed_complete = 0; /* Check if we so far detected the protocol in the request or not. */ - if(flow->l4.tcp.http_stage == 0) { /* Expected a request */ + if(flow->l4.tcp.http_stage == 0) { + /* Expected a request */ flow->http_detected = 0; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", @@ -572,11 +572,29 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { - /* This looks like Ookla: we don't give up with HTTP yet */ - flow->l4.tcp.http_stage = 1; - return; + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; } - + + if((packet->payload_packet_len == 40) && (flow->l4.tcp.http_stage == 0)) { + /* + -> QR O06L0072-6L91-4O43-857J-K8OO172L6L51 + <- QNUUX 2.5 2017-08-15.1314.4jn12m5 + -> MXFWUXJM 31625365 + */ + + if((packet->payload[2] == ' ') + && (packet->payload[11] == '-') + && (packet->payload[16] == '-') + && (packet->payload[21] == '-') + && (packet->payload[26] == '-') + && (packet->payload[39] == 0x0A) + ) + flow->l4.tcp.http_stage = 1; + return; + } + if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { /* @@ -746,20 +764,23 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct http_bitmask_exclude(flow); } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); - - if(flow->l4.tcp.http_stage == 1) { - if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { - /* This looks like Ookla */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; - } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + if((packet->payload_packet_len == 34) && (flow->l4.tcp.http_stage == 1)) { + if((packet->payload[5] == ' ') && (packet->payload[9] == ' ')) { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA); + return; + } } - + + if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } else + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + /** At first check, if this is for sure a response packet (in another direction. If not, if HTTP is detected do nothing now and return, otherwise check the second packet for the HTTP request @@ -843,7 +864,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct flow->l4.tcp.http_stage = 0; return; } - } void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 4a3dd3c5a..da52b60e8 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -1,4 +1,4 @@ Ookla 5086 4689745 2 - 1 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] + 1 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 7.191/HTTP.Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] 2 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][12 pkts/2238 bytes <-> 8 pkts/2082 bytes] -- cgit v1.2.3 From 61bc528159ea332c0463ae2b3a056b2effce0b88 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 8 Dec 2017 18:13:31 +0100 Subject: Simplified IPv6 datatypes --- example/ndpi_util.c | 6 +++--- src/include/ndpi_typedefs.h | 31 ++++++++++++------------------- src/lib/ndpi_content_match.c.inc | 1 + src/lib/ndpi_main.c | 8 ++++---- src/lib/protocols/tcp_udp.c | 2 +- 5 files changed, 21 insertions(+), 27 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 11f66049c..b3b9f26a1 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -459,7 +459,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo iph.version = IPVERSION; iph.saddr = iph6->ip6_src.u6_addr.u6_addr32[2] + iph6->ip6_src.u6_addr.u6_addr32[3]; iph.daddr = iph6->ip6_dst.u6_addr.u6_addr32[2] + iph6->ip6_dst.u6_addr.u6_addr32[3]; - iph.protocol = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + iph.protocol = iph6->ip6_hdr.ip6_un1_nxt; if(iph.protocol == IPPROTO_DSTOPTS /* IPv6 destination option */) { u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); @@ -469,7 +469,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo return(get_ndpi_flow_info(workflow, 6, vlan_id, &iph, iph6, ip_offset, sizeof(struct ndpi_ipv6hdr), - ntohs(iph6->ip6_ctlun.ip6_un1.ip6_un1_plen), + ntohs(iph6->ip6_hdr.ip6_un1_plen), tcph, udph, sport, dport, src, dst, proto, payload, payload_len, src_to_dst_direction)); } @@ -881,7 +881,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } } else if(iph->version == 6) { iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; - proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + proto = iph6->ip6_hdr.ip6_un1_nxt; ip_len = sizeof(struct ndpi_ipv6hdr); if(proto == IPPROTO_DSTOPTS /* IPv6 destination option */) { diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a55696e13..8aab7408f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -206,34 +206,27 @@ struct ndpi_iphdr { /* +++++++++++++++++++++++ IPv6 header +++++++++++++++++++++++ */ /* rfc3542 */ -struct ndpi_in6_addr -{ - union - { +struct ndpi_in6_addr { + union { u_int8_t u6_addr8[16]; u_int16_t u6_addr16[8]; u_int32_t u6_addr32[4]; } u6_addr; /* 128-bit IP6 address */ }; -PACK_ON -struct ndpi_ipv6hdr -{ - union - { - struct ndpi_ip6_hdrctl - { - u_int32_t ip6_un1_flow; - u_int16_t ip6_un1_plen; - u_int8_t ip6_un1_nxt; - u_int8_t ip6_un1_hlim; - } ip6_un1; - u_int8_t ip6_un2_vfc; - } ip6_ctlun; +struct ndpi_ip6_hdrctl { + u_int32_t ip6_un1_flow; + u_int16_t ip6_un1_plen; + u_int8_t ip6_un1_nxt; + u_int8_t ip6_un1_hlim; +}; +/* PACK_ON */ +struct ndpi_ipv6hdr { + struct ndpi_ip6_hdrctl ip6_hdr; struct ndpi_in6_addr ip6_src; struct ndpi_in6_addr ip6_dst; -} PACK_OFF; +} /* PACK_OFF */; /* +++++++++++++++++++++++ TCP header +++++++++++++++++++++++ */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 2682b2e71..7c3856068 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8050,6 +8050,7 @@ ndpi_protocol_match host_match[] = { { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropboxstatic.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 25d8de602..3405779e7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3020,10 +3020,10 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru l4protocol = iph->protocol; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen)) { + else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_hdr.ip6_un1_plen)) { l4ptr = (((const u_int8_t *) iph_v6) + sizeof(struct ndpi_ipv6hdr)); - l4len = ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen); - l4protocol = iph_v6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + l4len = ntohs(iph_v6->ip6_hdr.ip6_un1_plen); + l4protocol = iph_v6->ip6_hdr.ip6_un1_nxt; // we need to handle IPv6 extension headers if present if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) { @@ -3660,7 +3660,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + protocol = flow->packet.iphv6->ip6_hdr.ip6_un1_nxt; } else #endif { diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index f7e8c9ac1..407d36b3b 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -74,7 +74,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st flow, flow->packet.iph ? flow->packet.iph->protocol : #ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, + flow->packet.iphv6->ip6_hdr.ip6_un1_nxt, #else 0, #endif -- cgit v1.2.3 From cd12a8608883f7079ff877db6b3a769860f36951 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Mon, 11 Dec 2017 20:15:00 +0100 Subject: Implements ndpi_get_category_id --- libndpi.sym | 1 + src/include/ndpi_api.h | 15 +++++++++++++-- src/lib/ndpi_main.c | 16 ++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/libndpi.sym b/libndpi.sym index c821189e8..6508f5d91 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -22,6 +22,7 @@ ndpi_init_detection_module ndpi_get_num_supported_protocols ndpi_set_proto_defaults ndpi_get_protocol_id +ndpi_get_category_id ndpi_find_port_based_protocol ndpi_get_http_method ndpi_get_http_url diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 2062974ad..9fbabc5f7 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -533,13 +533,24 @@ extern "C" { * Return the ID of the protocol * * @par ndpi_mod = the detection module - * @par proto = the ID of the protocol - * @return the string name of the breed ID + * @par proto = the protocol name + * @return the ID of the protocol * */ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto); + /** + * Return the ID of the category + * + * @par ndpi_mod = the detection module + * @par proto = the category name + * @return the ID of the category + * + */ + int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_mod, char *cat); + + /** * Write the list of the supported protocols * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3405779e7..0288c3e9f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4676,6 +4676,7 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ +/* Keep it in order and in sync with ndpi_protocol_category_t in ndpi_typedefs.h */ static const char* categories[] = { "Unspecified", "Media", @@ -4807,6 +4808,21 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *pr /* ****************************************************** */ +int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_mod, char *cat) { + int i; + const char *name; + + for(i = 0; i < NDPI_PROTOCOL_NUM_CATEGORIES; i++) { + name = ndpi_category_get_name(ndpi_mod, i); + if(strcasecmp(cat, name) == 0) + return(i); + } + + return(-1); +} + +/* ****************************************************** */ + void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) -- cgit v1.2.3 From a06c3995302981f35121ec154a718507954d4efd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 13 Dec 2017 08:04:51 +0100 Subject: Compilation fixes --- src/lib/protocols/http.c | 2 +- src/lib/protocols/pando.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 50eef99ed..187f2a84a 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -492,7 +492,7 @@ static struct l_string { STATIC_STRING_L("REPORT ") }; static const char *http_fs = "CDGHOPR"; -static inline uint8_t non_ctrl(uint8_t c) { +static uint8_t non_ctrl(uint8_t c) { return c < 32 ? '.':c; } diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c index e5f292550..ccf1ee12d 100644 --- a/src/lib/protocols/pando.c +++ b/src/lib/protocols/pando.c @@ -121,7 +121,7 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0\n") + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0\n"); flow->pando_stage = 0; } } -- cgit v1.2.3 From 00e6ee3dc337c0af106345950005cbeb63ad6acd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Dec 2017 10:33:01 +0100 Subject: Implemented GooglePlus support that replaced ancient Quake protocol now obsolete --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/Makefile.am | 1 - src/lib/ndpi_content_match.c.inc | 2 + src/lib/ndpi_main.c | 8 --- src/lib/protocols/quake.c | 106 --------------------------------------- 5 files changed, 3 insertions(+), 116 deletions(-) delete mode 100644 src/lib/protocols/quake.c diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c9496797c..aaa25a396 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -109,7 +109,7 @@ #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 #define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_GOOGLE_PLUS 72 #define NDPI_PROTOCOL_IP_VRRP 73 #define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_HALFLIFE2 75 diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 7db19f818..410a50f21 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -104,7 +104,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/ppstream.c \ protocols/pptp.c \ protocols/qq.c \ - protocols/quake.c \ protocols/quic.c \ protocols/radius.c \ protocols/rdp.c \ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7c3856068..e306efae9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8078,6 +8078,8 @@ ndpi_protocol_match host_match[] = { { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0288c3e9f..5d9061465 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1132,11 +1132,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE, - no_master, - no_master, "Quake", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, no_master, no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -2575,9 +2570,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BGP */ init_bgp_dissector(ndpi_struct, &a, detection_bitmask); - /* QUAKE */ - init_quake_dissector(ndpi_struct, &a, detection_bitmask); - /* BATTLEFIELD */ init_battlefield_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/quake.c b/src/lib/protocols/quake.c deleted file mode 100644 index 6f00c4296..000000000 --- a/src/lib/protocols/quake.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * quake.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#include "ndpi_protocol_ids.h" - -#ifdef NDPI_PROTOCOL_QUAKE - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUAKE - -#include "ndpi_api.h" - - -static void ndpi_int_quake_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUAKE, NDPI_PROTOCOL_UNKNOWN); -} - -void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG_DBG(ndpi_struct, "search Quake\n"); - - if ((packet->payload_packet_len == 14 - && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getInfo", 7) == 0) - || (packet->payload_packet_len == 17 - && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "challenge", 9) == 0) - || (packet->payload_packet_len > 20 - && packet->payload_packet_len < 30 - && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getServers", 10) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "found Quake IV\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - - /* Quake III/Quake Live */ - if (packet->payload_packet_len == 15 && get_u_int32_t(packet->payload, 0) == 0xffffffff - && memcmp(&packet->payload[4], "getinfo", NDPI_STATICSTRING_LEN("getinfo")) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len == 16 && get_u_int32_t(packet->payload, 0) == 0xffffffff - && memcmp(&packet->payload[4], "getchallenge", NDPI_STATICSTRING_LEN("getchallenge")) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len > 20 && packet->payload_packet_len < 30 - && get_u_int32_t(packet->payload, 0) == 0xffffffff - && memcmp(&packet->payload[4], "getservers", NDPI_STATICSTRING_LEN("getservers")) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - - - - /* ports for startup packet: - Quake I 26000 (starts with 0x8000) - Quake II 27910 - Quake III 27960 (increases with each player) - Quake IV 27650 - Quake World 27500 - Quake Wars ????? - */ - - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -} - - -void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("Quake", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_QUAKE, - ndpi_search_quake, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - -#endif -- cgit v1.2.3 From 9561f379980395bb43af8b5994ee1c63c14fe909 Mon Sep 17 00:00:00 2001 From: qianguozheng Date: Tue, 19 Dec 2017 17:37:46 +0800 Subject: Fix ndpiReader long run crash due to dupilicate nodes exist, cause double free failed. --- example/ndpi_util.c | 49 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 9 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index b3b9f26a1..d0a8470dc 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -362,6 +362,26 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow idx = hashval % workflow->prefs.num_roots; ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); + + /* to avoid two nodes in one binary tree for a flow */ + int is_changed = 0; + if(ret == NULL) + { + u_int32_t orig_src_ip = flow.src_ip; + u_int16_t orig_src_port = flow.src_port; + u_int32_t orig_dst_ip = flow.dst_ip; + u_int16_t orig_dst_port = flow.dst_port; + + flow.src_ip = orig_dst_ip; + flow.src_port = orig_dst_port; + flow.dst_ip = orig_src_ip; + flow.dst_port = orig_src_port; + + is_changed = 1; + + ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); + } + if(ret == NULL) { if(workflow->stats.ndpi_flow_count == workflow->prefs.max_ndpi_flows) { NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, @@ -425,15 +445,26 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } else { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)ret; - if(flow->src_ip == iph->saddr - && flow->dst_ip == iph->daddr - && flow->src_port == htons(*sport) - && flow->dst_port == htons(*dport) - ) - *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; - else - *src = flow->dst_id, *dst = flow->src_id, *src_to_dst_direction = 0, flow->bidirectional = 1; - + if (is_changed) { + if(flow->src_ip == iph->saddr + && flow->dst_ip == iph->daddr + && flow->src_port == htons(*sport) + && flow->dst_port == htons(*dport) + ) + *src = flow->dst_id, *dst = flow->src_id, *src_to_dst_direction = 0, flow->bidirectional = 1; + else + *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; + } + else { + if(flow->src_ip == iph->saddr + && flow->dst_ip == iph->daddr + && flow->src_port == htons(*sport) + && flow->dst_port == htons(*dport) + ) + *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; + else + *src = flow->dst_id, *dst = flow->src_id, *src_to_dst_direction = 0, flow->bidirectional = 1; + } return flow; } } -- cgit v1.2.3 From caf602c4a9210e821a5650abc49590d89f16ea23 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 23 Dec 2017 19:40:39 +0100 Subject: Merged categories network and network_tool (way too similar) Replaced former network_tool category with streaming category --- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 44 ++++++++++++++++++++-------------------- src/lib/ndpi_main.c | 27 ++++++++++++++---------- 3 files changed, 39 insertions(+), 34 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8aab7408f..beb6a86f8 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -777,7 +777,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_NETWORK, /* Network infrastructure protocols */ NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ - NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ + NDPI_PROTOCOL_CATEGORY_STREAMING, /* Streaming protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ /* See #define NUM_CUSTOM_CATEGORIES */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e306efae9..e1f46c110 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8043,7 +8043,7 @@ ndpi_protocol_match host_match[] = { { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8068,7 +8068,7 @@ ndpi_protocol_match host_match[] = { { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8102,15 +8102,15 @@ ndpi_protocol_match host_match[] = { { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8159,7 +8159,7 @@ ndpi_protocol_match host_match[] = { { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, @@ -8169,7 +8169,7 @@ ndpi_protocol_match host_match[] = { { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, @@ -8197,7 +8197,7 @@ ndpi_protocol_match host_match[] = { { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8268,16 +8268,16 @@ ndpi_protocol_match host_match[] = { { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8310,9 +8310,9 @@ ndpi_protocol_match host_match[] = { { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5d9061465..f6c39b250 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -872,7 +872,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, no_master, - no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, @@ -922,7 +922,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, no_master, - no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, @@ -1288,7 +1288,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, no_master, - no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, + no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, @@ -1378,12 +1378,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, no_master, - no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, no_master, - no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, @@ -1413,7 +1413,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, no_master, - no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, @@ -1456,6 +1456,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY, + no_master, + no_master, "Spotify", NDPI_PROTOCOL_CATEGORY_STREAMING, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, no_master, no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -1484,7 +1489,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, no_master, - no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, @@ -1549,7 +1554,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, no_master, - no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, @@ -1604,7 +1609,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, no_master, - no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, @@ -1659,7 +1664,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, no_master, - no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, @@ -4687,7 +4692,7 @@ static const char* categories[] = { "Network", "Collaborative", "RPC", - "NetworkTool", + "Streaming", "System", "SoftwareUpdate", "", -- cgit v1.2.3 From 8d52491508f6df8a2d1763b89690281d4952540c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 25 Dec 2017 19:26:17 +0100 Subject: Added simplified makefile Fixed small warnings Compilation fixes --- src/include/ndpi_api.h | 4 +++- src/lib/Makefile.simple | 22 ++++++++++++++++++++++ src/lib/protocols/btlib.c | 16 ++++++++++++---- src/lib/protocols/btlib.h | 2 +- src/lib/third_party/src/ndpi_patricia.c | 1 + 5 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 src/lib/Makefile.simple diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 9fbabc5f7..25a7612f2 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -736,7 +736,9 @@ extern "C" { void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)); void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)); void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf); - + void * ndpi_malloc(size_t size); + void * ndpi_calloc(unsigned long count, size_t size); + void ndpi_free(void *ptr); #ifdef __cplusplus } #endif diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple new file mode 100644 index 000000000..b7db4ff30 --- /dev/null +++ b/src/lib/Makefile.simple @@ -0,0 +1,22 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make -f Makefile.simple +# +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include +RANLIB=ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) ndpi_main.o third_party/src/ndpi_patricia.o +HEADERS = $(wildcard ../include/*.h) + +libndpi.a: $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f libndpi.a $(OBJECTS) \ No newline at end of file diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 66d9654bc..ac456f364 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -29,17 +29,17 @@ #include #include +/* typedef unsigned char u_int8_t; typedef unsigned short int u_int16_t; typedef unsigned long long int u_int64_t; +*/ #include #include #include #endif -typedef signed long long int i_int64_t; - #include "btlib.h" int bt_parse_debug = 0; @@ -90,6 +90,7 @@ static char *print_id_ip6_p(char *s,const struct bt_nodes6_data *b) { } +#if 0 void dump_bt_proto_struct(struct bt_parse_protocol *p) { char b20h[128]; int i; @@ -155,7 +156,9 @@ void dump_bt_proto_struct(struct bt_parse_protocol *p) { if(p->interval) printf("\tinterval\t%d\n",p->interval); if(p->min_interval) printf("\tmin interval\t%d\n",p->min_interval); } +#endif +#ifdef BTLIB_DEBUG static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static const char *th="0123456789abcdef?"; char *buf = (char*)ndpi_malloc((size_t)(l*3+2)); @@ -183,6 +186,11 @@ static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { } #define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } +#else +#define DEBUG_TRACE(cmd) ; +#endif + + #define STREQ(a,b) !strcmp(a,b) @@ -408,8 +416,8 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_cb_t *cbd) { unsigned int n=0,neg=0; - i_int64_t d = 0; - register u_int8_t c; + int64_t d = 0; + u_int8_t c; if(*l == 0) return NULL; if(cbd->level > BDEC_MAXDEPT) goto bad_data; diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index a9ca53786..cc8b52b65 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -171,7 +171,7 @@ typedef struct bt_parse_data_cb { int level; int t; union { - i_int64_t i; + int64_t i; b_elem_s_t s; } v; } bt_parse_data_cb_t; diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index fe63b21b1..2bc4f869c 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -54,6 +54,7 @@ #include /* BSD, Linux, Solaris: for inet_addr */ #endif #include "ndpi_patricia.h" +#include "ndpi_api.h" void ndpi_DeleteEntry(void *a) { ndpi_free(a); -- cgit v1.2.3 From f5e366d8c4766c56c0ca7ec61e973d395b76ed5d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 25 Dec 2017 19:57:03 +0100 Subject: Added third party libs --- src/lib/Makefile.simple | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple index b7db4ff30..2a6649131 100644 --- a/src/lib/Makefile.simple +++ b/src/lib/Makefile.simple @@ -8,7 +8,7 @@ CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include RANLIB=ranlib -OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) ndpi_main.o third_party/src/ndpi_patricia.o +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) libndpi.a: $(OBJECTS) -- cgit v1.2.3 From 1d1082342f608d37a4abcdf18c3e7e60c8734b05 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 2 Jan 2018 13:47:46 +0100 Subject: added diameter protocol dissector --- src/include/ndpi_protocol_ids.h | 5 +- src/include/ndpi_protocols.h | 4 +- src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 10 ++- src/lib/protocols/bittorrent.c | 2 +- src/lib/protocols/diameter.c | 132 ++++++++++++++++++++++++++++++++++++++++ src/lib/protocols/quic.c | 2 +- tests/pcap/diameter.pcap | Bin 0 -> 2100 bytes tests/result/diameter.pcap.out | 3 + 9 files changed, 153 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/diameter.c create mode 100644 tests/pcap/diameter.pcap create mode 100644 tests/result/diameter.pcap.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index aaa25a396..30d138d3f 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -2,7 +2,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -275,9 +275,10 @@ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 +#define NDPI_PROTOCOL_DIAMETER 237 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DIAMETER #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index da7acaef7..2fb105afe 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -1,7 +1,7 @@ /* * ndpi_protocols.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -52,6 +52,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* Applications and other protocols. */ +void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -202,6 +203,7 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 410a50f21..e67d076c3 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -37,6 +37,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/dcerpc.c \ protocols/dhcp.c \ protocols/dhcpv6.c \ + protocols/diameter.c \ protocols/directconnect.c \ protocols/directdownloadlink.c \ protocols/dns.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f6c39b250..13a216b1d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1,7 +1,7 @@ /* * ndpi_main.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -1451,6 +1451,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, + no_master, + no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -2767,6 +2772,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* QUIC */ init_quic_dissector(ndpi_struct, &a, detection_bitmask); + /* DIAMETER */ + init_diameter_dissector(ndpi_struct, &a, detection_bitmask); + /* EAQ */ init_eaq_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 727992702..81fc3baf6 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -2,7 +2,7 @@ * bittorrent.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c new file mode 100644 index 000000000..24317f498 --- /dev/null +++ b/src/lib/protocols/diameter.c @@ -0,0 +1,132 @@ +/* + * aimini.c + * + * Copyright (C) 2018 - ntop.org + * Written by Michele Campus - + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DIAMETER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER + +#include "ndpi_api.h" + + +// Header Flags possibile values +#define REQUEST 0X80 +#define PROXYABLE 0X40 +#define ERROR 0X20 +#define RETRASM 0X10 + +typedef enum { + AC = 271, + AS = 274, + CC = 272, + CE = 257, + DW = 280, + DP = 282, + RA = 258, + ST = 275 +} com_type_t; + +#define DIAM_HEADER_LEN 20 + +// DIAMETER header +struct diameter_header_t +{ + u_int8_t version; + u_int8_t length[3]; + u_int8_t flags; + u_int8_t com_code[3]; + u_int32_t app_id; + u_int32_t hop_id; + u_int32_t end_id; +}; + + +// Check packet +int is_diameter(struct ndpi_packet_struct *packet, int size_payload) +{ + // check param + if(!packet || size_payload == 0) return -1; + + // cast to diameter header + struct diameter_header_t *diameter = (struct diameter_header_t *) packet; + + // check if the packet is diameter + if(diameter->version == 0x01 && + (diameter->flags == REQUEST || + diameter->flags == PROXYABLE || + diameter->flags == ERROR || + diameter->flags == RETRASM)) { + + u_int16_t com_code = diameter->com_code[2] + (diameter->com_code[1] << 8) + (diameter->com_code[0] << 8); + + if(com_code == AC || com_code == AS || + com_code == CC || com_code == CE || + com_code == DW || com_code == DP || + com_code == RA || com_code == ST) + return 0; // OK + } + // wrong packet + return -2; +} + + +void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + // Diameter is on TCP + if(packet->tcp) { + + /* Check if it's diameter */ + int ret = is_diameter(packet, packet->payload_packet_len); + if(ret != 0) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + else { + NDPI_LOG_INFO(ndpi_struct, "found Diameter\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIAMETER, NDPI_PROTOCOL_UNKNOWN); + } + } + else { // UDP + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } +} + + +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("Diameter", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_DIAMETER, ndpi_search_diameter, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif /* NDPI_PROTOCOL_DIAMETER */ + diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 24a2b8f12..203aead36 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1,7 +1,7 @@ /* * quic.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * Based on code of: * Andrea Buscarinu - diff --git a/tests/pcap/diameter.pcap b/tests/pcap/diameter.pcap new file mode 100644 index 000000000..cad16d27b Binary files /dev/null and b/tests/pcap/diameter.pcap differ diff --git a/tests/result/diameter.pcap.out b/tests/result/diameter.pcap.out new file mode 100644 index 000000000..9a43af0ef --- /dev/null +++ b/tests/result/diameter.pcap.out @@ -0,0 +1,3 @@ +Diameter 6 1980 1 + + 1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][3 pkts/1174 bytes <-> 3 pkts/806 bytes] -- cgit v1.2.3 From 61e297b851af570109e72a93a65b1ac5ccfda0b4 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 5 Jan 2018 00:34:33 +0100 Subject: add missing check for free TCP/UDP root in tree --- src/lib/ndpi_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 13a216b1d..e1979fbb2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2041,8 +2041,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->protocols_ptree) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); - ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); - ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); + if (ndpi_struct->udpRoot != NULL) + ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); + if (ndpi_struct->tcpRoot != NULL) + ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); if(ndpi_struct->host_automa.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->host_automa.ac_automa); -- cgit v1.2.3 From 35dc6e27ae11a92553611a9d3d8c1ed963a894d4 Mon Sep 17 00:00:00 2001 From: Ludovico Cavedon Date: Tue, 9 Jan 2018 10:26:10 -0800 Subject: Fix MPLS header parsing in ndpiReader. Reported at https://bugs.debian.org/886133. The current parsing for the MPLS header in examples/ndpi_util.c has multiple issues: - the bitfield order is incorrect for little endian architectures - ntohl() is applied to a 20 bit label, which has unclear purpose - if multiple labels are detected, the while loop parsing labels will never exit due to a missing re-read of the mpls label - the last label is identified by looking inside the label field, while it should be done by looking at the S bit This change fixes the above issues. Notice that bitfield ordering is implementation-dependent, so C bitfields should not be used in the first place to parse network packets. --- example/ndpi_util.c | 15 +++++++++------ src/include/ndpi_typedefs.h | 8 ++++++++ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d0a8470dc..af83c6d14 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -689,7 +689,10 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, const struct ndpi_wifi_header *wifi; /* --- MPLS header --- */ - struct ndpi_mpls_header *mpls; + union mpls { + uint32_t u32; + struct ndpi_mpls_header mpls; + } mpls; /** --- IP header --- **/ struct ndpi_iphdr *iph; @@ -846,15 +849,15 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; case MPLS_UNI: case MPLS_MULTI: - mpls = (struct ndpi_mpls_header *) &packet[ip_offset]; - label = ntohl(mpls->label); - /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */ + mpls.u32 = *((uint32_t *) &packet[ip_offset]); + mpls.u32 = ntohl(mpls.u32); workflow->stats.mpls_count++; type = ETH_P_IP, ip_offset += 4; - while((label & 0x100) != 0x100) { + while(!mpls.mpls.s) { ip_offset += 4; - label = ntohl(mpls->label); + mpls.u32 = *((uint32_t *) &packet[ip_offset]); + mpls.u32 = ntohl(mpls.u32); } break; case PPPoE: diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index beb6a86f8..d0afcb40c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -178,7 +178,15 @@ struct ndpi_wifi_header PACK_ON struct ndpi_mpls_header { + /* Before using this strcut to parse an MPLS header, you will need to convert + * the 4-byte data to the correct endianess with ntohl(). */ +#if defined(__LITTLE_ENDIAN__) + u_int32_t ttl:8, s:1, exp:3, label:20; +#elif defined(__BIG_ENDIAN__) u_int32_t label:20, exp:3, s:1, ttl:8; +#else +# error "Byte order must be defined" +#endif } PACK_OFF; /* ++++++++++++++++++++++++ IP header ++++++++++++++++++++++++ */ -- cgit v1.2.3 From ced9658c63693ca178638a351b7dcde93eab170b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 15 Jan 2018 20:13:34 +0100 Subject: Added ApplePush support --- src/include/ndpi_protocol_ids.h | 4 +- src/lib/Makefile.am | 1 + src/lib/ndpi_content_match.c.inc | 6 ++- src/lib/ndpi_main.c | 10 ++++- src/lib/protocols/apple_push.c | 81 ++++++++++++++++++++++++++++++++++++++++ 5 files changed, 97 insertions(+), 5 deletions(-) create mode 100644 src/lib/protocols/apple_push.c diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 30d138d3f..dc32345e3 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -210,7 +210,6 @@ #define NDPI_PROTOCOL_WHOIS_DAS 170 #define NDPI_PROTOCOL_COLLECTD 171 #define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -/* The Lync protocol is now skype for business and this the old id 173 can now be recycled */ #define NDPI_PROTOCOL_NINTENDO 173 #define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ @@ -276,9 +275,10 @@ #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 #define NDPI_PROTOCOL_DIAMETER 237 +#define NDPI_PROTOCOL_APPLE_PUSH 238 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DIAMETER +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_APPLE_PUSH #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index e67d076c3..2d587496b 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -19,6 +19,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/afp.c \ protocols/aimini.c \ protocols/applejuice.c \ + protocols/apple_push.c \ protocols/armagetron.c \ protocols/ayiya.c \ protocols/amqp.c \ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e1f46c110..5a7a1fa66 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8030,11 +8030,11 @@ ndpi_protocol_match host_match[] = { { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { ".push.apple.com", "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8045,6 +8045,8 @@ ndpi_protocol_match host_match[] = { { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e1979fbb2..27eddfd1a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1451,11 +1451,16 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, no_master, no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH, + no_master, + no_master, "ApplePush", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 1, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -2777,6 +2782,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* DIAMETER */ init_diameter_dissector(ndpi_struct, &a, detection_bitmask); + /* APPLE_PUSH */ + init_apple_push_dissector(ndpi_struct, &a, detection_bitmask); + /* EAQ */ init_eaq_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c new file mode 100644 index 000000000..734be6e96 --- /dev/null +++ b/src/lib/protocols/apple_push.c @@ -0,0 +1,81 @@ +/* + * apple_push.c + * + * Copyright (C) 2018 by ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_APPLE_PUSH + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH + +#include "ndpi_api.h" + +static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + /* https://support.apple.com/en-us/HT203609 */ + if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */) + || ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)) { + u_int16_t apple_push_port = ntohs(5223); + u_int16_t notification_apn_port = ntohs(2195); + u_int16_t apn_feedback_port = ntohs(2196); + + if(((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port)) + || ((packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) + || ((packet->tcp->source == apn_feedback_port) || (packet->tcp->dest == apn_feedback_port)) + ) { + NDPI_LOG_INFO(ndpi_struct, "found apple_push\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void ndpi_search_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search apple_push\n"); + + /* skip marked packets */ + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_APPLE_PUSH) + ndpi_check_apple_push(ndpi_struct, flow); +} + + +void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_APPLE_PUSH, + ndpi_search_apple_push, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + + + +#endif -- cgit v1.2.3 From fbf7fe242462d07b0dc3a72907421a2b472b5d21 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 16 Jan 2018 15:57:45 +0100 Subject: Implemented Google services detection Refreshed google-based services support --- src/include/ndpi_protocol_ids.h | 3 ++- src/include/ndpi_protocols.h | 1 + src/include/ndpi_typedefs.h | 7 +++--- src/lib/ndpi_content_match.c.inc | 49 +++++++++++++++++++++++++++++++--------- 4 files changed, 45 insertions(+), 15 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index dc32345e3..acc510d49 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -276,9 +276,10 @@ #define NDPI_PROTOCOL_LISP 236 #define NDPI_PROTOCOL_DIAMETER 237 #define NDPI_PROTOCOL_APPLE_PUSH 238 +#define NDPI_PROTOCOL_GOOGLE_SERVICES 239 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_APPLE_PUSH +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_SERVICES #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 2fb105afe..3268488e1 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -352,5 +352,6 @@ void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d0afcb40c..15b629068 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -756,11 +756,12 @@ typedef struct { } ndpi_port_range; typedef enum { - NDPI_PROTOCOL_SAFE = 0, /* Surely doesn’t provide risks for the network. (e.g., a news site) */ - NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn’t provide risks, but could be malicious (e.g., Dropbox) */ + NDPI_PROTOCOL_SAFE = 0, /* Surely doesn't provide risks for the network. (e.g., a news site) */ + NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn't provide risks, but could be malicious (e.g., Dropbox) */ NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */ NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Surely is dangerous (ex. Tor). Be prepared to troubles */ + NDPI_PROTOCOL_TRACKER_ADS, /* Trackers, Advertisements... */ NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */ } ndpi_protocol_breed_t; @@ -773,7 +774,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_VPN, /* Virtual Private Networks */ NDPI_PROTOCOL_CATEGORY_MAIL, /* Protocols to send/receive/sync emails */ NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, /* AFS/NFS and similar protocols */ - NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ + NDPI_PROTOCOL_CATEGORY_WEB, /* Web/mobile protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing */ NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5a7a1fa66..48f39f1b7 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -636,7 +636,7 @@ static ndpi_network host_protocol_list[] = { /* Teamviewer 159.122.189.32-63 */ { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, - + /* IFLIX services -by www.vizuamatix.com R&D team */ @@ -852,7 +852,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, - + /* BitTorrent */ @@ -8080,20 +8080,47 @@ ndpi_protocol_match host_match[] = { { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + /* + See https://better.fyi/trackers/ + + DoubleClick by Google (2mdn.net) + DoubleClick by Google (doubleclick.net) + DoubleClick by Google, Inc. (dmtry.com) + Google AdSense by Google (google.com) + Google AdSense by Google (google.se) + Google AdSense by Google (googleadservices.com) + Google Analytics by Google (google-analytics.com) + Google APIs by Google (ajax.googleapis.com) + Google Fonts by Google (fonts.googleapis.com) + Google Interactive Media Ads (imasdk.googleapis.com) + Google Syndication (googlesyndication.com) + Google Tag Manager by Google (googletagmanager.com) + Google Tag Manager by Google (googletagservices.com) + Gstatic by Google (gstatic.com) + */ + + /* Google Advertisements */ + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + + /* Google Services */ + { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8106,7 +8133,7 @@ ndpi_protocol_match host_match[] = { { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From d2d20a8aa4bbd6994c23f34dc9e06febae9aaf12 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 16 Jan 2018 16:39:30 +0100 Subject: Warnign fix --- src/lib/ndpi_content_match.c.inc | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 48f39f1b7..26c7cc068 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8100,13 +8100,13 @@ ndpi_protocol_match host_match[] = { */ /* Google Advertisements */ - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, /* Google Services */ { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8119,6 +8119,9 @@ ndpi_protocol_match host_match[] = { { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + /* http://check.googlezip.net/connect [check browser connectivity] */ + { ".googlezip.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From d18824a73fa7f05122bc35000a8a1b538c62fc58 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 19 Jan 2018 14:33:43 +0100 Subject: Cleaned up Amazon IP range Improved HostShield VPN --- src/lib/ndpi_content_match.c.inc | 56 +++------------------------------------- 1 file changed, 3 insertions(+), 53 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 26c7cc068..7b868a764 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -216,59 +216,9 @@ static ndpi_network host_protocol_list[] = { { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x3452BB00 /* 52.82.187.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x34530000 /* 52.83.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x34540000 /* 52.84.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, - { 0x34560000 /* 52.86.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, - { 0x34580000 /* 52.88.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x3452BB00 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34580000 /* 52.88.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, - { 0x345C0000 /* 52.92.0.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345C1000 /* 52.92.16.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345C2000 /* 52.92.32.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C2800 /* 52.92.40.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - { 0x345C3000 /* 52.92.48.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C3400 /* 52.92.52.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C3800 /* 52.92.56.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C3C00 /* 52.92.60.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4000 /* 52.92.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4400 /* 52.92.68.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4800 /* 52.92.72.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4C00 /* 52.92.76.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C5400 /* 52.92.84.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C5800 /* 52.92.88.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345CF800 /* 52.92.248.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345CFC00 /* 52.92.252.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345D0000 /* 52.93.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x345E0000 /* 52.94.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345E0400 /* 52.94.4.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0500 /* 52.94.5.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0600 /* 52.94.6.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0700 /* 52.94.7.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0800 /* 52.94.8.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0900 /* 52.94.9.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0A00 /* 52.94.10.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0B00 /* 52.94.11.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0C00 /* 52.94.12.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0D00 /* 52.94.13.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0E00 /* 52.94.14.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0F00 /* 52.94.15.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E1100 /* 52.94.17.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E1800 /* 52.94.24.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345E1C00 /* 52.94.28.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345E2000 /* 52.94.32.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E3000 /* 52.94.48.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E4000 /* 52.94.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345E5000 /* 52.94.80.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E6000 /* 52.94.96.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E7000 /* 52.94.112.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345ECC00 /* 52.94.204.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345ECE00 /* 52.94.206.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345ED000 /* 52.94.208.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - { 0x345ED800 /* 52.94.216.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - { 0x345EE000 /* 52.94.224.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345EF000 /* 52.94.240.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345EFC00 /* 52.94.252.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345EFE00 /* 52.94.254.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, { 0x345F0A00 /* 52.95.10.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, { 0x345F0C00 /* 52.95.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, @@ -8030,7 +7980,6 @@ ndpi_protocol_match host_match[] = { { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".push.apple.com", "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8251,6 +8200,7 @@ ndpi_protocol_match host_match[] = { { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".northghost.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From e09ebab0c2faea63be03e58ac4cf512faf965752 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 24 Jan 2018 16:47:23 +0100 Subject: Initial support for Intel hyperscan pattern matching library. --- src/include/ndpi_typedefs.h | 5 +++ src/lib/ndpi_main.c | 83 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 15b629068..3e4fcabad 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -937,6 +937,11 @@ struct ndpi_detection_module_struct { u_int8_t http_dont_dissect_response:1, dns_dissect_response:1, direction_detect_disable:1; /* disable internal detection of packet direction */ + +#ifdef HAVE_HYPERSCAN + hs_database_t *hs_database; + hs_scratch_t *hs_scratch; +#endif }; struct ndpi_flow_struct { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 27eddfd1a..e3a646c97 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -731,10 +731,63 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, /* ******************************************************************** */ +#ifdef HAVE_HYPERSCAN + +static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { + // TODO populate from ndpi_content_match.c.inc + // The regexes + static const char* expressions[] = { + "\\.facebook\\.com$", + "\\.youtube\\.com$", + "\\.youtube\\.it$", + "^video\\..*\\.google\\.com$", + "wikipedia\\.org$", + }; + // The protocol ID to associate to each regex + static unsigned int ids[] = { + NDPI_PROTOCOL_FACEBOOK, + NDPI_PROTOCOL_YOUTUBE, + NDPI_PROTOCOL_YOUTUBE, + NDPI_PROTOCOL_GOOGLE, + NDPI_PROTOCOL_WIKIPEDIA, + }; + #define NUM_EXPRESSIONS 5 // must match the above structures length + + hs_compile_error_t *compile_err; + + if(hs_compile_multi(expressions, NULL, ids, + NUM_EXPRESSIONS, HS_MODE_BLOCK, NULL, + &ndpi_mod->hs_database, &compile_err) != HS_SUCCESS) { + NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); + hs_free_compile_error(compile_err); + return -1; + } + + if(hs_alloc_scratch(ndpi_mod->hs_database, &ndpi_mod->hs_scratch) != HS_SUCCESS) { + NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); + hs_free_database(ndpi_mod->hs_database); + return -1; + } + + return 0; +} + +static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { + hs_free_scratch(ndpi_mod->hs_scratch); + hs_free_database(ndpi_mod->hs_database); +} + +#endif + static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; +#ifdef HAVE_HYPERSCAN + // TODO check return value + init_hyperscan(ndpi_mod); +#endif + for(i=0; host_match[i].string_to_match != NULL; i++) ndpi_init_protocol_match(ndpi_mod, &host_match[i]); @@ -2063,6 +2116,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->impossible_bigrams_automa.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->impossible_bigrams_automa.ac_automa); +#ifdef HAVE_HYPERSCAN + destroy_hyperscan(ndpi_struct); +#endif + ndpi_free(ndpi_struct); } } @@ -4929,6 +4986,8 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru /* ****************************************************** */ +#ifndef HAVE_HYPERSCAN + static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, @@ -4969,6 +5028,30 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str return(NDPI_PROTOCOL_UNKNOWN); } +#else + +static int hyperscanEventHandler(unsigned int id, unsigned long long from, + unsigned long long to, unsigned int flags, void *ctx) { + *((int *)ctx) = (int)id; + return HS_SCAN_TERMINATED; +} + +static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id, + u_int8_t is_host_match) { + int rv = NDPI_PROTOCOL_UNKNOWN; + + if(hs_scan(ndpi_struct->hs_database, string_to_match, string_to_match_len, 0, ndpi_struct->hs_scratch, + hyperscanEventHandler, &rv) != HS_SUCCESS) + NDPI_LOG_ERR(ndpi_struct, "[NDPI] Hyperscan match returned error\n"); + + return rv; +} + +#endif + /* ****************************************************** */ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, -- cgit v1.2.3 From 78feabfad741561bbfff2be52b3eadaee9be0e2b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 24 Jan 2018 22:11:05 +0100 Subject: Inital hyperscan work --- configure.seed | 15 +- example/Makefile.am | 6 +- example/ndpiReader.c | 1 - src/include/ndpi_typedefs.h | 74 +++-- src/lib/Makefile.am | 2 +- src/lib/ndpi_content_match.c.inc | 610 +++++++++++++++++++-------------------- src/lib/ndpi_main.c | 92 ++++-- src/lib/protocols/rx.c | 6 +- src/lib/protocols/tinc.c | 1 + 9 files changed, 420 insertions(+), 387 deletions(-) diff --git a/configure.seed b/configure.seed index 2b2392a16..b6c53cf43 100644 --- a/configure.seed +++ b/configure.seed @@ -51,6 +51,17 @@ else AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) fi + +HS_LIB= +HS_INC= +AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable Intel Hyperscan (if available)]) + +if test "${with_hyperscan}" == "yes"; then : + AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present])) + HS_INC=`pkg-config --cflags libhs` + HS_LIB=`pkg-config --libs libhs` +fi + if test -f $PCAP_HOME/libpcap/libpcap.a; then : echo "Using libpcap from $PCAP_HOME" PCAP_INC="-I $PCAP_HOME/libpcap" @@ -101,7 +112,7 @@ AS_IF([test "x$enable_json_c" != "xno"], [ AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) -AC_CONFIG_HEADERS(config.h) +AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) AC_SUBST(NDPI_MINOR) @@ -111,6 +122,8 @@ AC_SUBST(JSON_C_LIB) AC_SUBST(PCAP_INC) AC_SUBST(PCAP_LIB) AC_SUBST(DL_LIB) +AC_SUBST(HS_LIB) +AC_SUBST(HS_INC) AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) AC_OUTPUT diff --git a/example/Makefile.am b/example/Makefile.am index 6cc6a14ce..9eedc21d8 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,10 +1,10 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ @HS_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage -LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm -AM_LDFLAGS = -static @DL_LIB@ +LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm +AM_LDFLAGS = -static @DL_LIB@ @HS_LIB@ ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h diff --git a/example/ndpiReader.c b/example/ndpiReader.c index aa8e09507..202de40d4 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -43,7 +43,6 @@ #include #include #include -#include "../config.h" #include "ndpi_api.h" #include "uthash.h" #include diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 739d82294..7ad9757a4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,33 +25,28 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "libcache.h" #define BT_ANNOUNCE #define SNAP_EXT - /* NDPI_LOG_LEVEL */ -typedef enum - { - NDPI_LOG_ERROR, - NDPI_LOG_TRACE, - NDPI_LOG_DEBUG, - NDPI_LOG_DEBUG_EXTRA - } ndpi_log_level_t; +typedef enum { + NDPI_LOG_ERROR, + NDPI_LOG_TRACE, + NDPI_LOG_DEBUG, + NDPI_LOG_DEBUG_EXTRA +} ndpi_log_level_t; /* NDPI_VISIT */ -typedef enum - { - ndpi_preorder, - ndpi_postorder, - ndpi_endorder, - ndpi_leaf - } ndpi_VISIT; +typedef enum { + ndpi_preorder, + ndpi_postorder, + ndpi_endorder, + ndpi_leaf +} ndpi_VISIT; /* NDPI_NODE */ -typedef struct node_t -{ +typedef struct node_t { char *key; struct node_t *left, *right; } ndpi_node; @@ -60,8 +55,7 @@ typedef struct node_t typedef u_int32_t ndpi_ndpi_mask; /* NDPI_PROTO_BITMASK_STRUCT */ -typedef struct ndpi_protocol_bitmask_struct -{ +typedef struct ndpi_protocol_bitmask_struct { ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; } ndpi_protocol_bitmask_struct_t; @@ -797,9 +791,9 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_CUSTOM_5, /* User custom category 5 */ NDPI_PROTOCOL_NUM_CATEGORIES /* - NOTE: Keep this as last member - Unused as value but useful to getting the number of elements - in this datastructure + NOTE: Keep this as last member + Unused as value but useful to getting the number of elements + in this datastructure */ } ndpi_protocol_category_t; @@ -863,6 +857,7 @@ struct ndpi_detection_module_struct { ndpi_default_ports_tree_node_t *tcpRoot, *udpRoot; ndpi_log_level_t ndpi_log_level; /* default error */ + #ifdef NDPI_ENABLE_DEBUG_MESSAGES /* debug callback, only set when debug is used */ ndpi_debug_function_ptr ndpi_debug_printf; @@ -930,7 +925,7 @@ struct ndpi_detection_module_struct { #endif #endif #ifdef NDPI_PROTOCOL_TINC - cache_t tinc_cache; + struct cache *tinc_cache; #endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -938,10 +933,7 @@ struct ndpi_detection_module_struct { u_int8_t http_dont_dissect_response:1, dns_dissect_response:1, direction_detect_disable:1; /* disable internal detection of packet direction */ -#ifdef HAVE_HYPERSCAN - hs_database_t *hs_database; - hs_scratch_t *hs_scratch; -#endif + void *hyperscan; /* Intel Hyperscan */ }; struct ndpi_flow_struct { @@ -957,8 +949,8 @@ struct ndpi_flow_struct { u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; /* - if ndpi_struct->direction_detect_disable == 1 - tcp sequence number connection tracking + if ndpi_struct->direction_detect_disable == 1 + tcp sequence number connection tracking */ u_int32_t next_tcp_seq_nr[2]; @@ -967,8 +959,8 @@ struct ndpi_flow_struct { int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); /* - the tcp / udp / other l4 value union - used to reduce the number of bytes for tcp or udp protocol states + the tcp / udp / other l4 value union + used to reduce the number of bytes for tcp or udp protocol states */ union { struct ndpi_flow_tcp_struct tcp; @@ -976,20 +968,20 @@ struct ndpi_flow_struct { } l4; /* - Pointer to src or dst - that identifies the - server of this connection + Pointer to src or dst + that identifies the + server of this connection */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ u_char host_server_name[256]; /* - This structure below will not not stay inside the protos - structure below as HTTP is used by many subprotocols - such as FaceBook, Google... so it is hard to know - when to use it or not. Thus we leave it outside for the - time being. + This structure below will not not stay inside the protos + structure below as HTTP is used by many subprotocols + such as FaceBook, Google... so it is hard to know + when to use it or not. Thus we leave it outside for the + time being. */ struct { ndpi_http_method method; @@ -1150,7 +1142,7 @@ struct ndpi_flow_struct { }; typedef struct { - char *string_to_match, *proto_name; + char *string_to_match, *string2_to_match, *pattern_to_match, *proto_name; int protocol_id; ndpi_protocol_category_t proto_category; ndpi_protocol_breed_t protocol_breed; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 4b25e0162..33b402f6e 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -1,7 +1,7 @@ lib_LTLIBRARIES = libndpi.la CFLAGS += -fPIC -DPIC # --coverage -libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/lib/third_party/include/ +libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/lib/third_party/include/ @HS_INC@ libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.sym libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7b868a764..435a5dde4 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7973,61 +7973,61 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, - { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".push.apple.com", "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ - { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ - { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dropboxstatic.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ - { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - - { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, + { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", NULL, "\\.cloudfront\\.net$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".push.apple.com", NULL, NULL, "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".apple-dns.net", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".mzstatic.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "iosapps.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ + { "osxapps.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ + { "buy.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "su.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "se.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "myapp.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "swscan.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes-apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes.apple.com", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".apple.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".icloud.com", NULL, NULL, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".cnn.c", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".cnn.net", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { ".dropbox.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropboxstatic.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox-dns.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "log.getdropbox.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ebay.", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ + { ".ebay.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystatic.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaydesc.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayrtm.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystratus.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayimg.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { "facebook.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".facebook.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".speedtest.net", NULL, NULL, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, + + { "drive-thirdparty.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* See https://better.fyi/trackers/ @@ -8049,261 +8049,261 @@ ndpi_protocol_match host_match[] = { */ /* Google Advertisements */ - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".googlesyndication.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleads.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".doubleclick.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleadservices.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".2mdn.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".dmtry.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "google-analytics.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, /* Google Services */ - { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mtalk.google.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "plus.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "plus.url.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* http://check.googlezip.net/connect [check browser connectivity] */ - { ".googlezip.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.google.", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.gstatic.com", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.outlook.com", NULL, NULL, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".last.fm", NULL, NULL, "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ + { "msn.com", NULL, NULL, "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "netflix.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxext.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.dspg.akamaiedge.net","Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skype.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net", NULL, NULL,"Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", NULL, NULL, "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".twttr.com", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twitter.", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twimg.com", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikipedia.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimedia.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mediawiki.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimediafoundation.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", NULL, NULL, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".yimg.com", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "yahooapis.", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "upload.youtube.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "upload.video.google.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.youtube.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.video.google.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "googleusercontent.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", NULL, NULL, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pandora.com", NULL, NULL, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".torproject.org", NULL, NULL, "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".kakao.com", NULL, NULL, "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".qq.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".gtimg.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", NULL, NULL, "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, - - { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - - { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".northghost.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - - { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoftonline.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office365.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocsp.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocdn.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".waze.com", NULL, NULL, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".deezer.com", NULL, NULL, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".microsoft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "i-msdn.sec.s-msft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".visualstudio.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, + + { "bn1301.storage.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "update.microsoft.com", NULL, NULL, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".windowsupdate.com", NULL, NULL, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + + { "worldofwarcraft.com", NULL, NULL, "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".anchorfree.", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".northghost.com", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".webex.com", NULL, NULL, "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ocsdomain.com", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".iflix.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { "crl.microsoft.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net","OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net", NULL, NULL,"OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", NULL, NULL, "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-assets2.s3-", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net","Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steampowered.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamcontent.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net", NULL, NULL,"Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.com", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "dnscrypt.org", NULL, NULL, "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrent.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.net", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.net", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com", NULL, NULL,"Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".linkedin.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".licdn.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "web.telegram.org", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { NULL, 0 } + { NULL, NULL, NULL, 0 } }; @@ -8311,57 +8311,57 @@ ndpi_protocol_match host_match[] = { Mime-type content match match */ ndpi_protocol_match content_match[] = { - { "audio/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mpeg3", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mp4a", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/nsv", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "misc/ultravox", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".adobe.", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-fcs", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-shockwave-flash",NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "video/flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "flv-application/octet-stream", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/futuresplash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/quicktime", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mp4", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-m4v", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-pn-realaudio", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.rn-realmedia", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-ms-", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asf", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asx", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-msvideo", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-wav", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.ms.wms-hdr.asfv1", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - - { NULL, 0 } + { "audio/mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mpeg3", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mp4a", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/nsv", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "misc/ultravox", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".adobe.", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-fcs", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-shockwave-flash",NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "video/flash", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "flv-application/octet-stream", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/futuresplash", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/quicktime", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mp4", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-m4v", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-pn-realaudio", NULL, NULL, NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.rn-realmedia", NULL, NULL, NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-ms-", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asf", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asx", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-msvideo", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-wav", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.ms.wms-hdr.asfv1", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "NSPlayer/", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-mms-framed", NULL, NULL, NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Xbox Live Client/", NULL, NULL, NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Windows-Update-Agent", NULL, NULL, NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "audio/webm", NULL, NULL, NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/webm", NULL, NULL, NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-rtsp-tunnelled", NULL, NULL, NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.apple.mpegurl",NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-tar", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + + { NULL, NULL, NULL, 0 } }; /* ****************************************************** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e3a646c97..843a7ba1a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -24,11 +24,12 @@ #include #include #include "ahocorasick.h" +#include "libcache.h" #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN #include "ndpi_api.h" -#include "../../config.h" +#include "ndpi_config.h" #include #ifndef WIN32 @@ -39,6 +40,17 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" +#ifdef HAVE_HYPERSCAN +#include +#endif + +#ifdef HAVE_HYPERSCAN +struct hs { + hs_database_t *database; + hs_scratch_t *scratch; +}; +#endif + static int _ndpi_debug_callbacks = 0; /* implementation of the punycode check function */ @@ -734,47 +746,61 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, #ifdef HAVE_HYPERSCAN static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - // TODO populate from ndpi_content_match.c.inc - // The regexes - static const char* expressions[] = { - "\\.facebook\\.com$", - "\\.youtube\\.com$", - "\\.youtube\\.it$", - "^video\\..*\\.google\\.com$", - "wikipedia\\.org$", - }; - // The protocol ID to associate to each regex - static unsigned int ids[] = { - NDPI_PROTOCOL_FACEBOOK, - NDPI_PROTOCOL_YOUTUBE, - NDPI_PROTOCOL_YOUTUBE, - NDPI_PROTOCOL_GOOGLE, - NDPI_PROTOCOL_WIKIPEDIA, - }; - #define NUM_EXPRESSIONS 5 // must match the above structures length - + u_int num_patterns = 0, i; + const char **expressions; + unsigned int *ids; hs_compile_error_t *compile_err; + struct hs *hs = (struct hs*)ndpi_mod->hyperscan; + + ndpi_mod->hyperscan = (void*)malloc(sizeof(struct hs)); + if(!ndpi_mod->hyperscan) return(-1); + + for(i=0; host_match[i].string_to_match != NULL; i++) { + if(host_match[i].pattern_to_match) + num_patterns++; + } + + expressions = (const char**)malloc(sizeof(char*)*num_patterns); + if(!expressions) return(-1); + + ids = (unsigned int*)malloc(sizeof(unsigned int)*num_patterns); + if(!ids) { + free(expressions); + return(-1); + } + for(i=0, num_patterns=0; host_match[i].string_to_match != NULL; i++) { + if(host_match[i].pattern_to_match) { + expressions[num_patterns] = host_match[i].pattern_to_match; + ids[num_patterns] = host_match[i].protocol_id; + num_patterns++; + } + } + if(hs_compile_multi(expressions, NULL, ids, - NUM_EXPRESSIONS, HS_MODE_BLOCK, NULL, - &ndpi_mod->hs_database, &compile_err) != HS_SUCCESS) { + num_patterns, HS_MODE_BLOCK, NULL, + &hs->database, &compile_err) != HS_SUCCESS) { NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); hs_free_compile_error(compile_err); return -1; } - - if(hs_alloc_scratch(ndpi_mod->hs_database, &ndpi_mod->hs_scratch) != HS_SUCCESS) { + + if(hs_alloc_scratch(hs->database, &hs->scratch) != HS_SUCCESS) { NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); - hs_free_database(ndpi_mod->hs_database); + hs_free_database(hs->database); return -1; } - + return 0; } static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - hs_free_scratch(ndpi_mod->hs_scratch); - hs_free_database(ndpi_mod->hs_database); + if(ndpi_mod->hyperscan) { + struct hs *hs = (struct hs*)ndpi_mod->hyperscan; + + hs_free_scratch(hs->scratch); + hs_free_database(hs->database); + } } #endif @@ -2093,7 +2119,7 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct #ifdef NDPI_PROTOCOL_TINC if(ndpi_struct->tinc_cache) - cache_free(ndpi_struct->tinc_cache); + cache_free((cache_t)(ndpi_struct->tinc_cache)); #endif if(ndpi_struct->protocols_ptree) @@ -5042,9 +5068,11 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str u_int16_t master_protocol_id, u_int8_t is_host_match) { int rv = NDPI_PROTOCOL_UNKNOWN; - - if(hs_scan(ndpi_struct->hs_database, string_to_match, string_to_match_len, 0, ndpi_struct->hs_scratch, - hyperscanEventHandler, &rv) != HS_SUCCESS) + struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + + if(hs_scan(hs->database, string_to_match, + string_to_match_len, 0, hs->scratch, + hyperscanEventHandler, &rv) != HS_SUCCESS) NDPI_LOG_ERR(ndpi_struct, "[NDPI] Hyperscan match returned error\n"); return rv; diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index c61f0a9ad..6eb9bf149 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -62,7 +62,7 @@ struct ndpi_rx_header { #define PARAM_2 10 #define PARAM_3 11 #define PARAMS_4 12 -#define VERSION 13 +#define VERS 13 /* Flags values */ #define EMPTY 0 @@ -110,7 +110,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, **/ /* TYPE field */ - if((header->type < DATA) || (header->type > VERSION)) { + if((header->type < DATA) || (header->type > VERS)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -156,7 +156,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, goto security; case PARAM_3: goto security; - case VERSION: + case VERS: goto security; default: NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index adb547a48..19bfa34aa 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -25,6 +25,7 @@ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC #include "ndpi_api.h" +#include "libcache.h" static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 57fb117571560280226818d51411c1df2cab836c Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Fri, 26 Jan 2018 13:03:17 +0300 Subject: Fix buffer overflow in function ndpi_debug_printf() --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 843a7ba1a..cfcef8c0b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1950,13 +1950,13 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct * { #ifdef NDPI_ENABLE_DEBUG_MESSAGES va_list args; -#define MAX_STR_LEN 120 +#define MAX_STR_LEN 250 char str[MAX_STR_LEN]; if(ndpi_str != NULL && log_level > NDPI_LOG_ERROR && proto > 0 && proto < NDPI_MAX_SUPPORTED_PROTOCOLS && !NDPI_ISSET(&ndpi_str->debug_bitmask,proto)) return; va_start(args, format); - vsprintf(str, format, args); + vsnprintf(str,sizeof(str)-1, format, args); va_end(args); if (ndpi_str != NULL) { -- cgit v1.2.3 From ee7a30385ba2ba030c1afb4d4f4cee7abef70329 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 26 Jan 2018 19:45:41 +0100 Subject: Added minor hardening code in STUN --- src/lib/protocols/stun.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index eef6e024e..bb4780aab 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -90,7 +90,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * https://en.wikipedia.org/wiki/Skype_for_Business */ - while(offset < payload_length) { + while((offset+2) < payload_length) { u_int16_t attribute = ntohs(*((u_int16_t*)&payload[offset])); u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2])); u_int16_t x = (len + 4) % 4; @@ -107,6 +107,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) + && ((offset+7) < payload_length) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -118,6 +119,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8070: /* Implementation Version */ if((len == 4) + && ((offset+7) < payload_length) && (payload[offset+4] == 0x00) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) @@ -239,7 +241,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } #endif - if((flow->num_stun_udp_pkts > 0) && (msg_type <= 0x00FF)) { *is_whatsapp = 1; return NDPI_IS_STUN; /* This is WhatsApp Voice */ @@ -269,11 +270,12 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_DBG(ndpi_struct, "search stun\n"); + if(packet->payload == NULL) return; + if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ - if(packet->payload_packet_len >= 2 + 20 && - ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) { - + if((packet->payload_packet_len >= 22) + && ((ntohs(get_u_int16_t(packet->payload, 0)) + 2) == packet->payload_packet_len)) { /* TODO there could be several STUN packets in a single TCP packet so maybe the detection could be * improved by checking only the STUN packet of given length */ @@ -283,10 +285,11 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_INFO(ndpi_struct, "found Skype\n"); ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { - NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); + NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); /* Ummmmm we're in the TCP branch. This code looks bad */ ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } + return; } } @@ -306,9 +309,8 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n return; } - if(flow->num_stun_udp_pkts >= MAX_NUM_STUN_PKTS) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - } + if(flow->num_stun_udp_pkts >= MAX_NUM_STUN_PKTS) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); if(flow->packet_counter > 0) { /* This might be a RTP stream: let's make sure we check it */ -- cgit v1.2.3 From da588f6a30e4c4ce6497fca3939284123017780f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 26 Jan 2018 23:40:23 +0100 Subject: Improved hyperscan support --- src/lib/ndpi_content_match.c.inc | 8 ++++---- src/lib/ndpi_main.c | 17 +++++++++++++---- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 435a5dde4..aa5a990ea 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8162,11 +8162,11 @@ ndpi_protocol_match host_match[] = { { ".sina.com.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", NULL, "\\.appspot\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice-hrd.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", NULL, "\\.feelsonice\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", NULL, "\\.snapchat\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", NULL, "\\.snapads\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index cfcef8c0b..8d65a50cf 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -750,20 +750,23 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { const char **expressions; unsigned int *ids; hs_compile_error_t *compile_err; - struct hs *hs = (struct hs*)ndpi_mod->hyperscan; + struct hs *hs; ndpi_mod->hyperscan = (void*)malloc(sizeof(struct hs)); if(!ndpi_mod->hyperscan) return(-1); + hs = (struct hs*)ndpi_mod->hyperscan; for(i=0; host_match[i].string_to_match != NULL; i++) { - if(host_match[i].pattern_to_match) + if(host_match[i].pattern_to_match) { + /* printf("[DEBUG] %s\n", host_match[i].pattern_to_match); */ num_patterns++; + } } - expressions = (const char**)malloc(sizeof(char*)*num_patterns); + expressions = (const char**)calloc(sizeof(char*), num_patterns+1); if(!expressions) return(-1); - ids = (unsigned int*)malloc(sizeof(unsigned int)*num_patterns); + ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns+1); if(!ids) { free(expressions); return(-1); @@ -794,6 +797,8 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { return 0; } +/* ******************************************************************** */ + static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { if(ndpi_mod->hyperscan) { struct hs *hs = (struct hs*)ndpi_mod->hyperscan; @@ -805,6 +810,8 @@ static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { #endif +/* ******************************************************************** */ + static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; @@ -5056,6 +5063,8 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str #else +/* ******************************************************************** */ + static int hyperscanEventHandler(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, void *ctx) { *((int *)ctx) = (int)id; -- cgit v1.2.3 From f8c6e9d7143173abb7e191b90f70325e11616a54 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Wed, 31 Jan 2018 17:15:55 +0100 Subject: Fixes possible out-of-bounds due to malformed DHCP packets --- src/lib/protocols/dhcp.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 673b85b85..02ce00f25 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -72,19 +72,24 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(packet->udp) { dhcp_packet_t *dhcp = (dhcp_packet_t*)packet->payload; - if((packet->payload_packet_len >= 244) + if((packet->payload_packet_len >= 244 /* 244 is the offset of options[0] in dhcp_packet_t */) && (packet->udp->source == htons(67) || packet->udp->source == htons(68)) && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68)) && (dhcp->magic == htonl(DHCP_OPTION_MAGIC_NUMBER))) { - int i = 0, foundValidMsgType = 0; + u_int i = 0, foundValidMsgType = 0; - while(i < DHCP_VEND_LEN) { + u_int dhcp_options_size = ndpi_min(DHCP_VEND_LEN /* maximum size of options in dhcp_packet_t */, + packet->payload_packet_len - 244); + + while(i + 1 /* for the len */ < dhcp_options_size) { u_int8_t id = dhcp->options[i]; if(id == 0xFF) break; else { - u_int8_t len = dhcp->options[i+1]; + /* Prevent malformed packets to cause out-of-bounds accesses */ + u_int8_t len = ndpi_min(dhcp->options[i+1] /* len as found in the packet */, + dhcp_options_size - (i+2) /* 1 for the type and 1 for the value */); if(len == 0) break; @@ -99,12 +104,14 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru } else if(id == 55 /* Parameter Request List / Fingerprint */) { u_int idx, offset = 0; - for(idx=0; idxprotos.dhcp.fingerprint) - 2; idx++) { snprintf((char*)&flow->protos.dhcp.fingerprint[offset], - sizeof(flow->protos.dhcp.fingerprint)-offset-1, - "%02X", dhcp->options[i+2+idx] & 0xFF); + sizeof(flow->protos.dhcp.fingerprint) - offset, + "%02X", dhcp->options[i+2+idx] & 0xFF); offset += 2; } + flow->protos.dhcp.fingerprint[sizeof(flow->protos.dhcp.fingerprint) - 1] = '\0'; + } else if(id == 60 /* Class Identifier */) { char *name = (char*)&dhcp->options[i+2]; int j = 0; -- cgit v1.2.3 From 3b5d8177f70da5eeaec308512860f2fd09f67bc3 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 3 Feb 2018 17:06:28 +0100 Subject: fix wrong conversion dec to hex --- src/lib/ndpi_content_match.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index aa5a990ea..6ff6220f6 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -216,7 +216,7 @@ static ndpi_network host_protocol_list[] = { { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x3452BB00 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34520000 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, { 0x34580000 /* 52.88.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, -- cgit v1.2.3 From 73b401956123fe71fc2e8ebee113b2c570613d4a Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 3 Feb 2018 19:56:14 +0100 Subject: update results for test pcap --- tests/result/http_ipv6.pcap.out | 8 ++++---- tests/result/mpeg.pcap.out | 2 +- tests/result/ocs.pcap.out | 7 ++++--- tests/result/skype.pcap.out | 5 +++-- tests/result/skype_no_unknown.pcap.out | 5 +++-- tests/result/viber_mobile.pcap.out | 7 ++++--- tests/result/whatsapp_login_call.pcap.out | 5 +++-- tests/result/whatsapp_login_chat.pcap.out | 5 +++-- 8 files changed, 25 insertions(+), 19 deletions(-) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index e09cf3fe3..37f5ce787 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.238/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 7b6978c3f..1f5020ab6 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.238/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.241/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 628f51607..dad0e148b 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -2,15 +2,16 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 SSL 20 2715 1 -Google 40 5453 5 +Google 27 3176 3 OCS 863 57552 7 PlayStore 1 72 1 +GoogleServices 13 2277 2 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws] 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] - 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] + 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/SSL.GoogleServices][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com] 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] @@ -21,7 +22,7 @@ PlayStore 1 72 1 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com] 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] - 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] + 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com] 17 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 18 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] 19 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 80e251ce7..21e32c28a 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -8,10 +8,11 @@ IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 Skype 2139 324409 249 -Apple 15 2045 2 +Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 +ApplePush 12 1877 1 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] @@ -33,7 +34,7 @@ MS_OneDrive 387 198090 1 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] 20 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 21 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][6 pkts/1211 bytes <-> 6 pkts/666 bytes] 22 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] 23 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] 24 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index bb57b636d..33571bc4a 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -8,8 +8,9 @@ IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 Skype 1291 190136 223 -Apple 84 20699 2 +Apple 76 19581 1 MS_OneDrive 348 181687 1 +ApplePush 8 1118 1 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes] @@ -68,7 +69,7 @@ MS_OneDrive 348 181687 1 55 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][11 pkts/855 bytes <-> 3 pkts/287 bytes] 56 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] 57 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][11 pkts/848 bytes <-> 3 pkts/286 bytes] - 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][4 pkts/674 bytes <-> 4 pkts/444 bytes] + 58 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][4 pkts/674 bytes <-> 4 pkts/444 bytes] 59 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 60 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index c69eda2bb..e481134e8 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -8,10 +8,11 @@ SSL 72 21126 6 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 76 17175 8 +Google 59 14520 6 WhatsApp 38 6756 3 Viber 10081 1413446 4 Amazon 8 528 1 +GoogleServices 17 2655 2 1 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4192 pkts/515224 bytes <-> 5865 pkts/895629 bytes] 2 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][19 pkts/3115 bytes <-> 18 pkts/13053 bytes][client: graph.facebook.com][server: *.facebook.com] @@ -22,7 +23,7 @@ Amazon 8 528 1 7 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][13 pkts/1401 bytes <-> 16 pkts/4545 bytes] 8 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][22 pkts/3437 bytes <-> 14 pkts/2437 bytes] 9 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] - 10 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] + 10 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.239/SSL.GoogleServices][7 pkts/1505 bytes <-> 8 pkts/953 bytes][client: mtalk.google.com] 11 TCP 192.168.200.222:36675 -> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes -> 0 pkts/0 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] 12 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][8 pkts/1187 bytes <-> 8 pkts/856 bytes] 13 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][4 pkts/996 bytes <-> 4 pkts/996 bytes] @@ -71,7 +72,7 @@ Amazon 8 528 1 56 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes <-> 1 pkts/166 bytes][Host: s.jpush.cn] 57 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes <-> 1 pkts/141 bytes][Host: easytomessage.com] 58 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][1 pkts/78 bytes <-> 1 pkts/136 bytes][Host: graph.facebook.com] - 59 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] + 59 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][1 pkts/76 bytes <-> 1 pkts/121 bytes][Host: mtalk.google.com] 60 ICMP 192.168.200.222:0 -> 192.168.1.1:0 [proto: 81/ICMP][2 pkts/196 bytes -> 0 pkts/0 bytes] 61 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/72 bytes <-> 1 pkts/120 bytes][Host: sis.jpush.io] 62 ICMP 37.214.167.82:0 -> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index b30cffa74..73697827b 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -6,11 +6,12 @@ ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 Dropbox 4 2176 1 -Apple 127 28102 20 +Apple 105 22176 19 WhatsApp 182 25154 2 Spotify 3 258 1 WhatsAppVoice 706 91156 4 AppleStore 85 28087 2 +ApplePush 22 5926 1 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][186 pkts/27025 bytes <-> 278 pkts/25895 bytes] 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][141 pkts/17530 bytes <-> 57 pkts/12888 bytes] @@ -18,7 +19,7 @@ AppleStore 85 28087 2 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com] 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] - 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] + 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][12 pkts/2341 bytes <-> 12 pkts/2484 bytes] 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][9 pkts/1842 bytes <-> 11 pkts/1151 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index f94954c5f..f407fcfce 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -1,13 +1,14 @@ MDNS 2 202 2 DHCP 6 2052 1 Dropbox 2 1088 1 -Apple 50 23466 2 +Apple 44 21371 1 WhatsApp 32 3243 2 Spotify 1 86 1 +ApplePush 6 2095 1 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][17 pkts/1794 bytes <-> 13 pkts/1169 bytes] - 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes -> 0 pkts/0 bytes] + 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][6 pkts/2095 bytes -> 0 pkts/0 bytes] 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net] -- cgit v1.2.3 From 39b9f6752c6f55ae8d68fe88787d245a9692a929 Mon Sep 17 00:00:00 2001 From: ZengYingpei Date: Sun, 4 Feb 2018 14:19:38 +0800 Subject: Add an Xcode project for debugging under MacOS --- example/MacOS/ndpiExample/ndpiExample/Info.plist | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 example/MacOS/ndpiExample/ndpiExample/Info.plist diff --git a/example/MacOS/ndpiExample/ndpiExample/Info.plist b/example/MacOS/ndpiExample/ndpiExample/Info.plist new file mode 100644 index 000000000..38bef7f2b --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/Info.plist @@ -0,0 +1,32 @@ + + + + + CFBundleDevelopmentRegion + $(DEVELOPMENT_LANGUAGE) + CFBundleExecutable + $(EXECUTABLE_NAME) + CFBundleIconFile + + CFBundleIdentifier + $(PRODUCT_BUNDLE_IDENTIFIER) + CFBundleInfoDictionaryVersion + 6.0 + CFBundleName + $(PRODUCT_NAME) + CFBundlePackageType + APPL + CFBundleShortVersionString + 1.0 + CFBundleVersion + 1 + LSMinimumSystemVersion + $(MACOSX_DEPLOYMENT_TARGET) + NSHumanReadableCopyright + Copyright © 2018年 ZengYingpei. All rights reserved. + NSMainStoryboardFile + Main + NSPrincipalClass + NSApplication + + -- cgit v1.2.3 From aea81e4a1ae96a8bd93789556d252cce335ea197 Mon Sep 17 00:00:00 2001 From: ZengYingpei Date: Sun, 4 Feb 2018 14:21:52 +0800 Subject: Add an Xcode project for debugging under MacOS (add all missed files) --- example/MacOS/README.md | 18 + .../ndpiExample.xcodeproj/project.pbxproj | 1141 ++++++++++++++++++++ .../project.xcworkspace/contents.xcworkspacedata | 7 + .../MacOS/ndpiExample/ndpiExample/AppDelegate.h | 29 + .../MacOS/ndpiExample/ndpiExample/AppDelegate.m | 41 + .../AppIcon.appiconset/Contents.json | 58 + .../ndpiExample/Base.lproj/Main.storyboard | 732 +++++++++++++ .../MacOS/ndpiExample/ndpiExample/ViewController.h | 29 + .../MacOS/ndpiExample/ndpiExample/ViewController.m | 101 ++ example/MacOS/ndpiExample/ndpiExample/capture.pcap | Bin 0 -> 80922 bytes example/MacOS/ndpiExample/ndpiExample/main.m | 13 + .../ndpiExample/ndpiExample.entitlements | 5 + example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h | 15 + example/ndpiReader.c | 4 + 14 files changed, 2193 insertions(+) create mode 100644 example/MacOS/README.md create mode 100644 example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj create mode 100644 example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 example/MacOS/ndpiExample/ndpiExample/AppDelegate.h create mode 100644 example/MacOS/ndpiExample/ndpiExample/AppDelegate.m create mode 100644 example/MacOS/ndpiExample/ndpiExample/Assets.xcassets/AppIcon.appiconset/Contents.json create mode 100644 example/MacOS/ndpiExample/ndpiExample/Base.lproj/Main.storyboard create mode 100644 example/MacOS/ndpiExample/ndpiExample/ViewController.h create mode 100644 example/MacOS/ndpiExample/ndpiExample/ViewController.m create mode 100644 example/MacOS/ndpiExample/ndpiExample/capture.pcap create mode 100644 example/MacOS/ndpiExample/ndpiExample/main.m create mode 100644 example/MacOS/ndpiExample/ndpiExample/ndpiExample.entitlements create mode 100644 example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h diff --git a/example/MacOS/README.md b/example/MacOS/README.md new file mode 100644 index 000000000..b46833395 --- /dev/null +++ b/example/MacOS/README.md @@ -0,0 +1,18 @@ +# How to use? + +You need to first compile the nDPI library as usual: + +- ./autogen.sh +- ./configure +- make + +Then open the Xcode project and you are ready to go. The default behavior is to analyze an embeded pcap file `capture.pcap`. You can change the behavior by changing command line input in `ViewController.m` file. + +# What the XCode project did? + +It's a dummy Mac App project with a **Run** button. It doesn't modify any nDPI code except that it renamed the `main` function to `orginal_main` in `ndpiReader.c` (because the Mac App has it's own main function) and call the `orginal_main` with synthetic command line input from `ViewController.m` file when the **Run** button is clicked. + +It also fixes some problems when compiling with Xcode. Somes are listed below: +- Add missed `NDPI_LOG_DEBUG2` macro definition implementation (defined as `NDPI_LOG_DEBUG2_XCODE_PROJ` in `ViewController.m`) +- Add a empty ndpi_utils.h file to make `protocols/attic/ftp.c` and `protocols/attic/secondlife.c` can compile +- Specially treat `ndpi_patricia.c` by not adding it into compilation source, since it's directly included in `ndpi_main.c` diff --git a/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj new file mode 100644 index 000000000..f79eaa8aa --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj @@ -0,0 +1,1141 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 48; + objects = { + +/* Begin PBXBuildFile section */ + E3953F5420254989000BBA0D /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = E3953F5320254989000BBA0D /* AppDelegate.m */; }; + E3953F5720254989000BBA0D /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = E3953F5620254989000BBA0D /* ViewController.m */; }; + E3953F5920254989000BBA0D /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = E3953F5820254989000BBA0D /* Assets.xcassets */; }; + E3953F5C2025498A000BBA0D /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = E3953F5A2025498A000BBA0D /* Main.storyboard */; }; + E3953F5F2025498A000BBA0D /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = E3953F5E2025498A000BBA0D /* main.m */; }; + E395430B20255354000BBA0D /* Makefile.am in Resources */ = {isa = PBXBuildFile; fileRef = E39540A520255353000BBA0D /* Makefile.am */; }; + E395430C20255354000BBA0D /* ndpi_define.h.in in Resources */ = {isa = PBXBuildFile; fileRef = E39540A720255353000BBA0D /* ndpi_define.h.in */; }; + E395431720255354000BBA0D /* Makefile in Sources */ = {isa = PBXBuildFile; fileRef = E39540BC20255353000BBA0D /* Makefile */; }; + E395431820255354000BBA0D /* Makefile.am in Resources */ = {isa = PBXBuildFile; fileRef = E39540BD20255353000BBA0D /* Makefile.am */; }; + E395431920255354000BBA0D /* Makefile.in in Resources */ = {isa = PBXBuildFile; fileRef = E39540BE20255353000BBA0D /* Makefile.in */; }; + E395431A20255354000BBA0D /* Makefile.simple in Resources */ = {isa = PBXBuildFile; fileRef = E39540BF20255353000BBA0D /* Makefile.simple */; }; + E395431B20255354000BBA0D /* ndpi_content_match.c.inc in Sources */ = {isa = PBXBuildFile; fileRef = E39540C020255353000BBA0D /* ndpi_content_match.c.inc */; }; + E395431C20255354000BBA0D /* ndpi_main.c in Sources */ = {isa = PBXBuildFile; fileRef = E39540C120255353000BBA0D /* ndpi_main.c */; }; + E395431E20255354000BBA0D /* .dirstamp in Resources */ = {isa = PBXBuildFile; fileRef = E39540C520255353000BBA0D /* .dirstamp */; }; + E39543A320255354000BBA0D /* afp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414B20255353000BBA0D /* afp.c */; }; + E39543A420255354000BBA0D /* aimini.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414C20255353000BBA0D /* aimini.c */; }; + E39543A520255354000BBA0D /* amqp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414D20255353000BBA0D /* amqp.c */; }; + E39543A620255354000BBA0D /* apple_push.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414E20255353000BBA0D /* apple_push.c */; }; + E39543A720255354000BBA0D /* applejuice.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414F20255353000BBA0D /* applejuice.c */; }; + E39543A820255354000BBA0D /* armagetron.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415020255353000BBA0D /* armagetron.c */; }; + E39543A920255354000BBA0D /* flash.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415220255353000BBA0D /* flash.c */; }; + E39543AA20255354000BBA0D /* ftp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415320255353000BBA0D /* ftp.c */; }; + E39543AB20255354000BBA0D /* manolito.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415420255353000BBA0D /* manolito.c */; }; + E39543AC20255354000BBA0D /* popo.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415520255353000BBA0D /* popo.c */; }; + E39543AD20255354000BBA0D /* secondlife.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415620255353000BBA0D /* secondlife.c */; }; + E39543AE20255354000BBA0D /* ayiya.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415720255353000BBA0D /* ayiya.c */; }; + E39543AF20255354000BBA0D /* battlefield.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415820255353000BBA0D /* battlefield.c */; }; + E39543B020255354000BBA0D /* bgp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415920255353000BBA0D /* bgp.c */; }; + E39543B120255354000BBA0D /* bittorrent.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415A20255353000BBA0D /* bittorrent.c */; }; + E39543B220255354000BBA0D /* bjnp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415B20255353000BBA0D /* bjnp.c */; }; + E39543B320255354000BBA0D /* btlib.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415C20255353000BBA0D /* btlib.c */; }; + E39543B420255354000BBA0D /* checkmk.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415E20255353000BBA0D /* checkmk.c */; }; + E39543B520255354000BBA0D /* ciscovpn.c in Sources */ = {isa = PBXBuildFile; fileRef = E395415F20255353000BBA0D /* ciscovpn.c */; }; + E39543B620255354000BBA0D /* citrix.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416020255353000BBA0D /* citrix.c */; }; + E39543B720255354000BBA0D /* coap.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416120255353000BBA0D /* coap.c */; }; + E39543B820255354000BBA0D /* collectd.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416220255353000BBA0D /* collectd.c */; }; + E39543B920255354000BBA0D /* corba.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416320255353000BBA0D /* corba.c */; }; + E39543BA20255354000BBA0D /* crossfire.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416420255353000BBA0D /* crossfire.c */; }; + E39543BB20255354000BBA0D /* csgo.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416520255353000BBA0D /* csgo.c */; }; + E39543BC20255354000BBA0D /* dcerpc.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416620255353000BBA0D /* dcerpc.c */; }; + E39543BD20255354000BBA0D /* dhcp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416720255353000BBA0D /* dhcp.c */; }; + E39543BE20255354000BBA0D /* dhcpv6.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416820255353000BBA0D /* dhcpv6.c */; }; + E39543BF20255354000BBA0D /* diameter.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416920255353000BBA0D /* diameter.c */; }; + E39543C020255354000BBA0D /* directconnect.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416A20255353000BBA0D /* directconnect.c */; }; + E39543C120255354000BBA0D /* directdownloadlink.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416B20255353000BBA0D /* directdownloadlink.c */; }; + E39543C220255354000BBA0D /* dns.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416C20255353000BBA0D /* dns.c */; }; + E39543C320255354000BBA0D /* dofus.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416D20255353000BBA0D /* dofus.c */; }; + E39543C420255354000BBA0D /* drda.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416E20255353000BBA0D /* drda.c */; }; + E39543C520255354000BBA0D /* dropbox.c in Sources */ = {isa = PBXBuildFile; fileRef = E395416F20255353000BBA0D /* dropbox.c */; }; + E39543C620255354000BBA0D /* eaq.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417020255353000BBA0D /* eaq.c */; }; + E39543C720255354000BBA0D /* edonkey.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417120255353000BBA0D /* edonkey.c */; }; + E39543C820255354000BBA0D /* fasttrack.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417220255353000BBA0D /* fasttrack.c */; }; + E39543C920255354000BBA0D /* fiesta.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417320255353000BBA0D /* fiesta.c */; }; + E39543CA20255354000BBA0D /* filetopia.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417420255353000BBA0D /* filetopia.c */; }; + E39543CB20255354000BBA0D /* fix.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417520255353000BBA0D /* fix.c */; }; + E39543CC20255354000BBA0D /* florensia.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417620255353000BBA0D /* florensia.c */; }; + E39543CD20255354000BBA0D /* ftp_control.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417720255353000BBA0D /* ftp_control.c */; }; + E39543CE20255354000BBA0D /* ftp_data.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417820255353000BBA0D /* ftp_data.c */; }; + E39543CF20255354000BBA0D /* git.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417920255353000BBA0D /* git.c */; }; + E39543D020255354000BBA0D /* gnutella.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417A20255353000BBA0D /* gnutella.c */; }; + E39543D120255354000BBA0D /* gtp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417B20255353000BBA0D /* gtp.c */; }; + E39543D220255354000BBA0D /* guildwars.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417C20255353000BBA0D /* guildwars.c */; }; + E39543D320255354000BBA0D /* h323.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417D20255353000BBA0D /* h323.c */; }; + E39543D420255354000BBA0D /* halflife2_and_mods.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417E20255353000BBA0D /* halflife2_and_mods.c */; }; + E39543D520255354000BBA0D /* hangout.c in Sources */ = {isa = PBXBuildFile; fileRef = E395417F20255353000BBA0D /* hangout.c */; }; + E39543D620255354000BBA0D /* hep.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418020255353000BBA0D /* hep.c */; }; + E39543D720255354000BBA0D /* http.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418120255353000BBA0D /* http.c */; }; + E39543D820255354000BBA0D /* http_activesync.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418220255353000BBA0D /* http_activesync.c */; }; + E39543D920255354000BBA0D /* iax.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418320255353000BBA0D /* iax.c */; }; + E39543DA20255354000BBA0D /* icecast.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418420255353000BBA0D /* icecast.c */; }; + E39543DB20255354000BBA0D /* ipp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418520255353000BBA0D /* ipp.c */; }; + E39543DC20255354000BBA0D /* irc.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418620255353000BBA0D /* irc.c */; }; + E39543DD20255354000BBA0D /* jabber.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418720255353000BBA0D /* jabber.c */; }; + E39543DE20255354000BBA0D /* kakaotalk_voice.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418820255353000BBA0D /* kakaotalk_voice.c */; }; + E39543DF20255354000BBA0D /* kerberos.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418920255353000BBA0D /* kerberos.c */; }; + E39543E020255354000BBA0D /* kontiki.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418A20255353000BBA0D /* kontiki.c */; }; + E39543E120255354000BBA0D /* ldap.c in Sources */ = {isa = PBXBuildFile; fileRef = E395418B20255353000BBA0D /* ldap.c */; }; + E39544EA20255354000BBA0D /* lisp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429420255354000BBA0D /* lisp.c */; }; + E39544EB20255354000BBA0D /* lotus_notes.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429520255354000BBA0D /* lotus_notes.c */; }; + E39544EC20255354000BBA0D /* mail_imap.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429620255354000BBA0D /* mail_imap.c */; }; + E39544ED20255354000BBA0D /* mail_pop.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429720255354000BBA0D /* mail_pop.c */; }; + E39544EE20255354000BBA0D /* mail_smtp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429820255354000BBA0D /* mail_smtp.c */; }; + E39544EF20255354000BBA0D /* maplestory.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429920255354000BBA0D /* maplestory.c */; }; + E39544F020255354000BBA0D /* mdns.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429A20255354000BBA0D /* mdns.c */; }; + E39544F120255354000BBA0D /* megaco.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429B20255354000BBA0D /* megaco.c */; }; + E39544F220255354000BBA0D /* mgcp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429C20255354000BBA0D /* mgcp.c */; }; + E39544F320255354000BBA0D /* mms.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429D20255354000BBA0D /* mms.c */; }; + E39544F420255354000BBA0D /* mpegts.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429E20255354000BBA0D /* mpegts.c */; }; + E39544F520255354000BBA0D /* mqtt.c in Sources */ = {isa = PBXBuildFile; fileRef = E395429F20255354000BBA0D /* mqtt.c */; }; + E39544F620255354000BBA0D /* msn.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A020255354000BBA0D /* msn.c */; }; + E39544F720255354000BBA0D /* mssql_tds.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A120255354000BBA0D /* mssql_tds.c */; }; + E39544F820255354000BBA0D /* mysql.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A220255354000BBA0D /* mysql.c */; }; + E39544F920255354000BBA0D /* netbios.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A320255354000BBA0D /* netbios.c */; }; + E39544FA20255354000BBA0D /* netflow.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A420255354000BBA0D /* netflow.c */; }; + E39544FB20255354000BBA0D /* nfs.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A520255354000BBA0D /* nfs.c */; }; + E39544FC20255354000BBA0D /* nintendo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A620255354000BBA0D /* nintendo.c */; }; + E39544FD20255354000BBA0D /* noe.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A720255354000BBA0D /* noe.c */; }; + E39544FE20255354000BBA0D /* non_tcp_udp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A820255354000BBA0D /* non_tcp_udp.c */; }; + E39544FF20255354000BBA0D /* ntp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542A920255354000BBA0D /* ntp.c */; }; + E395450020255354000BBA0D /* openft.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542AA20255354000BBA0D /* openft.c */; }; + E395450120255354000BBA0D /* openvpn.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542AB20255354000BBA0D /* openvpn.c */; }; + E395450220255354000BBA0D /* oracle.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542AC20255354000BBA0D /* oracle.c */; }; + E395450320255354000BBA0D /* oscar.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542AD20255354000BBA0D /* oscar.c */; }; + E395450420255354000BBA0D /* pando.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542AE20255354000BBA0D /* pando.c */; }; + E395450520255354000BBA0D /* pcanywhere.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542AF20255354000BBA0D /* pcanywhere.c */; }; + E395450620255354000BBA0D /* postgres.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B020255354000BBA0D /* postgres.c */; }; + E395450720255354000BBA0D /* pplive.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B120255354000BBA0D /* pplive.c */; }; + E395450820255354000BBA0D /* ppstream.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B220255354000BBA0D /* ppstream.c */; }; + E395450920255354000BBA0D /* pptp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B320255354000BBA0D /* pptp.c */; }; + E395450A20255354000BBA0D /* qq.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B420255354000BBA0D /* qq.c */; }; + E395450B20255354000BBA0D /* quic.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B520255354000BBA0D /* quic.c */; }; + E395450C20255354000BBA0D /* radius.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B620255354000BBA0D /* radius.c */; }; + E395450D20255354000BBA0D /* rdp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B720255354000BBA0D /* rdp.c */; }; + E395450E20255354000BBA0D /* redis_net.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B820255354000BBA0D /* redis_net.c */; }; + E395450F20255354000BBA0D /* rsync.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542B920255354000BBA0D /* rsync.c */; }; + E395451020255354000BBA0D /* rtcp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542BA20255354000BBA0D /* rtcp.c */; }; + E395451120255354000BBA0D /* rtmp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542BB20255354000BBA0D /* rtmp.c */; }; + E395451220255354000BBA0D /* rtp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542BC20255354000BBA0D /* rtp.c */; }; + E395451320255354000BBA0D /* rtsp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542BD20255354000BBA0D /* rtsp.c */; }; + E395451420255354000BBA0D /* rx.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542BE20255354000BBA0D /* rx.c */; }; + E395451520255354000BBA0D /* sflow.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542BF20255354000BBA0D /* sflow.c */; }; + E395451620255354000BBA0D /* shoutcast.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C020255354000BBA0D /* shoutcast.c */; }; + E395451720255354000BBA0D /* sip.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C120255354000BBA0D /* sip.c */; }; + E395451820255354000BBA0D /* skinny.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C220255354000BBA0D /* skinny.c */; }; + E395451920255354000BBA0D /* skype.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C320255354000BBA0D /* skype.c */; }; + E395451A20255354000BBA0D /* smb.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C420255354000BBA0D /* smb.c */; }; + E395451B20255354000BBA0D /* smpp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C520255354000BBA0D /* smpp.c */; }; + E395451C20255354000BBA0D /* snmp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C620255354000BBA0D /* snmp.c */; }; + E395451D20255354000BBA0D /* socks45.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C720255354000BBA0D /* socks45.c */; }; + E395451E20255354000BBA0D /* socrates.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C820255354000BBA0D /* socrates.c */; }; + E395451F20255354000BBA0D /* someip.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542C920255354000BBA0D /* someip.c */; }; + E395452020255354000BBA0D /* sopcast.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542CA20255354000BBA0D /* sopcast.c */; }; + E395452120255354000BBA0D /* soulseek.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542CB20255354000BBA0D /* soulseek.c */; }; + E395452220255354000BBA0D /* spotify.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542CC20255354000BBA0D /* spotify.c */; }; + E395452320255354000BBA0D /* ssdp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542CD20255354000BBA0D /* ssdp.c */; }; + E395452420255354000BBA0D /* ssh.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542CE20255354000BBA0D /* ssh.c */; }; + E395452520255354000BBA0D /* ssl.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542CF20255354000BBA0D /* ssl.c */; }; + E395452620255354000BBA0D /* starcraft.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D020255354000BBA0D /* starcraft.c */; }; + E395452720255354000BBA0D /* stealthnet.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D120255354000BBA0D /* stealthnet.c */; }; + E395452820255354000BBA0D /* steam.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D220255354000BBA0D /* steam.c */; }; + E395452920255354000BBA0D /* stun.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D320255354000BBA0D /* stun.c */; }; + E395452A20255354000BBA0D /* syslog.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D420255354000BBA0D /* syslog.c */; }; + E395452B20255354000BBA0D /* tcp_udp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D520255354000BBA0D /* tcp_udp.c */; }; + E395452C20255354000BBA0D /* teamspeak.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D620255354000BBA0D /* teamspeak.c */; }; + E395452D20255354000BBA0D /* teamviewer.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D720255354000BBA0D /* teamviewer.c */; }; + E395452E20255354000BBA0D /* telegram.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D820255354000BBA0D /* telegram.c */; }; + E395452F20255354000BBA0D /* telnet.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542D920255354000BBA0D /* telnet.c */; }; + E395453020255354000BBA0D /* teredo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542DA20255354000BBA0D /* teredo.c */; }; + E395453120255354000BBA0D /* tftp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542DB20255354000BBA0D /* tftp.c */; }; + E395453220255354000BBA0D /* thunder.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542DC20255354000BBA0D /* thunder.c */; }; + E395453320255354000BBA0D /* tinc.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542DD20255354000BBA0D /* tinc.c */; }; + E395453420255354000BBA0D /* tor.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542DE20255354000BBA0D /* tor.c */; }; + E395453520255354000BBA0D /* tvants.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542DF20255354000BBA0D /* tvants.c */; }; + E395453620255354000BBA0D /* tvuplayer.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E020255354000BBA0D /* tvuplayer.c */; }; + E395453720255354000BBA0D /* ubntac2.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E120255354000BBA0D /* ubntac2.c */; }; + E395453820255354000BBA0D /* usenet.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E220255354000BBA0D /* usenet.c */; }; + E395453920255354000BBA0D /* vhua.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E320255354000BBA0D /* vhua.c */; }; + E395453A20255354000BBA0D /* viber.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E420255354000BBA0D /* viber.c */; }; + E395453B20255355000BBA0D /* vmware.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E520255354000BBA0D /* vmware.c */; }; + E395453C20255355000BBA0D /* vnc.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E620255354000BBA0D /* vnc.c */; }; + E395453D20255355000BBA0D /* warcraft3.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E720255354000BBA0D /* warcraft3.c */; }; + E395453E20255355000BBA0D /* whoisdas.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E820255354000BBA0D /* whoisdas.c */; }; + E395453F20255355000BBA0D /* world_of_kung_fu.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542E920255354000BBA0D /* world_of_kung_fu.c */; }; + E395454020255355000BBA0D /* world_of_warcraft.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EA20255354000BBA0D /* world_of_warcraft.c */; }; + E395454120255355000BBA0D /* xbox.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EB20255354000BBA0D /* xbox.c */; }; + E395454220255355000BBA0D /* xdmcp.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EC20255354000BBA0D /* xdmcp.c */; }; + E395454320255355000BBA0D /* yahoo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542ED20255354000BBA0D /* yahoo.c */; }; + E395454420255355000BBA0D /* zattoo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EE20255354000BBA0D /* zattoo.c */; }; + E395454520255355000BBA0D /* zeromq.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EF20255354000BBA0D /* zeromq.c */; }; + E395454720255355000BBA0D /* .dirstamp in Resources */ = {isa = PBXBuildFile; fileRef = E39542FB20255354000BBA0D /* .dirstamp */; }; + E395454C20255355000BBA0D /* libcache.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430120255354000BBA0D /* libcache.c */; }; + E395455420255355000BBA0D /* node.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430920255354000BBA0D /* node.c */; }; + E395455520255355000BBA0D /* sort.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430A20255354000BBA0D /* sort.c */; }; + E395455D202558E6000BBA0D /* protos.txt in Resources */ = {isa = PBXBuildFile; fileRef = E3954559202558E5000BBA0D /* protos.txt */; }; + E395455E202558E6000BBA0D /* ndpi_util.c in Sources */ = {isa = PBXBuildFile; fileRef = E395455A202558E5000BBA0D /* ndpi_util.c */; }; + E395455F202558E6000BBA0D /* ndpiReader.c in Sources */ = {isa = PBXBuildFile; fileRef = E395455C202558E5000BBA0D /* ndpiReader.c */; }; + E395478F20269F43000BBA0D /* libpcap.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = E395478E20269F43000BBA0D /* libpcap.tbd */; }; + E39547902026A51A000BBA0D /* ahocorasick.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430020255354000BBA0D /* ahocorasick.c */; }; + E39547942026B2AA000BBA0D /* capture.pcap in Resources */ = {isa = PBXBuildFile; fileRef = E39547932026B2A9000BBA0D /* capture.pcap */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + E3953F4F20254989000BBA0D /* ndpiExample.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = ndpiExample.app; sourceTree = BUILT_PRODUCTS_DIR; }; + E3953F5220254989000BBA0D /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = ""; }; + E3953F5320254989000BBA0D /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = ""; }; + E3953F5520254989000BBA0D /* ViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ViewController.h; sourceTree = ""; }; + E3953F5620254989000BBA0D /* ViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ViewController.m; sourceTree = ""; }; + E3953F5820254989000BBA0D /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + E3953F5B2025498A000BBA0D /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; + E3953F5D2025498A000BBA0D /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; + E3953F5E2025498A000BBA0D /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; + E3953F602025498A000BBA0D /* ndpiExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = ndpiExample.entitlements; sourceTree = ""; }; + E39540A520255353000BBA0D /* Makefile.am */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.am; sourceTree = ""; }; + E39540A620255353000BBA0D /* ndpi_api.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_api.h; sourceTree = ""; }; + E39540A720255353000BBA0D /* ndpi_define.h.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = ndpi_define.h.in; sourceTree = ""; }; + E39540A820255353000BBA0D /* ndpi_includes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_includes.h; sourceTree = ""; }; + E39540A920255353000BBA0D /* ndpi_main.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_main.h; sourceTree = ""; }; + E39540AA20255353000BBA0D /* ndpi_protocol_ids.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_protocol_ids.h; sourceTree = ""; }; + E39540AB20255353000BBA0D /* ndpi_protocols.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_protocols.h; sourceTree = ""; }; + E39540AC20255353000BBA0D /* ndpi_typedefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_typedefs.h; sourceTree = ""; }; + E39540AD20255353000BBA0D /* ndpi_unix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_unix.h; sourceTree = ""; }; + E39540AE20255353000BBA0D /* ndpi_win32.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_win32.h; sourceTree = ""; }; + E39540BC20255353000BBA0D /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = ""; }; + E39540BD20255353000BBA0D /* Makefile.am */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.am; sourceTree = ""; }; + E39540BE20255353000BBA0D /* Makefile.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.in; sourceTree = ""; }; + E39540BF20255353000BBA0D /* Makefile.simple */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.simple; sourceTree = ""; }; + E39540C020255353000BBA0D /* ndpi_content_match.c.inc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.pascal; path = ndpi_content_match.c.inc; sourceTree = ""; }; + E39540C120255353000BBA0D /* ndpi_main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ndpi_main.c; sourceTree = ""; }; + E39540C520255353000BBA0D /* .dirstamp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .dirstamp; sourceTree = ""; }; + E395414B20255353000BBA0D /* afp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = afp.c; sourceTree = ""; }; + E395414C20255353000BBA0D /* aimini.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = aimini.c; sourceTree = ""; }; + E395414D20255353000BBA0D /* amqp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = amqp.c; sourceTree = ""; }; + E395414E20255353000BBA0D /* apple_push.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = apple_push.c; sourceTree = ""; }; + E395414F20255353000BBA0D /* applejuice.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = applejuice.c; sourceTree = ""; }; + E395415020255353000BBA0D /* armagetron.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = armagetron.c; sourceTree = ""; }; + E395415220255353000BBA0D /* flash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = flash.c; sourceTree = ""; }; + E395415320255353000BBA0D /* ftp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ftp.c; sourceTree = ""; }; + E395415420255353000BBA0D /* manolito.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = manolito.c; sourceTree = ""; }; + E395415520255353000BBA0D /* popo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = popo.c; sourceTree = ""; }; + E395415620255353000BBA0D /* secondlife.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secondlife.c; sourceTree = ""; }; + E395415720255353000BBA0D /* ayiya.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ayiya.c; sourceTree = ""; }; + E395415820255353000BBA0D /* battlefield.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = battlefield.c; sourceTree = ""; }; + E395415920255353000BBA0D /* bgp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bgp.c; sourceTree = ""; }; + E395415A20255353000BBA0D /* bittorrent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bittorrent.c; sourceTree = ""; }; + E395415B20255353000BBA0D /* bjnp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bjnp.c; sourceTree = ""; }; + E395415C20255353000BBA0D /* btlib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = btlib.c; sourceTree = ""; }; + E395415D20255353000BBA0D /* btlib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = btlib.h; sourceTree = ""; }; + E395415E20255353000BBA0D /* checkmk.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = checkmk.c; sourceTree = ""; }; + E395415F20255353000BBA0D /* ciscovpn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ciscovpn.c; sourceTree = ""; }; + E395416020255353000BBA0D /* citrix.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = citrix.c; sourceTree = ""; }; + E395416120255353000BBA0D /* coap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = coap.c; sourceTree = ""; }; + E395416220255353000BBA0D /* collectd.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = collectd.c; sourceTree = ""; }; + E395416320255353000BBA0D /* corba.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = corba.c; sourceTree = ""; }; + E395416420255353000BBA0D /* crossfire.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crossfire.c; sourceTree = ""; }; + E395416520255353000BBA0D /* csgo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = csgo.c; sourceTree = ""; }; + E395416620255353000BBA0D /* dcerpc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dcerpc.c; sourceTree = ""; }; + E395416720255353000BBA0D /* dhcp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dhcp.c; sourceTree = ""; }; + E395416820255353000BBA0D /* dhcpv6.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dhcpv6.c; sourceTree = ""; }; + E395416920255353000BBA0D /* diameter.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = diameter.c; sourceTree = ""; }; + E395416A20255353000BBA0D /* directconnect.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = directconnect.c; sourceTree = ""; }; + E395416B20255353000BBA0D /* directdownloadlink.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = directdownloadlink.c; sourceTree = ""; }; + E395416C20255353000BBA0D /* dns.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dns.c; sourceTree = ""; }; + E395416D20255353000BBA0D /* dofus.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dofus.c; sourceTree = ""; }; + E395416E20255353000BBA0D /* drda.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = drda.c; sourceTree = ""; }; + E395416F20255353000BBA0D /* dropbox.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dropbox.c; sourceTree = ""; }; + E395417020255353000BBA0D /* eaq.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = eaq.c; sourceTree = ""; }; + E395417120255353000BBA0D /* edonkey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = edonkey.c; sourceTree = ""; }; + E395417220255353000BBA0D /* fasttrack.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fasttrack.c; sourceTree = ""; }; + E395417320255353000BBA0D /* fiesta.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fiesta.c; sourceTree = ""; }; + E395417420255353000BBA0D /* filetopia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = filetopia.c; sourceTree = ""; }; + E395417520255353000BBA0D /* fix.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fix.c; sourceTree = ""; }; + E395417620255353000BBA0D /* florensia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = florensia.c; sourceTree = ""; }; + E395417720255353000BBA0D /* ftp_control.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ftp_control.c; sourceTree = ""; }; + E395417820255353000BBA0D /* ftp_data.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ftp_data.c; sourceTree = ""; }; + E395417920255353000BBA0D /* git.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = git.c; sourceTree = ""; }; + E395417A20255353000BBA0D /* gnutella.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = gnutella.c; sourceTree = ""; }; + E395417B20255353000BBA0D /* gtp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = gtp.c; sourceTree = ""; }; + E395417C20255353000BBA0D /* guildwars.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = guildwars.c; sourceTree = ""; }; + E395417D20255353000BBA0D /* h323.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = h323.c; sourceTree = ""; }; + E395417E20255353000BBA0D /* halflife2_and_mods.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = halflife2_and_mods.c; sourceTree = ""; }; + E395417F20255353000BBA0D /* hangout.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = hangout.c; sourceTree = ""; }; + E395418020255353000BBA0D /* hep.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = hep.c; sourceTree = ""; }; + E395418120255353000BBA0D /* http.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = http.c; sourceTree = ""; }; + E395418220255353000BBA0D /* http_activesync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = http_activesync.c; sourceTree = ""; }; + E395418320255353000BBA0D /* iax.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = iax.c; sourceTree = ""; }; + E395418420255353000BBA0D /* icecast.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = icecast.c; sourceTree = ""; }; + E395418520255353000BBA0D /* ipp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ipp.c; sourceTree = ""; }; + E395418620255353000BBA0D /* irc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = irc.c; sourceTree = ""; }; + E395418720255353000BBA0D /* jabber.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = jabber.c; sourceTree = ""; }; + E395418820255353000BBA0D /* kakaotalk_voice.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kakaotalk_voice.c; sourceTree = ""; }; + E395418920255353000BBA0D /* kerberos.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kerberos.c; sourceTree = ""; }; + E395418A20255353000BBA0D /* kontiki.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kontiki.c; sourceTree = ""; }; + E395418B20255353000BBA0D /* ldap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ldap.c; sourceTree = ""; }; + E395429420255354000BBA0D /* lisp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = lisp.c; sourceTree = ""; }; + E395429520255354000BBA0D /* lotus_notes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = lotus_notes.c; sourceTree = ""; }; + E395429620255354000BBA0D /* mail_imap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mail_imap.c; sourceTree = ""; }; + E395429720255354000BBA0D /* mail_pop.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mail_pop.c; sourceTree = ""; }; + E395429820255354000BBA0D /* mail_smtp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mail_smtp.c; sourceTree = ""; }; + E395429920255354000BBA0D /* maplestory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = maplestory.c; sourceTree = ""; }; + E395429A20255354000BBA0D /* mdns.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mdns.c; sourceTree = ""; }; + E395429B20255354000BBA0D /* megaco.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = megaco.c; sourceTree = ""; }; + E395429C20255354000BBA0D /* mgcp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mgcp.c; sourceTree = ""; }; + E395429D20255354000BBA0D /* mms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mms.c; sourceTree = ""; }; + E395429E20255354000BBA0D /* mpegts.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mpegts.c; sourceTree = ""; }; + E395429F20255354000BBA0D /* mqtt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mqtt.c; sourceTree = ""; }; + E39542A020255354000BBA0D /* msn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = msn.c; sourceTree = ""; }; + E39542A120255354000BBA0D /* mssql_tds.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mssql_tds.c; sourceTree = ""; }; + E39542A220255354000BBA0D /* mysql.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mysql.c; sourceTree = ""; }; + E39542A320255354000BBA0D /* netbios.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = netbios.c; sourceTree = ""; }; + E39542A420255354000BBA0D /* netflow.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = netflow.c; sourceTree = ""; }; + E39542A520255354000BBA0D /* nfs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nfs.c; sourceTree = ""; }; + E39542A620255354000BBA0D /* nintendo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nintendo.c; sourceTree = ""; }; + E39542A720255354000BBA0D /* noe.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = noe.c; sourceTree = ""; }; + E39542A820255354000BBA0D /* non_tcp_udp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = non_tcp_udp.c; sourceTree = ""; }; + E39542A920255354000BBA0D /* ntp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ntp.c; sourceTree = ""; }; + E39542AA20255354000BBA0D /* openft.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = openft.c; sourceTree = ""; }; + E39542AB20255354000BBA0D /* openvpn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = openvpn.c; sourceTree = ""; }; + E39542AC20255354000BBA0D /* oracle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oracle.c; sourceTree = ""; }; + E39542AD20255354000BBA0D /* oscar.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oscar.c; sourceTree = ""; }; + E39542AE20255354000BBA0D /* pando.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pando.c; sourceTree = ""; }; + E39542AF20255354000BBA0D /* pcanywhere.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pcanywhere.c; sourceTree = ""; }; + E39542B020255354000BBA0D /* postgres.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = postgres.c; sourceTree = ""; }; + E39542B120255354000BBA0D /* pplive.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pplive.c; sourceTree = ""; }; + E39542B220255354000BBA0D /* ppstream.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ppstream.c; sourceTree = ""; }; + E39542B320255354000BBA0D /* pptp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pptp.c; sourceTree = ""; }; + E39542B420255354000BBA0D /* qq.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = qq.c; sourceTree = ""; }; + E39542B520255354000BBA0D /* quic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = quic.c; sourceTree = ""; }; + E39542B620255354000BBA0D /* radius.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = radius.c; sourceTree = ""; }; + E39542B720255354000BBA0D /* rdp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rdp.c; sourceTree = ""; }; + E39542B820255354000BBA0D /* redis_net.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = redis_net.c; sourceTree = ""; }; + E39542B920255354000BBA0D /* rsync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsync.c; sourceTree = ""; }; + E39542BA20255354000BBA0D /* rtcp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rtcp.c; sourceTree = ""; }; + E39542BB20255354000BBA0D /* rtmp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rtmp.c; sourceTree = ""; }; + E39542BC20255354000BBA0D /* rtp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rtp.c; sourceTree = ""; }; + E39542BD20255354000BBA0D /* rtsp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rtsp.c; sourceTree = ""; }; + E39542BE20255354000BBA0D /* rx.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rx.c; sourceTree = ""; }; + E39542BF20255354000BBA0D /* sflow.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sflow.c; sourceTree = ""; }; + E39542C020255354000BBA0D /* shoutcast.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = shoutcast.c; sourceTree = ""; }; + E39542C120255354000BBA0D /* sip.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sip.c; sourceTree = ""; }; + E39542C220255354000BBA0D /* skinny.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = skinny.c; sourceTree = ""; }; + E39542C320255354000BBA0D /* skype.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = skype.c; sourceTree = ""; }; + E39542C420255354000BBA0D /* smb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = smb.c; sourceTree = ""; }; + E39542C520255354000BBA0D /* smpp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = smpp.c; sourceTree = ""; }; + E39542C620255354000BBA0D /* snmp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = snmp.c; sourceTree = ""; }; + E39542C720255354000BBA0D /* socks45.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = socks45.c; sourceTree = ""; }; + E39542C820255354000BBA0D /* socrates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = socrates.c; sourceTree = ""; }; + E39542C920255354000BBA0D /* someip.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = someip.c; sourceTree = ""; }; + E39542CA20255354000BBA0D /* sopcast.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sopcast.c; sourceTree = ""; }; + E39542CB20255354000BBA0D /* soulseek.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = soulseek.c; sourceTree = ""; }; + E39542CC20255354000BBA0D /* spotify.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = spotify.c; sourceTree = ""; }; + E39542CD20255354000BBA0D /* ssdp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ssdp.c; sourceTree = ""; }; + E39542CE20255354000BBA0D /* ssh.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ssh.c; sourceTree = ""; }; + E39542CF20255354000BBA0D /* ssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ssl.c; sourceTree = ""; }; + E39542D020255354000BBA0D /* starcraft.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = starcraft.c; sourceTree = ""; }; + E39542D120255354000BBA0D /* stealthnet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = stealthnet.c; sourceTree = ""; }; + E39542D220255354000BBA0D /* steam.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = steam.c; sourceTree = ""; }; + E39542D320255354000BBA0D /* stun.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = stun.c; sourceTree = ""; }; + E39542D420255354000BBA0D /* syslog.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = syslog.c; sourceTree = ""; }; + E39542D520255354000BBA0D /* tcp_udp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tcp_udp.c; sourceTree = ""; }; + E39542D620255354000BBA0D /* teamspeak.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = teamspeak.c; sourceTree = ""; }; + E39542D720255354000BBA0D /* teamviewer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = teamviewer.c; sourceTree = ""; }; + E39542D820255354000BBA0D /* telegram.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = telegram.c; sourceTree = ""; }; + E39542D920255354000BBA0D /* telnet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = telnet.c; sourceTree = ""; }; + E39542DA20255354000BBA0D /* teredo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = teredo.c; sourceTree = ""; }; + E39542DB20255354000BBA0D /* tftp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tftp.c; sourceTree = ""; }; + E39542DC20255354000BBA0D /* thunder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = thunder.c; sourceTree = ""; }; + E39542DD20255354000BBA0D /* tinc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tinc.c; sourceTree = ""; }; + E39542DE20255354000BBA0D /* tor.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tor.c; sourceTree = ""; }; + E39542DF20255354000BBA0D /* tvants.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tvants.c; sourceTree = ""; }; + E39542E020255354000BBA0D /* tvuplayer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tvuplayer.c; sourceTree = ""; }; + E39542E120255354000BBA0D /* ubntac2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ubntac2.c; sourceTree = ""; }; + E39542E220255354000BBA0D /* usenet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = usenet.c; sourceTree = ""; }; + E39542E320255354000BBA0D /* vhua.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = vhua.c; sourceTree = ""; }; + E39542E420255354000BBA0D /* viber.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = viber.c; sourceTree = ""; }; + E39542E520255354000BBA0D /* vmware.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = vmware.c; sourceTree = ""; }; + E39542E620255354000BBA0D /* vnc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = vnc.c; sourceTree = ""; }; + E39542E720255354000BBA0D /* warcraft3.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = warcraft3.c; sourceTree = ""; }; + E39542E820255354000BBA0D /* whoisdas.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = whoisdas.c; sourceTree = ""; }; + E39542E920255354000BBA0D /* world_of_kung_fu.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = world_of_kung_fu.c; sourceTree = ""; }; + E39542EA20255354000BBA0D /* world_of_warcraft.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = world_of_warcraft.c; sourceTree = ""; }; + E39542EB20255354000BBA0D /* xbox.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = xbox.c; sourceTree = ""; }; + E39542EC20255354000BBA0D /* xdmcp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = xdmcp.c; sourceTree = ""; }; + E39542ED20255354000BBA0D /* yahoo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = yahoo.c; sourceTree = ""; }; + E39542EE20255354000BBA0D /* zattoo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = zattoo.c; sourceTree = ""; }; + E39542EF20255354000BBA0D /* zeromq.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = zeromq.c; sourceTree = ""; }; + E39542F220255354000BBA0D /* actypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = actypes.h; sourceTree = ""; }; + E39542F320255354000BBA0D /* ahocorasick.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ahocorasick.h; sourceTree = ""; }; + E39542F420255354000BBA0D /* libcache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libcache.h; sourceTree = ""; }; + E39542F520255354000BBA0D /* ndpi_patricia.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_patricia.h; sourceTree = ""; }; + E39542F620255354000BBA0D /* node.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = node.h; sourceTree = ""; }; + E39542F720255354000BBA0D /* sort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sort.h; sourceTree = ""; }; + E39542FB20255354000BBA0D /* .dirstamp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .dirstamp; sourceTree = ""; }; + E395430020255354000BBA0D /* ahocorasick.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ahocorasick.c; sourceTree = ""; }; + E395430120255354000BBA0D /* libcache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = libcache.c; sourceTree = ""; }; + E395430820255354000BBA0D /* ndpi_patricia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ndpi_patricia.c; sourceTree = ""; }; + E395430920255354000BBA0D /* node.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = node.c; sourceTree = ""; }; + E395430A20255354000BBA0D /* sort.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sort.c; sourceTree = ""; }; + E395455620255734000BBA0D /* ndpi_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_config.h; sourceTree = ""; }; + E395455720255734000BBA0D /* ndpi_define.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_define.h; sourceTree = ""; }; + E3954558202558E5000BBA0D /* uthash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = uthash.h; path = ../../../uthash.h; sourceTree = ""; }; + E3954559202558E5000BBA0D /* protos.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = protos.txt; path = ../../../protos.txt; sourceTree = ""; }; + E395455A202558E5000BBA0D /* ndpi_util.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ndpi_util.c; path = ../../../ndpi_util.c; sourceTree = ""; }; + E395455B202558E5000BBA0D /* ndpi_util.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ndpi_util.h; path = ../../../ndpi_util.h; sourceTree = ""; }; + E395455C202558E5000BBA0D /* ndpiReader.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ndpiReader.c; path = ../../../ndpiReader.c; sourceTree = ""; }; + E395478E20269F43000BBA0D /* libpcap.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libpcap.tbd; path = usr/lib/libpcap.tbd; sourceTree = SDKROOT; }; + E39547922026AB75000BBA0D /* ndpi_utils.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ndpi_utils.h; sourceTree = ""; }; + E39547932026B2A9000BBA0D /* capture.pcap */ = {isa = PBXFileReference; lastKnownFileType = file; path = capture.pcap; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + E3953F4C20254989000BBA0D /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + E395478F20269F43000BBA0D /* libpcap.tbd in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + E3953F4620254989000BBA0D = { + isa = PBXGroup; + children = ( + E3953F5120254989000BBA0D /* ndpiExample */, + E3953F5020254989000BBA0D /* Products */, + E395478D20269F43000BBA0D /* Frameworks */, + ); + sourceTree = ""; + }; + E3953F5020254989000BBA0D /* Products */ = { + isa = PBXGroup; + children = ( + E3953F4F20254989000BBA0D /* ndpiExample.app */, + ); + name = Products; + sourceTree = ""; + }; + E3953F5120254989000BBA0D /* ndpiExample */ = { + isa = PBXGroup; + children = ( + E3953F5220254989000BBA0D /* AppDelegate.h */, + E3953F5320254989000BBA0D /* AppDelegate.m */, + E3953F5520254989000BBA0D /* ViewController.h */, + E3953F5620254989000BBA0D /* ViewController.m */, + E395455A202558E5000BBA0D /* ndpi_util.c */, + E395455B202558E5000BBA0D /* ndpi_util.h */, + E39547922026AB75000BBA0D /* ndpi_utils.h */, + E395455C202558E5000BBA0D /* ndpiReader.c */, + E3954559202558E5000BBA0D /* protos.txt */, + E39547932026B2A9000BBA0D /* capture.pcap */, + E3954558202558E5000BBA0D /* uthash.h */, + E39540A320255353000BBA0D /* src */, + E3953F5820254989000BBA0D /* Assets.xcassets */, + E3953F5A2025498A000BBA0D /* Main.storyboard */, + E3953F5D2025498A000BBA0D /* Info.plist */, + E3953F5E2025498A000BBA0D /* main.m */, + E3953F602025498A000BBA0D /* ndpiExample.entitlements */, + ); + path = ndpiExample; + sourceTree = ""; + }; + E39540A320255353000BBA0D /* src */ = { + isa = PBXGroup; + children = ( + E39540A420255353000BBA0D /* include */, + E39540AF20255353000BBA0D /* lib */, + ); + name = src; + path = ../../../../src; + sourceTree = ""; + }; + E39540A420255353000BBA0D /* include */ = { + isa = PBXGroup; + children = ( + E395455620255734000BBA0D /* ndpi_config.h */, + E395455720255734000BBA0D /* ndpi_define.h */, + E39540A520255353000BBA0D /* Makefile.am */, + E39540A620255353000BBA0D /* ndpi_api.h */, + E39540A720255353000BBA0D /* ndpi_define.h.in */, + E39540A820255353000BBA0D /* ndpi_includes.h */, + E39540A920255353000BBA0D /* ndpi_main.h */, + E39540AA20255353000BBA0D /* ndpi_protocol_ids.h */, + E39540AB20255353000BBA0D /* ndpi_protocols.h */, + E39540AC20255353000BBA0D /* ndpi_typedefs.h */, + E39540AD20255353000BBA0D /* ndpi_unix.h */, + E39540AE20255353000BBA0D /* ndpi_win32.h */, + ); + path = include; + sourceTree = ""; + }; + E39540AF20255353000BBA0D /* lib */ = { + isa = PBXGroup; + children = ( + E39540BC20255353000BBA0D /* Makefile */, + E39540BD20255353000BBA0D /* Makefile.am */, + E39540BE20255353000BBA0D /* Makefile.in */, + E39540BF20255353000BBA0D /* Makefile.simple */, + E39540C020255353000BBA0D /* ndpi_content_match.c.inc */, + E39540C120255353000BBA0D /* ndpi_main.c */, + E39540C220255353000BBA0D /* protocols */, + E39542F020255354000BBA0D /* third_party */, + ); + path = lib; + sourceTree = ""; + }; + E39540C220255353000BBA0D /* protocols */ = { + isa = PBXGroup; + children = ( + E39540C520255353000BBA0D /* .dirstamp */, + E395414B20255353000BBA0D /* afp.c */, + E395414C20255353000BBA0D /* aimini.c */, + E395414D20255353000BBA0D /* amqp.c */, + E395414E20255353000BBA0D /* apple_push.c */, + E395414F20255353000BBA0D /* applejuice.c */, + E395415020255353000BBA0D /* armagetron.c */, + E395415120255353000BBA0D /* attic */, + E395415720255353000BBA0D /* ayiya.c */, + E395415820255353000BBA0D /* battlefield.c */, + E395415920255353000BBA0D /* bgp.c */, + E395415A20255353000BBA0D /* bittorrent.c */, + E395415B20255353000BBA0D /* bjnp.c */, + E395415C20255353000BBA0D /* btlib.c */, + E395415D20255353000BBA0D /* btlib.h */, + E395415E20255353000BBA0D /* checkmk.c */, + E395415F20255353000BBA0D /* ciscovpn.c */, + E395416020255353000BBA0D /* citrix.c */, + E395416120255353000BBA0D /* coap.c */, + E395416220255353000BBA0D /* collectd.c */, + E395416320255353000BBA0D /* corba.c */, + E395416420255353000BBA0D /* crossfire.c */, + E395416520255353000BBA0D /* csgo.c */, + E395416620255353000BBA0D /* dcerpc.c */, + E395416720255353000BBA0D /* dhcp.c */, + E395416820255353000BBA0D /* dhcpv6.c */, + E395416920255353000BBA0D /* diameter.c */, + E395416A20255353000BBA0D /* directconnect.c */, + E395416B20255353000BBA0D /* directdownloadlink.c */, + E395416C20255353000BBA0D /* dns.c */, + E395416D20255353000BBA0D /* dofus.c */, + E395416E20255353000BBA0D /* drda.c */, + E395416F20255353000BBA0D /* dropbox.c */, + E395417020255353000BBA0D /* eaq.c */, + E395417120255353000BBA0D /* edonkey.c */, + E395417220255353000BBA0D /* fasttrack.c */, + E395417320255353000BBA0D /* fiesta.c */, + E395417420255353000BBA0D /* filetopia.c */, + E395417520255353000BBA0D /* fix.c */, + E395417620255353000BBA0D /* florensia.c */, + E395417720255353000BBA0D /* ftp_control.c */, + E395417820255353000BBA0D /* ftp_data.c */, + E395417920255353000BBA0D /* git.c */, + E395417A20255353000BBA0D /* gnutella.c */, + E395417B20255353000BBA0D /* gtp.c */, + E395417C20255353000BBA0D /* guildwars.c */, + E395417D20255353000BBA0D /* h323.c */, + E395417E20255353000BBA0D /* halflife2_and_mods.c */, + E395417F20255353000BBA0D /* hangout.c */, + E395418020255353000BBA0D /* hep.c */, + E395418120255353000BBA0D /* http.c */, + E395418220255353000BBA0D /* http_activesync.c */, + E395418320255353000BBA0D /* iax.c */, + E395418420255353000BBA0D /* icecast.c */, + E395418520255353000BBA0D /* ipp.c */, + E395418620255353000BBA0D /* irc.c */, + E395418720255353000BBA0D /* jabber.c */, + E395418820255353000BBA0D /* kakaotalk_voice.c */, + E395418920255353000BBA0D /* kerberos.c */, + E395418A20255353000BBA0D /* kontiki.c */, + E395418B20255353000BBA0D /* ldap.c */, + E395429420255354000BBA0D /* lisp.c */, + E395429520255354000BBA0D /* lotus_notes.c */, + E395429620255354000BBA0D /* mail_imap.c */, + E395429720255354000BBA0D /* mail_pop.c */, + E395429820255354000BBA0D /* mail_smtp.c */, + E395429920255354000BBA0D /* maplestory.c */, + E395429A20255354000BBA0D /* mdns.c */, + E395429B20255354000BBA0D /* megaco.c */, + E395429C20255354000BBA0D /* mgcp.c */, + E395429D20255354000BBA0D /* mms.c */, + E395429E20255354000BBA0D /* mpegts.c */, + E395429F20255354000BBA0D /* mqtt.c */, + E39542A020255354000BBA0D /* msn.c */, + E39542A120255354000BBA0D /* mssql_tds.c */, + E39542A220255354000BBA0D /* mysql.c */, + E39542A320255354000BBA0D /* netbios.c */, + E39542A420255354000BBA0D /* netflow.c */, + E39542A520255354000BBA0D /* nfs.c */, + E39542A620255354000BBA0D /* nintendo.c */, + E39542A720255354000BBA0D /* noe.c */, + E39542A820255354000BBA0D /* non_tcp_udp.c */, + E39542A920255354000BBA0D /* ntp.c */, + E39542AA20255354000BBA0D /* openft.c */, + E39542AB20255354000BBA0D /* openvpn.c */, + E39542AC20255354000BBA0D /* oracle.c */, + E39542AD20255354000BBA0D /* oscar.c */, + E39542AE20255354000BBA0D /* pando.c */, + E39542AF20255354000BBA0D /* pcanywhere.c */, + E39542B020255354000BBA0D /* postgres.c */, + E39542B120255354000BBA0D /* pplive.c */, + E39542B220255354000BBA0D /* ppstream.c */, + E39542B320255354000BBA0D /* pptp.c */, + E39542B420255354000BBA0D /* qq.c */, + E39542B520255354000BBA0D /* quic.c */, + E39542B620255354000BBA0D /* radius.c */, + E39542B720255354000BBA0D /* rdp.c */, + E39542B820255354000BBA0D /* redis_net.c */, + E39542B920255354000BBA0D /* rsync.c */, + E39542BA20255354000BBA0D /* rtcp.c */, + E39542BB20255354000BBA0D /* rtmp.c */, + E39542BC20255354000BBA0D /* rtp.c */, + E39542BD20255354000BBA0D /* rtsp.c */, + E39542BE20255354000BBA0D /* rx.c */, + E39542BF20255354000BBA0D /* sflow.c */, + E39542C020255354000BBA0D /* shoutcast.c */, + E39542C120255354000BBA0D /* sip.c */, + E39542C220255354000BBA0D /* skinny.c */, + E39542C320255354000BBA0D /* skype.c */, + E39542C420255354000BBA0D /* smb.c */, + E39542C520255354000BBA0D /* smpp.c */, + E39542C620255354000BBA0D /* snmp.c */, + E39542C720255354000BBA0D /* socks45.c */, + E39542C820255354000BBA0D /* socrates.c */, + E39542C920255354000BBA0D /* someip.c */, + E39542CA20255354000BBA0D /* sopcast.c */, + E39542CB20255354000BBA0D /* soulseek.c */, + E39542CC20255354000BBA0D /* spotify.c */, + E39542CD20255354000BBA0D /* ssdp.c */, + E39542CE20255354000BBA0D /* ssh.c */, + E39542CF20255354000BBA0D /* ssl.c */, + E39542D020255354000BBA0D /* starcraft.c */, + E39542D120255354000BBA0D /* stealthnet.c */, + E39542D220255354000BBA0D /* steam.c */, + E39542D320255354000BBA0D /* stun.c */, + E39542D420255354000BBA0D /* syslog.c */, + E39542D520255354000BBA0D /* tcp_udp.c */, + E39542D620255354000BBA0D /* teamspeak.c */, + E39542D720255354000BBA0D /* teamviewer.c */, + E39542D820255354000BBA0D /* telegram.c */, + E39542D920255354000BBA0D /* telnet.c */, + E39542DA20255354000BBA0D /* teredo.c */, + E39542DB20255354000BBA0D /* tftp.c */, + E39542DC20255354000BBA0D /* thunder.c */, + E39542DD20255354000BBA0D /* tinc.c */, + E39542DE20255354000BBA0D /* tor.c */, + E39542DF20255354000BBA0D /* tvants.c */, + E39542E020255354000BBA0D /* tvuplayer.c */, + E39542E120255354000BBA0D /* ubntac2.c */, + E39542E220255354000BBA0D /* usenet.c */, + E39542E320255354000BBA0D /* vhua.c */, + E39542E420255354000BBA0D /* viber.c */, + E39542E520255354000BBA0D /* vmware.c */, + E39542E620255354000BBA0D /* vnc.c */, + E39542E720255354000BBA0D /* warcraft3.c */, + E39542E820255354000BBA0D /* whoisdas.c */, + E39542E920255354000BBA0D /* world_of_kung_fu.c */, + E39542EA20255354000BBA0D /* world_of_warcraft.c */, + E39542EB20255354000BBA0D /* xbox.c */, + E39542EC20255354000BBA0D /* xdmcp.c */, + E39542ED20255354000BBA0D /* yahoo.c */, + E39542EE20255354000BBA0D /* zattoo.c */, + E39542EF20255354000BBA0D /* zeromq.c */, + ); + path = protocols; + sourceTree = ""; + }; + E395415120255353000BBA0D /* attic */ = { + isa = PBXGroup; + children = ( + E395415220255353000BBA0D /* flash.c */, + E395415320255353000BBA0D /* ftp.c */, + E395415420255353000BBA0D /* manolito.c */, + E395415520255353000BBA0D /* popo.c */, + E395415620255353000BBA0D /* secondlife.c */, + ); + path = attic; + sourceTree = ""; + }; + E39542F020255354000BBA0D /* third_party */ = { + isa = PBXGroup; + children = ( + E39542F120255354000BBA0D /* include */, + E39542F820255354000BBA0D /* src */, + ); + path = third_party; + sourceTree = ""; + }; + E39542F120255354000BBA0D /* include */ = { + isa = PBXGroup; + children = ( + E39542F220255354000BBA0D /* actypes.h */, + E39542F320255354000BBA0D /* ahocorasick.h */, + E39542F420255354000BBA0D /* libcache.h */, + E39542F520255354000BBA0D /* ndpi_patricia.h */, + E39542F620255354000BBA0D /* node.h */, + E39542F720255354000BBA0D /* sort.h */, + ); + path = include; + sourceTree = ""; + }; + E39542F820255354000BBA0D /* src */ = { + isa = PBXGroup; + children = ( + E39542FB20255354000BBA0D /* .dirstamp */, + E395430020255354000BBA0D /* ahocorasick.c */, + E395430120255354000BBA0D /* libcache.c */, + E395430820255354000BBA0D /* ndpi_patricia.c */, + E395430920255354000BBA0D /* node.c */, + E395430A20255354000BBA0D /* sort.c */, + ); + path = src; + sourceTree = ""; + }; + E395478D20269F43000BBA0D /* Frameworks */ = { + isa = PBXGroup; + children = ( + E395478E20269F43000BBA0D /* libpcap.tbd */, + ); + name = Frameworks; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + E3953F4E20254989000BBA0D /* ndpiExample */ = { + isa = PBXNativeTarget; + buildConfigurationList = E3953F632025498A000BBA0D /* Build configuration list for PBXNativeTarget "ndpiExample" */; + buildPhases = ( + E3953F4B20254989000BBA0D /* Sources */, + E3953F4C20254989000BBA0D /* Frameworks */, + E3953F4D20254989000BBA0D /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = ndpiExample; + productName = ndpiExample; + productReference = E3953F4F20254989000BBA0D /* ndpiExample.app */; + productType = "com.apple.product-type.application"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + E3953F4720254989000BBA0D /* Project object */ = { + isa = PBXProject; + attributes = { + LastUpgradeCheck = 0920; + ORGANIZATIONNAME = ZengYingpei; + TargetAttributes = { + E3953F4E20254989000BBA0D = { + CreatedOnToolsVersion = 9.2; + ProvisioningStyle = Automatic; + SystemCapabilities = { + com.apple.Sandbox = { + enabled = 0; + }; + }; + }; + }; + }; + buildConfigurationList = E3953F4A20254989000BBA0D /* Build configuration list for PBXProject "ndpiExample" */; + compatibilityVersion = "Xcode 8.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = E3953F4620254989000BBA0D; + productRefGroup = E3953F5020254989000BBA0D /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + E3953F4E20254989000BBA0D /* ndpiExample */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + E3953F4D20254989000BBA0D /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + E395430C20255354000BBA0D /* ndpi_define.h.in in Resources */, + E395431E20255354000BBA0D /* .dirstamp in Resources */, + E395431A20255354000BBA0D /* Makefile.simple in Resources */, + E395454720255355000BBA0D /* .dirstamp in Resources */, + E395430B20255354000BBA0D /* Makefile.am in Resources */, + E395431920255354000BBA0D /* Makefile.in in Resources */, + E3953F5920254989000BBA0D /* Assets.xcassets in Resources */, + E39547942026B2AA000BBA0D /* capture.pcap in Resources */, + E395455D202558E6000BBA0D /* protos.txt in Resources */, + E3953F5C2025498A000BBA0D /* Main.storyboard in Resources */, + E395431820255354000BBA0D /* Makefile.am in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + E3953F4B20254989000BBA0D /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + E39544F320255354000BBA0D /* mms.c in Sources */, + E39544F220255354000BBA0D /* mgcp.c in Sources */, + E39543B420255354000BBA0D /* checkmk.c in Sources */, + E39543D720255354000BBA0D /* http.c in Sources */, + E39543A420255354000BBA0D /* aimini.c in Sources */, + E39543DD20255354000BBA0D /* jabber.c in Sources */, + E395452820255354000BBA0D /* steam.c in Sources */, + E39543C720255354000BBA0D /* edonkey.c in Sources */, + E39543B520255354000BBA0D /* ciscovpn.c in Sources */, + E39543B120255354000BBA0D /* bittorrent.c in Sources */, + E395452E20255354000BBA0D /* telegram.c in Sources */, + E39543DA20255354000BBA0D /* icecast.c in Sources */, + E395450620255354000BBA0D /* postgres.c in Sources */, + E395451E20255354000BBA0D /* socrates.c in Sources */, + E395450B20255354000BBA0D /* quic.c in Sources */, + E39543A820255354000BBA0D /* armagetron.c in Sources */, + E39543D120255354000BBA0D /* gtp.c in Sources */, + E395452120255354000BBA0D /* soulseek.c in Sources */, + E39543B220255354000BBA0D /* bjnp.c in Sources */, + E39543C820255354000BBA0D /* fasttrack.c in Sources */, + E395452F20255354000BBA0D /* telnet.c in Sources */, + E395452620255354000BBA0D /* starcraft.c in Sources */, + E39543B620255354000BBA0D /* citrix.c in Sources */, + E395451320255354000BBA0D /* rtsp.c in Sources */, + E39543CA20255354000BBA0D /* filetopia.c in Sources */, + E39544F120255354000BBA0D /* megaco.c in Sources */, + E39543A920255354000BBA0D /* flash.c in Sources */, + E39544F820255354000BBA0D /* mysql.c in Sources */, + E395453020255354000BBA0D /* teredo.c in Sources */, + E39543B020255354000BBA0D /* bgp.c in Sources */, + E395454320255355000BBA0D /* yahoo.c in Sources */, + E395453A20255354000BBA0D /* viber.c in Sources */, + E39543A320255354000BBA0D /* afp.c in Sources */, + E39544FB20255354000BBA0D /* nfs.c in Sources */, + E39543D520255354000BBA0D /* hangout.c in Sources */, + E395452A20255354000BBA0D /* syslog.c in Sources */, + E39543C420255354000BBA0D /* drda.c in Sources */, + E39543CD20255354000BBA0D /* ftp_control.c in Sources */, + E395453C20255355000BBA0D /* vnc.c in Sources */, + E39543D820255354000BBA0D /* http_activesync.c in Sources */, + E39544FC20255354000BBA0D /* nintendo.c in Sources */, + E395450220255354000BBA0D /* oracle.c in Sources */, + E395451420255354000BBA0D /* rx.c in Sources */, + E39543DC20255354000BBA0D /* irc.c in Sources */, + E395450320255354000BBA0D /* oscar.c in Sources */, + E39543BC20255354000BBA0D /* dcerpc.c in Sources */, + E395454020255355000BBA0D /* world_of_warcraft.c in Sources */, + E39543A620255354000BBA0D /* apple_push.c in Sources */, + E395451920255354000BBA0D /* skype.c in Sources */, + E39543AC20255354000BBA0D /* popo.c in Sources */, + E39543BF20255354000BBA0D /* diameter.c in Sources */, + E39544FF20255354000BBA0D /* ntp.c in Sources */, + E395453220255354000BBA0D /* thunder.c in Sources */, + E39543C620255354000BBA0D /* eaq.c in Sources */, + E395454C20255355000BBA0D /* libcache.c in Sources */, + E39543E120255354000BBA0D /* ldap.c in Sources */, + E39543C120255354000BBA0D /* directdownloadlink.c in Sources */, + E39544EC20255354000BBA0D /* mail_imap.c in Sources */, + E395450C20255354000BBA0D /* radius.c in Sources */, + E395455F202558E6000BBA0D /* ndpiReader.c in Sources */, + E395451C20255354000BBA0D /* snmp.c in Sources */, + E395452520255354000BBA0D /* ssl.c in Sources */, + E39543D420255354000BBA0D /* halflife2_and_mods.c in Sources */, + E39544F920255354000BBA0D /* netbios.c in Sources */, + E395455520255355000BBA0D /* sort.c in Sources */, + E39543CB20255354000BBA0D /* fix.c in Sources */, + E395450420255354000BBA0D /* pando.c in Sources */, + E395453F20255355000BBA0D /* world_of_kung_fu.c in Sources */, + E39543A520255354000BBA0D /* amqp.c in Sources */, + E395453520255354000BBA0D /* tvants.c in Sources */, + E395450020255354000BBA0D /* openft.c in Sources */, + E39543B720255354000BBA0D /* coap.c in Sources */, + E39543DB20255354000BBA0D /* ipp.c in Sources */, + E39544ED20255354000BBA0D /* mail_pop.c in Sources */, + E395450F20255354000BBA0D /* rsync.c in Sources */, + E395452B20255354000BBA0D /* tcp_udp.c in Sources */, + E39544EE20255354000BBA0D /* mail_smtp.c in Sources */, + E395453820255354000BBA0D /* usenet.c in Sources */, + E39543BA20255354000BBA0D /* crossfire.c in Sources */, + E39544F420255354000BBA0D /* mpegts.c in Sources */, + E395450D20255354000BBA0D /* rdp.c in Sources */, + E39544EA20255354000BBA0D /* lisp.c in Sources */, + E39544EF20255354000BBA0D /* maplestory.c in Sources */, + E39544EB20255354000BBA0D /* lotus_notes.c in Sources */, + E395451F20255354000BBA0D /* someip.c in Sources */, + E39543DF20255354000BBA0D /* kerberos.c in Sources */, + E39543A720255354000BBA0D /* applejuice.c in Sources */, + E395452020255354000BBA0D /* sopcast.c in Sources */, + E39543AD20255354000BBA0D /* secondlife.c in Sources */, + E395450720255354000BBA0D /* pplive.c in Sources */, + E395453120255354000BBA0D /* tftp.c in Sources */, + E39543AF20255354000BBA0D /* battlefield.c in Sources */, + E395451020255354000BBA0D /* rtcp.c in Sources */, + E39543D620255354000BBA0D /* hep.c in Sources */, + E39543E020255354000BBA0D /* kontiki.c in Sources */, + E39544FA20255354000BBA0D /* netflow.c in Sources */, + E395454220255355000BBA0D /* xdmcp.c in Sources */, + E39544F720255354000BBA0D /* mssql_tds.c in Sources */, + E395451A20255354000BBA0D /* smb.c in Sources */, + E39543B820255354000BBA0D /* collectd.c in Sources */, + E395450520255354000BBA0D /* pcanywhere.c in Sources */, + E39547902026A51A000BBA0D /* ahocorasick.c in Sources */, + E395452320255354000BBA0D /* ssdp.c in Sources */, + E395431B20255354000BBA0D /* ndpi_content_match.c.inc in Sources */, + E395450120255354000BBA0D /* openvpn.c in Sources */, + E395453920255354000BBA0D /* vhua.c in Sources */, + E39544F020255354000BBA0D /* mdns.c in Sources */, + E39543C920255354000BBA0D /* fiesta.c in Sources */, + E395454120255355000BBA0D /* xbox.c in Sources */, + E395453D20255355000BBA0D /* warcraft3.c in Sources */, + E39543D220255354000BBA0D /* guildwars.c in Sources */, + E39543AA20255354000BBA0D /* ftp.c in Sources */, + E395450E20255354000BBA0D /* redis_net.c in Sources */, + E395455420255355000BBA0D /* node.c in Sources */, + E39543CE20255354000BBA0D /* ftp_data.c in Sources */, + E395451D20255354000BBA0D /* socks45.c in Sources */, + E395451820255354000BBA0D /* skinny.c in Sources */, + E395453620255354000BBA0D /* tvuplayer.c in Sources */, + E39543CC20255354000BBA0D /* florensia.c in Sources */, + E3953F5720254989000BBA0D /* ViewController.m in Sources */, + E39544F520255354000BBA0D /* mqtt.c in Sources */, + E39543C220255354000BBA0D /* dns.c in Sources */, + E39543B920255354000BBA0D /* corba.c in Sources */, + E39543B320255354000BBA0D /* btlib.c in Sources */, + E3953F5F2025498A000BBA0D /* main.m in Sources */, + E39543CF20255354000BBA0D /* git.c in Sources */, + E395451B20255354000BBA0D /* smpp.c in Sources */, + E395452420255354000BBA0D /* ssh.c in Sources */, + E395451520255354000BBA0D /* sflow.c in Sources */, + E395452220255354000BBA0D /* spotify.c in Sources */, + E39544F620255354000BBA0D /* msn.c in Sources */, + E395451220255354000BBA0D /* rtp.c in Sources */, + E39543BE20255354000BBA0D /* dhcpv6.c in Sources */, + E395453B20255355000BBA0D /* vmware.c in Sources */, + E395452C20255354000BBA0D /* teamspeak.c in Sources */, + E395452D20255354000BBA0D /* teamviewer.c in Sources */, + E39543AB20255354000BBA0D /* manolito.c in Sources */, + E395453E20255355000BBA0D /* whoisdas.c in Sources */, + E39543BB20255354000BBA0D /* csgo.c in Sources */, + E395450A20255354000BBA0D /* qq.c in Sources */, + E395431C20255354000BBA0D /* ndpi_main.c in Sources */, + E39543BD20255354000BBA0D /* dhcp.c in Sources */, + E395454520255355000BBA0D /* zeromq.c in Sources */, + E395453420255354000BBA0D /* tor.c in Sources */, + E39543AE20255354000BBA0D /* ayiya.c in Sources */, + E395451120255354000BBA0D /* rtmp.c in Sources */, + E39544FE20255354000BBA0D /* non_tcp_udp.c in Sources */, + E39543C020255354000BBA0D /* directconnect.c in Sources */, + E39543D020255354000BBA0D /* gnutella.c in Sources */, + E39543D320255354000BBA0D /* h323.c in Sources */, + E395453720255354000BBA0D /* ubntac2.c in Sources */, + E395452720255354000BBA0D /* stealthnet.c in Sources */, + E395453320255354000BBA0D /* tinc.c in Sources */, + E39543D920255354000BBA0D /* iax.c in Sources */, + E395452920255354000BBA0D /* stun.c in Sources */, + E395450920255354000BBA0D /* pptp.c in Sources */, + E39543C320255354000BBA0D /* dofus.c in Sources */, + E395451720255354000BBA0D /* sip.c in Sources */, + E39543DE20255354000BBA0D /* kakaotalk_voice.c in Sources */, + E395431720255354000BBA0D /* Makefile in Sources */, + E395454420255355000BBA0D /* zattoo.c in Sources */, + E39544FD20255354000BBA0D /* noe.c in Sources */, + E395451620255354000BBA0D /* shoutcast.c in Sources */, + E395455E202558E6000BBA0D /* ndpi_util.c in Sources */, + E3953F5420254989000BBA0D /* AppDelegate.m in Sources */, + E39543C520255354000BBA0D /* dropbox.c in Sources */, + E395450820255354000BBA0D /* ppstream.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXVariantGroup section */ + E3953F5A2025498A000BBA0D /* Main.storyboard */ = { + isa = PBXVariantGroup; + children = ( + E3953F5B2025498A000BBA0D /* Base */, + ); + name = Main.storyboard; + sourceTree = ""; + }; +/* End PBXVariantGroup section */ + +/* Begin XCBuildConfiguration section */ + E3953F612025498A000BBA0D /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = "Mac Developer"; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx; + }; + name = Debug; + }; + E3953F622025498A000BBA0D /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = "Mac Developer"; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = NO; + SDKROOT = macosx; + }; + name = Release; + }; + E3953F642025498A000BBA0D /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CODE_SIGN_STYLE = Automatic; + COMBINE_HIDPI_IMAGES = YES; + DEVELOPMENT_TEAM = 5NEA8474R4; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + "APP_HAS_OWN_MAIN=1", + "NDPI_LOG_DEBUG2=NDPI_LOG_DEBUG2_XCODE_PROJ", + ); + INFOPLIST_FILE = ndpiExample/Info.plist; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + PRODUCT_BUNDLE_IDENTIFIER = com.zyingp.ndpiExample; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + E3953F652025498A000BBA0D /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CODE_SIGN_STYLE = Automatic; + COMBINE_HIDPI_IMAGES = YES; + DEVELOPMENT_TEAM = 5NEA8474R4; + GCC_PREPROCESSOR_DEFINITIONS = BUILD_NDPI_IN_XCODE; + INFOPLIST_FILE = ndpiExample/Info.plist; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + PRODUCT_BUNDLE_IDENTIFIER = com.zyingp.ndpiExample; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + E3953F4A20254989000BBA0D /* Build configuration list for PBXProject "ndpiExample" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + E3953F612025498A000BBA0D /* Debug */, + E3953F622025498A000BBA0D /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + E3953F632025498A000BBA0D /* Build configuration list for PBXNativeTarget "ndpiExample" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + E3953F642025498A000BBA0D /* Debug */, + E3953F652025498A000BBA0D /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = E3953F4720254989000BBA0D /* Project object */; +} diff --git a/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 000000000..d2df2968d --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/example/MacOS/ndpiExample/ndpiExample/AppDelegate.h b/example/MacOS/ndpiExample/ndpiExample/AppDelegate.h new file mode 100644 index 000000000..73b18fcdc --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/AppDelegate.h @@ -0,0 +1,29 @@ +/* + * + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#import + +@interface AppDelegate : NSObject + + +@end + diff --git a/example/MacOS/ndpiExample/ndpiExample/AppDelegate.m b/example/MacOS/ndpiExample/ndpiExample/AppDelegate.m new file mode 100644 index 000000000..93f794446 --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/AppDelegate.m @@ -0,0 +1,41 @@ +/* + * + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#import "AppDelegate.h" + +@interface AppDelegate () + +@end + +@implementation AppDelegate + +- (void)applicationDidFinishLaunching:(NSNotification *)aNotification { + // Insert code here to initialize your application +} + + +- (void)applicationWillTerminate:(NSNotification *)aNotification { + // Insert code here to tear down your application +} + + +@end diff --git a/example/MacOS/ndpiExample/ndpiExample/Assets.xcassets/AppIcon.appiconset/Contents.json b/example/MacOS/ndpiExample/ndpiExample/Assets.xcassets/AppIcon.appiconset/Contents.json new file mode 100644 index 000000000..2db2b1c7c --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/Assets.xcassets/AppIcon.appiconset/Contents.json @@ -0,0 +1,58 @@ +{ + "images" : [ + { + "idiom" : "mac", + "size" : "16x16", + "scale" : "1x" + }, + { + "idiom" : "mac", + "size" : "16x16", + "scale" : "2x" + }, + { + "idiom" : "mac", + "size" : "32x32", + "scale" : "1x" + }, + { + "idiom" : "mac", + "size" : "32x32", + "scale" : "2x" + }, + { + "idiom" : "mac", + "size" : "128x128", + "scale" : "1x" + }, + { + "idiom" : "mac", + "size" : "128x128", + "scale" : "2x" + }, + { + "idiom" : "mac", + "size" : "256x256", + "scale" : "1x" + }, + { + "idiom" : "mac", + "size" : "256x256", + "scale" : "2x" + }, + { + "idiom" : "mac", + "size" : "512x512", + "scale" : "1x" + }, + { + "idiom" : "mac", + "size" : "512x512", + "scale" : "2x" + } + ], + "info" : { + "version" : 1, + "author" : "xcode" + } +} \ No newline at end of file diff --git a/example/MacOS/ndpiExample/ndpiExample/Base.lproj/Main.storyboard b/example/MacOS/ndpiExample/ndpiExample/Base.lproj/Main.storyboard new file mode 100644 index 000000000..69e02f235 --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/Base.lproj/Main.storyboard @@ -0,0 +1,732 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Default + + + + + + + Left to Right + + + + + + + Right to Left + + + + + + + + + + + Default + + + + + + + Left to Right + + + + + + + Right to Left + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/example/MacOS/ndpiExample/ndpiExample/ViewController.h b/example/MacOS/ndpiExample/ndpiExample/ViewController.h new file mode 100644 index 000000000..7aeb1fa2d --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/ViewController.h @@ -0,0 +1,29 @@ +/* + * + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#import + +@interface ViewController : NSViewController + + +@end + diff --git a/example/MacOS/ndpiExample/ndpiExample/ViewController.m b/example/MacOS/ndpiExample/ndpiExample/ViewController.m new file mode 100644 index 000000000..2681e3f00 --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/ViewController.m @@ -0,0 +1,101 @@ +/* + * + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#import "ViewController.h" +#include "ndpi_api.h" + +// Declare the orginal_main defined in ndpiReader.c here +extern int orginal_main(int argc, char **argv); + +@implementation ViewController + +- (void)viewDidLoad { + [super viewDidLoad]; + + // Do any additional setup after loading the view. +} + + +- (void)setRepresentedObject:(id)representedObject { + [super setRepresentedObject:representedObject]; + + // Update the view, if already loaded. +} + + +- (IBAction)onRunButtonClicked:(id)sender +{ + char* args[10]; + + // Check the "nDPI_QuickStartGuide.pdf" for comand option explanation. + + /* Following code it to execute below command (remember to change args[2] to + * absolute path): + * ./ndpiReader -i capture.pcap + */ + args[0] = (char*)"ndpiReader"; + args[1] = (char*)"-i"; + NSString* pcap_file = [[NSBundle mainBundle]pathForResource:@"capture" ofType:@"pcap"]; + args[2] = (char*)[pcap_file cStringUsingEncoding:NSUTF8StringEncoding]; + // Change to you pcap file path if you want. + //args[2] = (char*)"/Users/zengyingpei/Documents/code/nDPI/example/MacOS/ndpiExample/ndpiExample/capture.pcap"; + // Remember to change below number of args when you change to other command inputs. + orginal_main(3, args); + + + + /* Following code it to execute below command: + * ./ndpiReader -i en1 -s 10 -p protos.txt + * The process seems to be not support re-entering. You may have to re-run the App. + */ + /* + args[0] = (char*)"ndpiReader"; + args[1] = (char*)"-i"; + args[2] = (char*)"en0"; + args[3] = (char*)"-s"; + args[4] = (char*)"10"; + args[5] = (char*)"-p"; + args[6] = (char*)"/Users/zengyingpei/Documents/code/nDPI/example/protos.txt"; + orginal_main(7, args); + */ +} + + +// In order to fix the missing of NDPI_LOG_DEBUG2 (used in ndpi_main.c), we define +// NDPI_LOG_DEBUG2 as NDPI_LOG_DEBUG2_XCODE_PROJ. + +void vNDPI_LOG_DEBUG2_XCODE_PROJ(struct ndpi_detection_module_struct * ndpi_struct, + const char *format, va_list ap) +{ + vprintf(format, ap); +} + +void NDPI_LOG_DEBUG2_XCODE_PROJ(struct ndpi_detection_module_struct * ndpi_struct, + const char *format, ...) +{ + va_list ap; + va_start (ap, format); + vNDPI_LOG_DEBUG2_XCODE_PROJ(ndpi_struct, format, ap); + va_end (ap); +} + +@end diff --git a/example/MacOS/ndpiExample/ndpiExample/capture.pcap b/example/MacOS/ndpiExample/ndpiExample/capture.pcap new file mode 100644 index 000000000..133df898b Binary files /dev/null and b/example/MacOS/ndpiExample/ndpiExample/capture.pcap differ diff --git a/example/MacOS/ndpiExample/ndpiExample/main.m b/example/MacOS/ndpiExample/ndpiExample/main.m new file mode 100644 index 000000000..83e33bcb9 --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/main.m @@ -0,0 +1,13 @@ +// +// main.m +// ndpiExample +// +// Created by ZengYingpei on 2018/2/3. +// Copyright © 2018年 ZengYingpei. All rights reserved. +// + +#import + +int main(int argc, const char * argv[]) { + return NSApplicationMain(argc, argv); +} diff --git a/example/MacOS/ndpiExample/ndpiExample/ndpiExample.entitlements b/example/MacOS/ndpiExample/ndpiExample/ndpiExample.entitlements new file mode 100644 index 000000000..0c67376eb --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/ndpiExample.entitlements @@ -0,0 +1,5 @@ + + + + + diff --git a/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h b/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h new file mode 100644 index 000000000..88acc7135 --- /dev/null +++ b/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h @@ -0,0 +1,15 @@ +// +// ndpi_utils.h +// ndpiExample +// +// Created by ZengYingpei on 2018/2/4. +// Copyright © 2018年 ZengYingpei. All rights reserved. +// + +#ifndef ndpi_utils_h +#define ndpi_utils_h + +// Empty placeholder head file. Just to make the compilations of protocols/attic/ftp.c and +// protocols/attic/secondlife.c don't break. + +#endif /* ndpi_utils_h */ diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 202de40d4..38ce75b14 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -3135,7 +3135,11 @@ static void produceBpfFilter(char *filePath) { /** @brief MAIN FUNCTION **/ +#ifdef APP_HAS_OWN_MAIN +int orginal_main(int argc, char **argv) { +#else int main(int argc, char **argv) { +#endif int i; automataUnitTest(); -- cgit v1.2.3 From 26e36a19bf5405a453569d47ea9439a1e4c09581 Mon Sep 17 00:00:00 2001 From: ZengYingpei Date: Sun, 4 Feb 2018 14:35:56 +0800 Subject: Unify Copyright declaration for all added files of the Xcode project --- example/MacOS/ndpiExample/ndpiExample/main.m | 28 ++++++++++++++++------ example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h | 28 ++++++++++++++++------ 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/example/MacOS/ndpiExample/ndpiExample/main.m b/example/MacOS/ndpiExample/ndpiExample/main.m index 83e33bcb9..85eb5f7e7 100644 --- a/example/MacOS/ndpiExample/ndpiExample/main.m +++ b/example/MacOS/ndpiExample/ndpiExample/main.m @@ -1,10 +1,24 @@ -// -// main.m -// ndpiExample -// -// Created by ZengYingpei on 2018/2/3. -// Copyright © 2018年 ZengYingpei. All rights reserved. -// +/* + * + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ #import diff --git a/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h b/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h index 88acc7135..54bb7970c 100644 --- a/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h +++ b/example/MacOS/ndpiExample/ndpiExample/ndpi_utils.h @@ -1,10 +1,24 @@ -// -// ndpi_utils.h -// ndpiExample -// -// Created by ZengYingpei on 2018/2/4. -// Copyright © 2018年 ZengYingpei. All rights reserved. -// +/* + * + * Copyright (C) 2011-18 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ #ifndef ndpi_utils_h #define ndpi_utils_h -- cgit v1.2.3 From 5e0880dac64950062f04acd3e2c8cc3dc248dca9 Mon Sep 17 00:00:00 2001 From: ZengYingpei Date: Sun, 4 Feb 2018 15:34:04 +0800 Subject: Reset optind of getopt_long for synthesizing command line input stably in the Xcode project --- example/MacOS/ndpiExample/ndpiExample/ViewController.m | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/example/MacOS/ndpiExample/ndpiExample/ViewController.m b/example/MacOS/ndpiExample/ndpiExample/ViewController.m index 2681e3f00..b18e21e19 100644 --- a/example/MacOS/ndpiExample/ndpiExample/ViewController.m +++ b/example/MacOS/ndpiExample/ndpiExample/ViewController.m @@ -46,6 +46,9 @@ extern int orginal_main(int argc, char **argv); { char* args[10]; + extern int optind; + optind = 1; // reset the parse of getopt_long + // Check the "nDPI_QuickStartGuide.pdf" for comand option explanation. /* Following code it to execute below command (remember to change args[2] to @@ -74,7 +77,9 @@ extern int orginal_main(int argc, char **argv); args[3] = (char*)"-s"; args[4] = (char*)"10"; args[5] = (char*)"-p"; - args[6] = (char*)"/Users/zengyingpei/Documents/code/nDPI/example/protos.txt"; + NSString* proto_file = [[NSBundle mainBundle]pathForResource:@"protos" ofType:@"txt"]; + args[6] = (char*)[proto_file cStringUsingEncoding:NSUTF8StringEncoding]; + //args[6] = (char*)"/Users/zengyingpei/Documents/code/nDPI/example/protos.txt"; orginal_main(7, args); */ } -- cgit v1.2.3 From c3f5307a3d343edef27fb294de24121f09ae167a Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 6 Feb 2018 13:59:42 +0300 Subject: Update libcache Using ndpi_calloc(), ndpi_free() in libcache. Fixing warnings about mixing declaration and code. --- src/lib/third_party/include/libcache.h | 6 +++ src/lib/third_party/src/libcache.c | 73 +++++++++++++++++++--------------- 2 files changed, 46 insertions(+), 33 deletions(-) diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 53632616e..7f84b89ad 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -29,6 +29,10 @@ SOFTWARE. #include +typedef struct cache_entry *cache_entry; + +typedef struct cache_entry_map *cache_entry_map; + /** * @brief Codes representing the result of some functions * @@ -99,5 +103,7 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size); */ void cache_free(cache_t cache); +cache_entry cache_entry_new(void); +cache_entry_map cache_entry_map_new(void); #endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index af53c9813..4479ff54d 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -30,6 +30,7 @@ SOFTWARE. #include #include "libcache.h" +#include "ndpi_api.h" // https://en.wikipedia.org/wiki/Jenkins_hash_function @@ -49,10 +50,6 @@ uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { } -typedef struct cache_entry *cache_entry; - -typedef struct cache_entry_map *cache_entry_map; - struct cache { uint32_t size; uint32_t max_size; @@ -91,19 +88,20 @@ void cache_touch_entry(cache_t cache, cache_entry entry) { } -cache_entry cache_entry_new() { - return (cache_entry) calloc(sizeof(struct cache_entry), 1); +cache_entry cache_entry_new(void) { + return (cache_entry) ndpi_calloc(sizeof(struct cache_entry), 1); } -cache_entry_map cache_entry_map_new() { - return (cache_entry_map) calloc(sizeof(struct cache_entry_map), 1); +cache_entry_map cache_entry_map_new(void) { + return (cache_entry_map) ndpi_calloc(sizeof(struct cache_entry_map), 1); } cache_t cache_new(uint32_t cache_max_size) { + cache_t cache; if(!cache_max_size) { return NULL; } - cache_t cache = (cache_t) calloc(sizeof(struct cache), 1); + cache = (cache_t) ndpi_calloc(sizeof(struct cache), 1); if(!cache) { return NULL; } @@ -111,10 +109,10 @@ cache_t cache_new(uint32_t cache_max_size) { cache->size = 0; cache->max_size = cache_max_size; - cache->map = (cache_entry_map *) calloc(sizeof(cache_entry_map ), cache->max_size); + cache->map = (cache_entry_map *) ndpi_calloc(sizeof(cache_entry_map ), cache->max_size); if(!cache->map) { - free(cache); + ndpi_free(cache); return NULL; } @@ -122,11 +120,15 @@ cache_t cache_new(uint32_t cache_max_size) { } cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + cache_entry entry; + cache_entry_map map_entry; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if((cache->map)[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; @@ -146,20 +148,19 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { } } - - cache_entry entry = cache_entry_new(); + entry = cache_entry_new(); if(!entry) { return CACHE_MALLOC_ERROR; } - cache_entry_map map_entry = cache_entry_map_new(); + map_entry = cache_entry_map_new(); if(!map_entry) { - free(entry); + ndpi_free(entry); return CACHE_MALLOC_ERROR; } - entry->item = malloc(item_size); + entry->item = ndpi_malloc(item_size); memcpy(entry->item, item, item_size); entry->item_size = item_size; @@ -203,9 +204,9 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { tail->prev->next = NULL; cache->tail = tail->prev; - free(tail->item); - free(tail); - free(hash_entry_map); + ndpi_free(tail->item); + ndpi_free(tail); + ndpi_free(hash_entry_map); } } @@ -213,11 +214,13 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { } cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; @@ -237,11 +240,13 @@ cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { } cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { cache_entry_map hash_entry_map_prev = NULL; @@ -256,14 +261,16 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { hash_entry_map = hash_entry_map->next; } - if(hash_entry_map) { + if(hash_entry_map) { + cache_entry entry; + if(hash_entry_map_prev) { hash_entry_map_prev->next = hash_entry_map->next; } else { cache->map[hash] = hash_entry_map->next; } - cache_entry entry = hash_entry_map->entry; + entry = hash_entry_map->entry; if(entry->prev) { entry->prev->next = entry->next; @@ -276,9 +283,9 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { cache->tail = entry->prev; } - free(entry->item); - free(entry); - free(hash_entry_map); + ndpi_free(entry->item); + ndpi_free(entry); + ndpi_free(hash_entry_map); (cache->size)--; return CACHE_NO_ERROR; @@ -289,25 +296,25 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { } void cache_free(cache_t cache) { + int i; if(!cache) { return; } - int i; for(i = 0; i < cache->max_size; i++) { cache_entry_map prev = NULL; cache_entry_map curr = cache->map[i]; while(curr) { prev = curr; curr = curr->next; - free(prev->entry->item); - free(prev->entry); - free(prev); + ndpi_free(prev->entry->item); + ndpi_free(prev->entry); + ndpi_free(prev); } } - free(cache->map); - free(cache); + ndpi_free(cache->map); + ndpi_free(cache); return; } -- cgit v1.2.3 From 0624afd422b7fbdd2b481a299ac9bf62fa9ec706 Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Wed, 7 Feb 2018 16:05:51 +0300 Subject: Added option --enable-debug-messages. The configurator option "--enable-debug-messages" is added to enable debug information output (define NDPI_ENABLE_DEBUG_MESSAGES=1). Mandatory inclusion of the file ndpi_config.h in all the compiled files. --- configure.seed | 4 ++++ src/include/ndpi_main.h | 1 + src/lib/protocols/checkmk.c | 8 ++++++-- src/lib/protocols/non_tcp_udp.c | 4 +++- src/lib/protocols/openft.c | 2 +- 5 files changed, 15 insertions(+), 4 deletions(-) mode change 100755 => 100644 src/lib/protocols/checkmk.c diff --git a/configure.seed b/configure.seed index b6c53cf43..a8ef98f71 100644 --- a/configure.seed +++ b/configure.seed @@ -109,6 +109,10 @@ AS_IF([test "x$enable_json_c" != "xno"], [ ]) ]) +AC_ARG_ENABLE([debug-messages], + AS_HELP_STRING([--enable-debug-messages], [Define NDPI_ENABLE_DEBUG_MESSAGES=1]), [ + AC_DEFINE(NDPI_ENABLE_DEBUG_MESSAGES, 1, [Enable ndpi_debug_messages]) ]) + AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 79eeab8f1..2440060df 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -24,6 +24,7 @@ #ifndef __NDPI_MAIN_H__ #define __NDPI_MAIN_H__ +#include "ndpi_config.h" #include "ndpi_includes.h" #include "ndpi_define.h" #include "ndpi_protocol_ids.h" diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c old mode 100755 new mode 100644 index 50a92c8d5..81ac543b6 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -21,11 +21,15 @@ * * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_CHECKMK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CHECKMK + +#include "ndpi_api.h" + + static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index fa3163e74..a2e0d81f5 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -23,10 +23,12 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #if defined(NDPI_PROTOCOL_IP_IPSEC) || defined(NDPI_PROTOCOL_IP_GRE) || defined(NDPI_PROTOCOL_IP_ICMP) || defined(NDPI_PROTOCOL_IP_IGMP) || defined(NDPI_PROTOCOL_IP_EGP) || defined(NDPI_PROTOCOL_IP_SCTP) || defined(NDPI_PROTOCOL_IP_OSPF) || defined(NDPI_PROTOCOL_IP_IP_IN_IP) +#include "ndpi_api.h" + #define set_protocol_and_bmask(nprot) \ { \ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask,nprot) != 0) \ diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index 4a86a067f..d0b50c8a2 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -28,7 +28,7 @@ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT -#include "ndpi_protocols.h" +#include "ndpi_api.h" static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 344392868bdea23f07c5800ef7c4ac9f7b05706c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 9 Feb 2018 18:24:35 +0100 Subject: Added 179 to the default BGP port list --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8d65a50cf..86d0723e5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -954,7 +954,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, no_master, no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, no_master, -- cgit v1.2.3 From 053dbd73a6c90a93673ee7f4eb46890e7c50c27b Mon Sep 17 00:00:00 2001 From: Yingpei Zeng Date: Sun, 11 Feb 2018 13:58:09 +0800 Subject: [For Xcode project] Change some typos in README.md and add macro definition for release build as well --- example/MacOS/README.md | 6 +++--- .../MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj | 13 ++++--------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/example/MacOS/README.md b/example/MacOS/README.md index b46833395..e7a9f91fc 100644 --- a/example/MacOS/README.md +++ b/example/MacOS/README.md @@ -8,11 +8,11 @@ You need to first compile the nDPI library as usual: Then open the Xcode project and you are ready to go. The default behavior is to analyze an embeded pcap file `capture.pcap`. You can change the behavior by changing command line input in `ViewController.m` file. -# What the XCode project did? +# What does the XCode project do? It's a dummy Mac App project with a **Run** button. It doesn't modify any nDPI code except that it renamed the `main` function to `orginal_main` in `ndpiReader.c` (because the Mac App has it's own main function) and call the `orginal_main` with synthetic command line input from `ViewController.m` file when the **Run** button is clicked. -It also fixes some problems when compiling with Xcode. Somes are listed below: +It also fixes some problems when compiling with Xcode. Some are listed below: - Add missed `NDPI_LOG_DEBUG2` macro definition implementation (defined as `NDPI_LOG_DEBUG2_XCODE_PROJ` in `ViewController.m`) -- Add a empty ndpi_utils.h file to make `protocols/attic/ftp.c` and `protocols/attic/secondlife.c` can compile +- Add an empty ndpi_utils.h file to make `protocols/attic/ftp.c` and `protocols/attic/secondlife.c` can compile - Specially treat `ndpi_patricia.c` by not adding it into compilation source, since it's directly included in `ndpi_main.c` diff --git a/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj index f79eaa8aa..d73d10c05 100644 --- a/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj +++ b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj @@ -20,7 +20,6 @@ E395431A20255354000BBA0D /* Makefile.simple in Resources */ = {isa = PBXBuildFile; fileRef = E39540BF20255353000BBA0D /* Makefile.simple */; }; E395431B20255354000BBA0D /* ndpi_content_match.c.inc in Sources */ = {isa = PBXBuildFile; fileRef = E39540C020255353000BBA0D /* ndpi_content_match.c.inc */; }; E395431C20255354000BBA0D /* ndpi_main.c in Sources */ = {isa = PBXBuildFile; fileRef = E39540C120255353000BBA0D /* ndpi_main.c */; }; - E395431E20255354000BBA0D /* .dirstamp in Resources */ = {isa = PBXBuildFile; fileRef = E39540C520255353000BBA0D /* .dirstamp */; }; E39543A320255354000BBA0D /* afp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414B20255353000BBA0D /* afp.c */; }; E39543A420255354000BBA0D /* aimini.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414C20255353000BBA0D /* aimini.c */; }; E39543A520255354000BBA0D /* amqp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414D20255353000BBA0D /* amqp.c */; }; @@ -176,7 +175,6 @@ E395454320255355000BBA0D /* yahoo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542ED20255354000BBA0D /* yahoo.c */; }; E395454420255355000BBA0D /* zattoo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EE20255354000BBA0D /* zattoo.c */; }; E395454520255355000BBA0D /* zeromq.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EF20255354000BBA0D /* zeromq.c */; }; - E395454720255355000BBA0D /* .dirstamp in Resources */ = {isa = PBXBuildFile; fileRef = E39542FB20255354000BBA0D /* .dirstamp */; }; E395454C20255355000BBA0D /* libcache.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430120255354000BBA0D /* libcache.c */; }; E395455420255355000BBA0D /* node.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430920255354000BBA0D /* node.c */; }; E395455520255355000BBA0D /* sort.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430A20255354000BBA0D /* sort.c */; }; @@ -215,7 +213,6 @@ E39540BF20255353000BBA0D /* Makefile.simple */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.simple; sourceTree = ""; }; E39540C020255353000BBA0D /* ndpi_content_match.c.inc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.pascal; path = ndpi_content_match.c.inc; sourceTree = ""; }; E39540C120255353000BBA0D /* ndpi_main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ndpi_main.c; sourceTree = ""; }; - E39540C520255353000BBA0D /* .dirstamp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .dirstamp; sourceTree = ""; }; E395414B20255353000BBA0D /* afp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = afp.c; sourceTree = ""; }; E395414C20255353000BBA0D /* aimini.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = aimini.c; sourceTree = ""; }; E395414D20255353000BBA0D /* amqp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = amqp.c; sourceTree = ""; }; @@ -378,7 +375,6 @@ E39542F520255354000BBA0D /* ndpi_patricia.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_patricia.h; sourceTree = ""; }; E39542F620255354000BBA0D /* node.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = node.h; sourceTree = ""; }; E39542F720255354000BBA0D /* sort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sort.h; sourceTree = ""; }; - E39542FB20255354000BBA0D /* .dirstamp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .dirstamp; sourceTree = ""; }; E395430020255354000BBA0D /* ahocorasick.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ahocorasick.c; sourceTree = ""; }; E395430120255354000BBA0D /* libcache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = libcache.c; sourceTree = ""; }; E395430820255354000BBA0D /* ndpi_patricia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ndpi_patricia.c; sourceTree = ""; }; @@ -496,7 +492,6 @@ E39540C220255353000BBA0D /* protocols */ = { isa = PBXGroup; children = ( - E39540C520255353000BBA0D /* .dirstamp */, E395414B20255353000BBA0D /* afp.c */, E395414C20255353000BBA0D /* aimini.c */, E395414D20255353000BBA0D /* amqp.c */, @@ -690,7 +685,6 @@ E39542F820255354000BBA0D /* src */ = { isa = PBXGroup; children = ( - E39542FB20255354000BBA0D /* .dirstamp */, E395430020255354000BBA0D /* ahocorasick.c */, E395430120255354000BBA0D /* libcache.c */, E395430820255354000BBA0D /* ndpi_patricia.c */, @@ -772,9 +766,7 @@ buildActionMask = 2147483647; files = ( E395430C20255354000BBA0D /* ndpi_define.h.in in Resources */, - E395431E20255354000BBA0D /* .dirstamp in Resources */, E395431A20255354000BBA0D /* Makefile.simple in Resources */, - E395454720255355000BBA0D /* .dirstamp in Resources */, E395430B20255354000BBA0D /* Makefile.am in Resources */, E395431920255354000BBA0D /* Makefile.in in Resources */, E3953F5920254989000BBA0D /* Assets.xcassets in Resources */, @@ -1106,7 +1098,10 @@ CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = 5NEA8474R4; - GCC_PREPROCESSOR_DEFINITIONS = BUILD_NDPI_IN_XCODE; + GCC_PREPROCESSOR_DEFINITIONS = ( + "APP_HAS_OWN_MAIN=1", + "NDPI_LOG_DEBUG2=NDPI_LOG_DEBUG2_XCODE_PROJ", + ); INFOPLIST_FILE = ndpiExample/Info.plist; LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; PRODUCT_BUNDLE_IDENTIFIER = com.zyingp.ndpiExample; -- cgit v1.2.3 From 12368ba2d5d769cb98b3a3ca43cf9a43eab2c338 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 11 Feb 2018 19:36:13 +0100 Subject: Implemented supporto for GoogleDocs and AmazonVideo Fixed various bugs in detecting Google Drive Improved Spotify support --- src/include/ndpi_protocol_ids.h | 4 +++- src/lib/ndpi_content_match.c.inc | 20 +++++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index acc510d49..39c798161 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -277,9 +277,11 @@ #define NDPI_PROTOCOL_DIAMETER 237 #define NDPI_PROTOCOL_APPLE_PUSH 238 #define NDPI_PROTOCOL_GOOGLE_SERVICES 239 +#define NDPI_PROTOCOL_AMAZON_VIDEO 240 +#define NDPI_PROTOCOL_GOOGLE_DOCS 231 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_SERVICES +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_DOCS #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6ff6220f6..3f04451df 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -802,6 +802,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, + { 0xA93F4940 /* 169.63.73.64/26 */, 26, NDPI_PROTOCOL_TELEGRAM }, /* BitTorrent @@ -7973,6 +7974,9 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { + { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8021,10 +8025,10 @@ ndpi_protocol_match host_match[] = { { ".speedtest.net", NULL, NULL, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - { "drive-thirdparty.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + + { "drive-thirdparty.googleusercontent.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.google.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8071,8 +8075,11 @@ ndpi_protocol_match host_match[] = { /* http://check.googlezip.net/connect [check browser connectivity] */ { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "googleusercontent.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - + { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.google.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + + + { "googleusercontent.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8132,7 +8139,6 @@ ndpi_protocol_match host_match[] = { { ".ytimg.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube-nocookie.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".vevo.com", NULL, NULL, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 52a2c0589e70af753a09962eb4169a2cdaffad8e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 11 Feb 2018 21:11:36 +0100 Subject: Updadate last protocol id Updated tests with new protocols --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 10 +++++----- tests/result/http_ipv6.pcap.out | 8 ++++---- tests/result/mpeg.pcap.out | 2 +- tests/result/wechat.pcap.out | 12 ++++++------ 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 39c798161..c8871509b 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -278,7 +278,7 @@ #define NDPI_PROTOCOL_APPLE_PUSH 238 #define NDPI_PROTOCOL_GOOGLE_SERVICES 239 #define NDPI_PROTOCOL_AMAZON_VIDEO 240 -#define NDPI_PROTOCOL_GOOGLE_DOCS 231 +#define NDPI_PROTOCOL_GOOGLE_DOCS 241 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_DOCS diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 3f04451df..ba44bcd0f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8068,17 +8068,13 @@ ndpi_protocol_match host_match[] = { { "plus.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "plus.url.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* http://check.googlezip.net/connect [check browser connectivity] */ { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.google.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - - + { "googleusercontent.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8088,6 +8084,10 @@ ndpi_protocol_match host_match[] = { { ".gmail.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { "mail.google.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", NULL, NULL, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { ".last.fm", NULL, NULL, "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 37f5ce787..c80f76023 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 1f5020ab6..c69256aec 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.241/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.243/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 8735cc83b..02d754bc5 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -9,10 +9,10 @@ QQ 26 9402 2 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -YouTube 36 9047 2 -Google 92 20878 15 +Google 113 24811 15 LLMNR 12 944 6 WeChat 1251 606425 49 +GoogleDocs 15 5114 2 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] @@ -35,9 +35,9 @@ WeChat 1251 606425 49 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] - 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] - 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] @@ -78,12 +78,12 @@ WeChat 1251 606425 49 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] - 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] - 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 01949c47dacafa0a0fbff6de4d95b66d628cd02d Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 12 Feb 2018 11:08:37 +0100 Subject: Fixed typo --- src/lib/ndpi_content_match.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ba44bcd0f..fee3967d8 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7980,7 +7980,7 @@ ndpi_protocol_match host_match[] = { { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, + { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", NULL, "\\.cloudfront\\.net$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From df54e8b926dcb4ebb3f4bae49197c2d5988464ee Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 12 Feb 2018 21:44:48 +0100 Subject: Improved numeric to protocol conversion --- src/lib/ndpi_main.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 86d0723e5..9840d8715 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4718,9 +4718,13 @@ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { - snprintf(buf, buf_len, "%s.%s", - ndpi_get_proto_name(ndpi_mod, proto.master_protocol), - ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + snprintf(buf, buf_len, "%s.%s", + ndpi_get_proto_name(ndpi_mod, proto.master_protocol), + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + else + snprintf(buf, buf_len, "%s", + ndpi_get_proto_name(ndpi_mod, proto.master_protocol)); } else snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); -- cgit v1.2.3 From 9e47e49adef21b3f1b05898c90038477b277bbaf Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 15 Feb 2018 21:26:38 +0100 Subject: fix wrong increment for MPLS double header --- example/ndpi_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index af83c6d14..104aa4db5 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -855,9 +855,9 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = ETH_P_IP, ip_offset += 4; while(!mpls.mpls.s) { - ip_offset += 4; mpls.u32 = *((uint32_t *) &packet[ip_offset]); mpls.u32 = ntohl(mpls.u32); + ip_offset += 4; } break; case PPPoE: -- cgit v1.2.3 From 6ba79afc2327fded754b6694c5802f34e5fe609d Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 18 Feb 2018 18:45:09 +0100 Subject: autogen.sh: /bin/rm -> rm For portability, don't assume that /bin/rm exists, rely on $PATH lookup instead. This fixes building in sandboxed Nix(pkgs) builds. --- autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh index 18fcf4731..0b6dbfc43 100755 --- a/autogen.sh +++ b/autogen.sh @@ -5,7 +5,7 @@ NDPI_MINOR="3" NDPI_PATCH="0" NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" -/bin/rm -f configure config.h config.h.in src/lib/Makefile.in +rm -f configure config.h config.h.in src/lib/Makefile.in AUTOCONF=$(which autoconf) AUTOMAKE=$(which automake) -- cgit v1.2.3 From be38c3d90e143b2998e41c3b9880405d1733b3b9 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 18 Feb 2018 18:46:04 +0100 Subject: autogen.sh: which -> command -v command -v is a POSIX standard, available in all POSIX sh. which is not. Prefer command -v for portability. --- autogen.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/autogen.sh b/autogen.sh index 0b6dbfc43..b6c256bda 100755 --- a/autogen.sh +++ b/autogen.sh @@ -7,11 +7,11 @@ NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" rm -f configure config.h config.h.in src/lib/Makefile.in -AUTOCONF=$(which autoconf) -AUTOMAKE=$(which automake) -LIBTOOL=$(which libtool) -LIBTOOLIZE=$(which libtoolize) -AUTORECONF=$(which autoreconf) +AUTOCONF=$(command -v autoconf) +AUTOMAKE=$(command -v automake) +LIBTOOL=$(command -v libtool) +LIBTOOLIZE=$(command -v libtoolize) +AUTORECONF=$(command -v autoreconf) if test -z $AUTOCONF; then echo "autoconf is missing: please install it and try again" -- cgit v1.2.3 From 9fa6119f142669e389cc5c1685942e999dbf3353 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 18 Feb 2018 18:47:42 +0100 Subject: autogen.sh: break overlong sed line --- autogen.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh index b6c256bda..9e46d4b64 100755 --- a/autogen.sh +++ b/autogen.sh @@ -33,6 +33,12 @@ if test -z $AUTORECONF; then exit fi -cat configure.seed | sed "s/@NDPI_MAJOR@/$NDPI_MAJOR/g" | sed "s/@NDPI_MINOR@/$NDPI_MINOR/g" | sed "s/@NDPI_PATCH@/$NDPI_PATCH/g" | sed "s/@NDPI_VERSION_SHORT@/$NDPI_VERSION_SHORT/g" > configure.ac +cat configure.seed | sed \ + -e "s/@NDPI_MAJOR@/$NDPI_MAJOR/g" \ + -e "s/@NDPI_MINOR@/$NDPI_MINOR/g" \ + -e "s/@NDPI_PATCH@/$NDPI_PATCH/g" \ + -e "s/@NDPI_VERSION_SHORT@/$NDPI_VERSION_SHORT/g" \ + > configure.ac + autoreconf -ivf ./configure $* -- cgit v1.2.3 From 6e7a1022b21ebb214045e7dbf52b10939cb3d85c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 19 Feb 2018 18:50:23 +0100 Subject: Added PACKAGE_XXX rename to avoid name clashes when nDPI is used inside another project that use the autotools --- autogen.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/autogen.sh b/autogen.sh index 9e46d4b64..efe97ab8a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -41,4 +41,7 @@ cat configure.seed | sed \ > configure.ac autoreconf -ivf +cat configure | sed "s/#define PACKAGE_/#define NDPI_PACKAGE_/g" > configure.tmp +cat configure.tmp > configure + ./configure $* -- cgit v1.2.3 From 06bb9a9c57cc1c6fa4d6a5f88cdeeb40d73a0866 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Feb 2018 07:43:59 +0100 Subject: Remove too strict check for RTP --- src/lib/protocols/rtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index a61e732d2..c6fc29ead 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -122,7 +122,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */ if((packet->udp != NULL) - && (ntohs(packet->udp->source) > 1023) + /* && (ntohs(packet->udp->source) > 1023) */ && (ntohs(packet->udp->dest) > 1023)) ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len); } -- cgit v1.2.3 From 6a9fc935ebd783d987b51f062d89ba20d0e4297e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Feb 2018 08:18:37 +0100 Subject: Added fix for invalid RTP/Skype detection Added change in config.h generated by nDPI to avoid name clashes (the GNU autotools are really outdated) --- autogen.sh | 2 +- src/lib/protocols/rtp.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/autogen.sh b/autogen.sh index efe97ab8a..13bb2d801 100755 --- a/autogen.sh +++ b/autogen.sh @@ -41,7 +41,7 @@ cat configure.seed | sed \ > configure.ac autoreconf -ivf -cat configure | sed "s/#define PACKAGE_/#define NDPI_PACKAGE_/g" > configure.tmp +cat configure | sed "s/#define PACKAGE/#define NDPI_PACKAGE/g" | sed "s/#define VERSION/#define NDPI_VERSION/g" > configure.tmp cat configure.tmp > configure ./configure $* diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index c6fc29ead..2f19acf46 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -82,7 +82,6 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, return; //struct ndpi_packet_struct *packet = &flow->packet; u_int8_t payloadType, payload_type = payload[1] & 0x7F; - u_int32_t *ssid = (u_int32_t*)&payload[8]; /* Check whether this is an RTP flow */ if((payload_len >= 12) @@ -92,7 +91,6 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, || ((payload_type >= 96) && (payload_type <= 127)) /* http://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */ ) - && (*ssid != 0) ) { NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN); -- cgit v1.2.3 From e935ee77bf1802f2bf47afd5d7a27eb1b5116c47 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Feb 2018 08:37:03 +0100 Subject: Updated results after the latest RTP fixes --- tests/result/1kxun.pcap.out | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 6eee247e3..193e09860 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -8,10 +8,10 @@ SSDP 143 36951 13 DHCP 24 8208 5 MPEG 433 185988 2 QQ 28 5216 2 +RTP 2 132 1 SSL 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 -Skype 2 132 1 Google 3 176 1 LLMNR 89 6799 47 1kxun 433 311919 14 @@ -116,7 +116,7 @@ LLMNR 89 6799 47 98 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] 99 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 101 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] + 101 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 87/RTP][2 pkts/132 bytes -> 0 pkts/0 bytes] 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3